grpc 1.34.0 → 1.42.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +978 -2868
- data/etc/roots.pem +592 -899
- data/include/grpc/byte_buffer.h +1 -1
- data/include/grpc/byte_buffer_reader.h +1 -1
- data/include/grpc/compression.h +1 -1
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/endpoint_config.h +43 -0
- data/include/grpc/event_engine/event_engine.h +375 -0
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +98 -0
- data/include/grpc/event_engine/memory_allocator.h +210 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/fork.h +1 -1
- data/include/grpc/grpc.h +49 -4
- data/include/grpc/grpc_posix.h +5 -2
- data/include/grpc/grpc_security.h +127 -14
- data/include/grpc/grpc_security_constants.h +16 -0
- data/include/grpc/impl/codegen/atm.h +5 -3
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
- data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
- data/include/grpc/impl/codegen/atm_windows.h +6 -0
- data/include/grpc/impl/codegen/byte_buffer.h +3 -1
- data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
- data/include/grpc/impl/codegen/compression_types.h +2 -0
- data/include/grpc/impl/codegen/connectivity_state.h +2 -0
- data/include/grpc/impl/codegen/fork.h +2 -0
- data/include/grpc/impl/codegen/gpr_slice.h +2 -0
- data/include/grpc/impl/codegen/gpr_types.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +49 -25
- data/include/grpc/impl/codegen/log.h +2 -2
- data/include/grpc/impl/codegen/port_platform.h +81 -22
- data/include/grpc/impl/codegen/propagation_bits.h +2 -0
- data/include/grpc/impl/codegen/slice.h +2 -0
- data/include/grpc/impl/codegen/status.h +2 -0
- data/include/grpc/impl/codegen/sync.h +8 -5
- data/include/grpc/impl/codegen/sync_abseil.h +2 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +3 -0
- data/include/grpc/impl/codegen/sync_posix.h +4 -2
- data/include/grpc/impl/codegen/sync_windows.h +6 -0
- data/include/grpc/module.modulemap +14 -14
- data/include/grpc/slice.h +1 -1
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/status.h +1 -1
- data/include/grpc/support/atm.h +1 -1
- data/include/grpc/support/atm_gcc_atomic.h +1 -1
- data/include/grpc/support/atm_gcc_sync.h +1 -1
- data/include/grpc/support/atm_windows.h +1 -1
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/port_platform.h +1 -1
- data/include/grpc/support/sync.h +4 -4
- data/include/grpc/support/sync_abseil.h +1 -1
- data/include/grpc/support/sync_custom.h +1 -1
- data/include/grpc/support/sync_generic.h +1 -1
- data/include/grpc/support/sync_posix.h +1 -1
- data/include/grpc/support/sync_windows.h +1 -1
- data/include/grpc/support/time.h +9 -9
- data/src/core/ext/filters/census/grpc_context.cc +1 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +20 -24
- data/src/core/ext/filters/client_channel/backup_poller.cc +5 -4
- data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +158 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +2009 -3145
- data/src/core/ext/filters/client_channel/client_channel.h +559 -60
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +2 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +18 -19
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -14
- data/src/core/ext/filters/client_channel/config_selector.cc +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +33 -9
- data/src/core/ext/filters/client_channel/connector.h +19 -19
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +190 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -11
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +53 -50
- data/src/core/ext/filters/client_channel/health/health_check_client.h +35 -33
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +37 -34
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
- data/src/core/ext/filters/client_channel/http_proxy.cc +36 -20
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +12 -21
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +246 -166
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +4 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +5 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +37 -30
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +53 -55
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +757 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +37 -0
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2502 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +16 -18
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +24 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +385 -135
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -8
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +57 -71
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +43 -64
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1362 -0
- data/src/core/ext/filters/client_channel/lb_policy.cc +6 -17
- data/src/core/ext/filters/client_channel/lb_policy.h +93 -93
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -11
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +139 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +76 -88
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -33
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +10 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +26 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +473 -74
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +27 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +45 -35
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +43 -46
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +384 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +22 -35
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +466 -254
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +4 -15
- data/src/core/ext/filters/client_channel/resolver_factory.h +8 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +43 -44
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +42 -252
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +25 -54
- data/src/core/ext/filters/client_channel/retry_filter.cc +2573 -0
- data/src/core/ext/filters/{workarounds/workaround_cronet_compression_filter.h → client_channel/retry_filter.h} +9 -6
- data/src/core/ext/filters/client_channel/retry_service_config.cc +316 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +20 -49
- data/src/core/ext/filters/client_channel/retry_throttle.h +3 -1
- data/src/core/ext/filters/client_channel/server_address.cc +10 -1
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +54 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +179 -329
- data/src/core/ext/filters/client_channel/subchannel.h +101 -158
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +38 -9
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +21 -10
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +47 -223
- data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
- data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +33 -34
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +503 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +181 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +77 -69
- data/src/core/ext/filters/http/client_authority_filter.cc +19 -19
- data/src/core/ext/filters/http/http_filters_plugin.cc +53 -68
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +42 -35
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +29 -30
- data/src/core/ext/filters/http/server/http_server_filter.cc +104 -95
- data/src/core/ext/filters/max_age/max_age_filter.cc +71 -68
- data/src/core/ext/filters/message_size/message_size_filter.cc +43 -41
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -2
- data/src/core/ext/{filters/client_channel → service_config}/service_config.cc +17 -16
- data/src/core/ext/{filters/client_channel → service_config}/service_config.h +11 -10
- data/src/core/ext/{filters/client_channel → service_config}/service_config_call_data.h +23 -19
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.cc +9 -9
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.h +15 -10
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +37 -23
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +9 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +42 -35
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +32 -16
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +51 -62
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +664 -236
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -5
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +25 -11
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +61 -22
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +264 -223
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +16 -2
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +5 -6
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +59 -40
- data/src/core/ext/transport/chttp2/transport/flow_control.h +23 -17
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +28 -24
- data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +21 -20
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +8 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -15
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +49 -17
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +22 -19
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +311 -665
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +240 -70
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +865 -1172
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +100 -81
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +146 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +137 -0
- data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
- data/src/core/{lib/transport/authority_override.h → ext/transport/chttp2/transport/hpack_utils.h} +8 -12
- data/src/core/ext/transport/chttp2/transport/internal.h +40 -33
- data/src/core/ext/transport/chttp2/transport/parsing.cc +156 -286
- data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
- data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
- data/src/core/ext/transport/chttp2/transport/writing.cc +69 -54
- data/src/core/ext/transport/inproc/inproc_transport.cc +204 -160
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1591 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -49
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +245 -56
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +371 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1554 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +66 -21
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +178 -142
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +795 -314
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +21 -7
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +25 -24
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +70 -23
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +29 -29
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +138 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +23 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +147 -75
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +522 -96
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +27 -27
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +116 -49
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +42 -14
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +63 -63
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +228 -63
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +57 -56
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +244 -98
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +125 -57
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +533 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +17 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +15 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +56 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +96 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -17
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +81 -40
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +56 -22
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +223 -34
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +137 -72
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +19 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +48 -38
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +276 -103
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +51 -45
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +203 -62
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +177 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +10 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +55 -22
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +536 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +153 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +550 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +51 -44
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +165 -43
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +35 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +148 -40
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +339 -279
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1466 -543
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +48 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -7
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +32 -6
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +298 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +303 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +123 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +151 -112
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +693 -244
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +52 -32
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +231 -59
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +15 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +51 -28
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +45 -44
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +178 -74
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +58 -51
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +221 -135
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -5
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -5
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -10
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +46 -19
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -4
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +121 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +468 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +205 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +44 -14
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +96 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +10 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +51 -12
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +31 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +41 -4
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +96 -11
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +77 -14
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +30 -5
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +41 -4
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +15 -2
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +2 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +62 -62
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +227 -84
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +86 -69
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +256 -72
- data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
- data/src/core/ext/upb-generated/google/api/http.upb.h +47 -10
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +154 -154
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +645 -320
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +44 -7
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +119 -10
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +18 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +19 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +63 -63
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +220 -87
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +36 -9
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +28 -3
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +146 -35
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +55 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +154 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +41 -4
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -6
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +15 -2
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +2 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +17 -4
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +15 -2
- data/src/core/ext/upb-generated/validate/validate.upb.c +243 -227
- data/src/core/ext/upb-generated/validate/validate.upb.h +626 -253
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +182 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +66 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +155 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +90 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +100 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +178 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +91 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +130 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +83 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -170
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +424 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +120 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +467 -429
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +12 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +156 -109
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +25 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +89 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +156 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +240 -168
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +20 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +37 -20
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +90 -63
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +137 -122
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +136 -120
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +31 -26
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -51
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +748 -681
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +123 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +79 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +435 -379
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +121 -91
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +182 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +163 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +100 -100
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +19 -23
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +4 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +5 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -157
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +75 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
- data/src/core/ext/xds/certificate_provider_store.cc +10 -7
- data/src/core/ext/xds/certificate_provider_store.h +15 -10
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +28 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +3 -6
- data/src/core/ext/xds/xds_api.cc +2654 -808
- data/src/core/ext/xds/xds_api.h +460 -154
- data/src/core/ext/xds/xds_bootstrap.cc +139 -188
- data/src/core/ext/xds/xds_bootstrap.h +34 -18
- data/src/core/ext/xds/xds_certificate_provider.cc +237 -72
- data/src/core/ext/xds/xds_certificate_provider.h +104 -27
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +113 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.h +52 -0
- data/src/core/ext/xds/xds_client.cc +985 -429
- data/src/core/ext/xds/xds_client.h +100 -51
- data/src/core/ext/xds/xds_client_stats.cc +18 -16
- data/src/core/ext/xds/xds_client_stats.h +12 -11
- data/src/core/ext/xds/xds_http_fault_filter.cc +227 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +64 -0
- data/src/core/ext/xds/xds_http_filters.cc +116 -0
- data/src/core/ext/xds/xds_http_filters.h +133 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +544 -0
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +72 -68
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +20 -16
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +131 -15
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +37 -7
- data/src/core/lib/avl/avl.cc +5 -5
- data/src/core/lib/backoff/backoff.cc +1 -1
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_args.cc +34 -15
- data/src/core/lib/channel/channel_args.h +9 -0
- data/src/core/lib/channel/channel_stack.cc +27 -12
- data/src/core/lib/channel/channel_stack.h +18 -10
- data/src/core/lib/channel/channel_stack_builder.cc +6 -16
- data/src/core/lib/channel/channel_stack_builder.h +1 -9
- data/src/core/lib/channel/channel_trace.cc +5 -4
- data/src/core/lib/channel/channel_trace.h +3 -2
- data/src/core/lib/channel/channelz.cc +162 -63
- data/src/core/lib/channel/channelz.h +62 -31
- data/src/core/lib/channel/channelz_registry.cc +22 -7
- data/src/core/lib/channel/channelz_registry.h +1 -2
- data/src/core/lib/channel/connected_channel.cc +6 -7
- data/src/core/lib/channel/connected_channel.h +1 -2
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/handshaker.cc +13 -53
- data/src/core/lib/channel/handshaker.h +7 -25
- data/src/core/lib/channel/handshaker_factory.h +10 -2
- data/src/core/lib/channel/handshaker_registry.cc +15 -70
- data/src/core/lib/channel/handshaker_registry.h +29 -12
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +11 -2
- data/src/core/lib/compression/algorithm_metadata.h +1 -0
- data/src/core/lib/compression/compression.cc +2 -2
- data/src/core/lib/compression/compression_args.cc +11 -7
- data/src/core/lib/compression/compression_internal.cc +4 -6
- data/src/core/lib/compression/compression_internal.h +1 -1
- data/src/core/lib/compression/message_compress.cc +2 -2
- data/src/core/lib/compression/stream_compression.cc +2 -1
- data/src/core/lib/compression/stream_compression.h +3 -2
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/config/core_configuration.cc +96 -0
- data/src/core/lib/config/core_configuration.h +146 -0
- data/src/core/lib/debug/stats.cc +1 -1
- data/src/core/lib/debug/stats.h +4 -3
- data/src/core/lib/debug/stats_data.cc +15 -14
- data/src/core/lib/debug/stats_data.h +14 -13
- data/src/core/lib/debug/trace.cc +1 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/event_engine/endpoint_config.cc +45 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +40 -0
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/alloc.cc +7 -5
- data/src/core/lib/gpr/atm.cc +1 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env_linux.cc +1 -2
- data/src/core/lib/gpr/env_posix.cc +2 -3
- data/src/core/lib/gpr/log.cc +61 -19
- data/src/core/lib/gpr/log_android.cc +3 -2
- data/src/core/lib/gpr/log_linux.cc +10 -5
- data/src/core/lib/gpr/log_posix.cc +9 -4
- data/src/core/lib/gpr/log_windows.cc +3 -1
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +24 -23
- data/src/core/lib/gpr/string.h +7 -8
- data/src/core/lib/gpr/sync.cc +6 -6
- data/src/core/lib/gpr/sync_abseil.cc +10 -12
- data/src/core/lib/gpr/sync_posix.cc +3 -3
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gpr/time.cc +15 -14
- data/src/core/lib/gpr/time_windows.cc +3 -2
- data/src/core/lib/gpr/tls.h +119 -40
- data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
- data/src/core/lib/gpr/useful.h +79 -32
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/arena.cc +2 -1
- data/src/core/lib/gprpp/arena.h +18 -7
- data/src/core/lib/gprpp/atomic_utils.h +47 -0
- data/src/core/lib/gprpp/bitset.h +188 -0
- data/src/core/lib/gprpp/chunked_vector.h +211 -0
- data/src/core/lib/gprpp/construct_destruct.h +39 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +28 -29
- data/src/core/lib/gprpp/fork.cc +14 -12
- data/src/core/lib/gprpp/fork.h +4 -4
- data/src/core/lib/gprpp/global_config.h +1 -2
- data/src/core/lib/gprpp/global_config_env.cc +7 -7
- data/src/core/lib/gprpp/global_config_generic.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +9 -6
- data/src/core/lib/gprpp/match.h +73 -0
- data/src/core/lib/gprpp/memory.h +9 -3
- data/src/core/lib/gprpp/mpscq.cc +9 -9
- data/src/core/lib/gprpp/mpscq.h +6 -5
- data/src/core/lib/gprpp/orphanable.h +6 -6
- data/src/core/lib/gprpp/overload.h +59 -0
- data/src/core/lib/gprpp/ref_counted.h +48 -34
- data/src/core/lib/gprpp/ref_counted_ptr.h +11 -1
- data/src/core/lib/gprpp/status_helper.cc +427 -0
- data/src/core/lib/gprpp/status_helper.h +194 -0
- data/src/core/lib/gprpp/sync.h +106 -43
- data/src/core/lib/gprpp/table.h +411 -0
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/thd_posix.cc +11 -6
- data/src/core/lib/gprpp/thd_windows.cc +7 -12
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/format_request.cc +1 -0
- data/src/core/lib/http/format_request.h +1 -0
- data/src/core/lib/http/httpcli.cc +203 -185
- data/src/core/lib/http/httpcli.h +5 -3
- data/src/core/lib/http/httpcli_security_connector.cc +19 -18
- data/src/core/lib/http/parser.cc +19 -20
- data/src/core/lib/http/parser.h +5 -4
- data/src/core/lib/iomgr/buffer_list.cc +10 -11
- data/src/core/lib/iomgr/buffer_list.h +6 -8
- data/src/core/lib/iomgr/call_combiner.cc +46 -21
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -6
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +25 -36
- data/src/core/lib/iomgr/combiner.h +3 -2
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +1 -5
- data/src/core/lib/iomgr/endpoint.h +3 -5
- data/src/core/lib/iomgr/endpoint_cfstream.cc +27 -39
- data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
- data/src/core/lib/iomgr/endpoint_pair.h +1 -0
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +32 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
- data/src/core/lib/iomgr/error.cc +277 -105
- data/src/core/lib/iomgr/error.h +280 -114
- data/src/core/lib/iomgr/error_cfstream.cc +10 -4
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +7 -2
- data/src/core/lib/iomgr/ev_apple.cc +16 -13
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +53 -53
- data/src/core/lib/iomgr/ev_epollex_linux.cc +81 -81
- data/src/core/lib/iomgr/ev_poll_posix.cc +70 -68
- data/src/core/lib/iomgr/ev_posix.cc +13 -13
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/event_engine/closure.cc +77 -0
- data/src/core/lib/iomgr/event_engine/closure.h +42 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +173 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +52 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +104 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +42 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +88 -0
- data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +114 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +293 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +62 -0
- data/src/core/lib/iomgr/exec_ctx.cc +14 -11
- data/src/core/lib/iomgr/exec_ctx.h +21 -28
- data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
- data/src/core/lib/iomgr/executor/mpmcqueue.h +7 -11
- data/src/core/lib/iomgr/executor/threadpool.cc +4 -5
- data/src/core/lib/iomgr/executor/threadpool.h +5 -4
- data/src/core/lib/iomgr/executor.cc +19 -33
- data/src/core/lib/iomgr/executor.h +3 -3
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr.cc +6 -4
- data/src/core/lib/iomgr/iomgr.h +3 -3
- data/src/core/lib/iomgr/iomgr_custom.cc +3 -3
- data/src/core/lib/iomgr/iomgr_custom.h +2 -2
- data/src/core/lib/iomgr/iomgr_internal.cc +8 -12
- data/src/core/lib/iomgr/iomgr_internal.h +6 -5
- data/src/core/lib/iomgr/iomgr_posix.cc +3 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -13
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -3
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
- data/src/core/lib/iomgr/load_file.cc +6 -6
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +38 -15
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +2 -2
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +10 -11
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +2 -3
- data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +7 -10
- data/src/core/lib/iomgr/python_util.h +4 -3
- data/src/core/lib/iomgr/resolve_address.cc +14 -9
- data/src/core/lib/iomgr/resolve_address.h +12 -10
- data/src/core/lib/iomgr/resolve_address_custom.cc +14 -13
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -14
- data/src/core/lib/iomgr/resolve_address_windows.cc +10 -12
- data/src/core/lib/iomgr/resource_quota.cc +152 -62
- data/src/core/lib/iomgr/resource_quota.h +66 -17
- data/src/core/lib/iomgr/sockaddr.h +2 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +8 -7
- data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +20 -6
- data/src/core/lib/iomgr/socket_mutator.h +27 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +29 -27
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +22 -22
- data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client.cc +5 -3
- data/src/core/lib/iomgr/tcp_client.h +4 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +18 -26
- data/src/core/lib/iomgr/tcp_client_custom.cc +19 -27
- data/src/core/lib/iomgr/tcp_client_posix.cc +56 -47
- data/src/core/lib/iomgr/tcp_client_posix.h +8 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +23 -14
- data/src/core/lib/iomgr/tcp_custom.cc +46 -55
- data/src/core/lib/iomgr/tcp_custom.h +15 -13
- data/src/core/lib/iomgr/tcp_posix.cc +119 -145
- data/src/core/lib/iomgr/tcp_posix.h +19 -12
- data/src/core/lib/iomgr/tcp_server.cc +9 -7
- data/src/core/lib/iomgr/tcp_server.h +18 -14
- data/src/core/lib/iomgr/tcp_server_custom.cc +63 -73
- data/src/core/lib/iomgr/tcp_server_posix.cc +49 -35
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +16 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +22 -20
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +11 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +40 -36
- data/src/core/lib/iomgr/tcp_windows.cc +21 -40
- data/src/core/lib/iomgr/tcp_windows.h +4 -3
- data/src/core/lib/iomgr/timer.cc +1 -0
- data/src/core/lib/iomgr/timer.h +7 -3
- data/src/core/lib/iomgr/timer_custom.cc +7 -6
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +32 -62
- data/src/core/lib/iomgr/timer_generic.h +1 -0
- data/src/core/lib/iomgr/timer_heap.cc +2 -3
- data/src/core/lib/iomgr/timer_manager.cc +4 -4
- data/src/core/lib/iomgr/unix_sockets_posix.cc +21 -24
- data/src/core/lib/iomgr/unix_sockets_posix.h +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +6 -7
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.cc +4 -4
- data/src/core/lib/iomgr/work_serializer.h +18 -2
- data/src/core/lib/json/json.h +11 -1
- data/src/core/lib/json/json_reader.cc +14 -23
- data/src/core/lib/json/json_util.cc +68 -0
- data/src/core/lib/json/json_util.h +65 -115
- data/src/core/lib/json/json_writer.cc +0 -3
- data/src/core/lib/matchers/matchers.cc +327 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/profiling/basic_timers.cc +8 -6
- data/src/core/lib/profiling/stap_timers.cc +2 -2
- data/src/core/lib/security/authorization/authorization_engine.h +13 -53
- data/src/core/lib/security/authorization/authorization_policy_provider.h +33 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +126 -66
- data/src/core/lib/security/authorization/evaluate_args.h +47 -15
- data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +171 -0
- data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
- data/src/core/lib/security/context/security_context.cc +15 -11
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +9 -8
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.cc +16 -14
- data/src/core/lib/security/credentials/credentials.h +11 -5
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +404 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +81 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +20 -14
- data/src/core/lib/security/credentials/external/aws_request_signer.h +2 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +270 -54
- data/src/core/lib/security/credentials/external/external_account_credentials.h +16 -12
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +6 -6
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +26 -26
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +13 -12
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +5 -4
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +92 -31
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +4 -3
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +18 -5
- data/src/core/lib/security/credentials/jwt/json_token.cc +4 -7
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +34 -17
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +13 -5
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +15 -22
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +57 -66
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +11 -9
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +10 -12
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -10
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +12 -15
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +20 -21
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +382 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +74 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +5 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -3
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +3 -2
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_utils.cc +123 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +51 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +20 -12
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +50 -17
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +35 -8
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +4 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +23 -10
- data/src/core/lib/security/security_connector/security_connector.cc +12 -6
- data/src/core/lib/security/security_connector/security_connector.h +10 -5
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +24 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
- data/src/core/lib/security/security_connector/ssl_utils.cc +41 -14
- data/src/core/lib/security/security_connector/ssl_utils.h +16 -23
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +156 -113
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +67 -52
- data/src/core/lib/security/transport/auth_filters.h +1 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +27 -21
- data/src/core/lib/security/transport/secure_endpoint.cc +10 -20
- data/src/core/lib/security/transport/secure_endpoint.h +1 -0
- data/src/core/lib/security/transport/security_handshaker.cc +158 -90
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -16
- data/src/core/lib/security/transport/tsi_error.cc +5 -6
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +8 -10
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/percent_encoding.cc +73 -30
- data/src/core/lib/slice/percent_encoding.h +29 -28
- data/src/core/lib/slice/slice.cc +14 -21
- data/src/core/lib/{gpr/tls_pthread.cc → slice/slice_api.cc} +15 -6
- data/src/core/lib/slice/slice_buffer.cc +6 -7
- data/src/core/lib/slice/slice_intern.cc +19 -27
- data/src/core/lib/slice/slice_internal.h +4 -246
- data/src/core/lib/slice/slice_refcount.cc +17 -0
- data/src/core/lib/slice/slice_refcount.h +121 -0
- data/src/core/lib/slice/slice_refcount_base.h +173 -0
- data/src/core/lib/slice/slice_split.cc +100 -0
- data/src/core/lib/slice/slice_split.h +40 -0
- data/src/core/lib/slice/slice_string_helpers.cc +0 -83
- data/src/core/lib/slice/slice_string_helpers.h +0 -11
- data/src/core/lib/slice/static_slice.cc +529 -0
- data/src/core/lib/slice/static_slice.h +331 -0
- data/src/core/lib/surface/api_trace.cc +2 -1
- data/src/core/lib/surface/api_trace.h +1 -0
- data/src/core/lib/surface/builtins.cc +49 -0
- data/src/core/lib/surface/builtins.h +26 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
- data/src/core/lib/surface/call.cc +198 -186
- data/src/core/lib/surface/call.h +10 -5
- data/src/core/lib/surface/call_details.cc +10 -10
- data/src/core/lib/surface/call_log_batch.cc +2 -2
- data/src/core/lib/surface/channel.cc +57 -51
- data/src/core/lib/surface/channel.h +19 -14
- data/src/core/lib/surface/channel_init.cc +23 -76
- data/src/core/lib/surface/channel_init.h +52 -44
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/channel_stack_type.cc +2 -1
- data/src/core/lib/surface/completion_queue.cc +140 -145
- data/src/core/lib/surface/completion_queue.h +18 -17
- data/src/core/lib/surface/completion_queue_factory.cc +3 -3
- data/src/core/lib/surface/completion_queue_factory.h +1 -0
- data/src/core/lib/surface/event_string.cc +1 -0
- data/src/core/lib/surface/init.cc +18 -65
- data/src/core/lib/surface/init.h +10 -2
- data/src/core/lib/surface/init_secure.cc +36 -14
- data/src/core/lib/surface/lame_client.cc +62 -61
- data/src/core/lib/surface/lame_client.h +5 -0
- data/src/core/lib/surface/metadata_array.cc +2 -2
- data/src/core/lib/surface/server.cc +167 -116
- data/src/core/lib/surface/server.h +140 -40
- data/src/core/lib/surface/validate_metadata.cc +55 -24
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +9 -8
- data/src/core/lib/transport/connectivity_state.cc +9 -6
- data/src/core/lib/transport/connectivity_state.h +8 -6
- data/src/core/lib/transport/error_utils.cc +64 -27
- data/src/core/lib/transport/error_utils.h +13 -7
- data/src/core/lib/transport/metadata.cc +47 -22
- data/src/core/lib/transport/metadata.h +15 -12
- data/src/core/lib/transport/metadata_batch.cc +41 -339
- data/src/core/lib/transport/metadata_batch.h +932 -68
- data/src/core/lib/transport/parsed_metadata.h +263 -0
- data/src/core/lib/transport/pid_controller.cc +4 -4
- data/src/core/lib/transport/static_metadata.cc +715 -847
- data/src/core/lib/transport/static_metadata.h +115 -379
- data/src/core/lib/transport/status_metadata.cc +5 -3
- data/src/core/lib/transport/transport.cc +8 -8
- data/src/core/lib/transport/transport.h +12 -10
- data/src/core/lib/transport/transport_op_string.cc +46 -26
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +101 -44
- data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/crypt/gsec.h +5 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +18 -17
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +27 -33
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +57 -51
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +6 -6
- data/src/core/tsi/fake_transport_security.cc +31 -12
- data/src/core/tsi/local_transport_security.cc +36 -73
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -55
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
- data/src/core/tsi/ssl_transport_security.cc +115 -77
- data/src/core/tsi/ssl_transport_security.h +12 -14
- data/src/core/tsi/transport_security.cc +21 -9
- data/src/core/tsi/transport_security.h +16 -1
- data/src/core/tsi/transport_security_grpc.h +1 -0
- data/src/core/tsi/transport_security_interface.h +27 -1
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +21 -8
- data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
- data/src/ruby/ext/grpc/rb_call.c +5 -5
- data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
- data/src/ruby/ext/grpc/rb_channel.c +19 -8
- data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
- data/src/ruby/ext/grpc/rb_channel_credentials.c +15 -5
- data/src/ruby/ext/grpc/rb_channel_credentials.h +5 -0
- data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
- data/src/ruby/ext/grpc/rb_compression_options.c +6 -5
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +4 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -4
- data/src/ruby/ext/grpc/rb_grpc.h +1 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +24 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +50 -14
- data/src/ruby/ext/grpc/rb_server.c +19 -6
- data/src/ruby/ext/grpc/rb_server_credentials.c +22 -6
- data/src/ruby/ext/grpc/rb_server_credentials.h +5 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +218 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +37 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +170 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +37 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +23 -5
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/client_server_spec.rb +1 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +9 -6
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +54 -48
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +396 -0
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/address_sorting/address_sorting_posix.c +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +756 -724
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +55 -50
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +22 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +269 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +3 -42
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +196 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +35 -86
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +326 -281
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +15 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +20 -75
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +156 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +68 -45
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +49 -65
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +31 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +28 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +15 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +35 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +56 -72
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +56 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +30 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +123 -44
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +30 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +50 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +65 -41
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +93 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +91 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +50 -86
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +400 -325
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +125 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +156 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +345 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +24 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +25 -69
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +54 -74
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +61 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -19
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +23 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +50 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +23 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +27 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +28 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +10 -12
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +27 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +86 -44
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +69 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +1026 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -176
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +63 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +32 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +23 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +10 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +38 -51
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +350 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +33 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +104 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +39 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +406 -108
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +48 -36
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1425 -377
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -679
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +188 -49
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +16 -18
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1084 -0
- data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +847 -622
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +92 -44
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +314 -217
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +177 -35
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +491 -152
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +60 -112
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +136 -104
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +12 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +79 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +235 -178
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +160 -91
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +269 -118
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/re2/re2/compile.cc +91 -109
- data/third_party/re2/re2/dfa.cc +27 -39
- data/third_party/re2/re2/filtered_re2.cc +18 -2
- data/third_party/re2/re2/filtered_re2.h +10 -5
- data/third_party/re2/re2/nfa.cc +1 -1
- data/third_party/re2/re2/parse.cc +42 -23
- data/third_party/re2/re2/perl_groups.cc +34 -34
- data/third_party/re2/re2/prefilter.cc +3 -2
- data/third_party/re2/re2/prog.cc +182 -4
- data/third_party/re2/re2/prog.h +28 -9
- data/third_party/re2/re2/re2.cc +87 -118
- data/third_party/re2/re2/re2.h +156 -141
- data/third_party/re2/re2/regexp.cc +12 -5
- data/third_party/re2/re2/regexp.h +8 -2
- data/third_party/re2/re2/set.cc +31 -9
- data/third_party/re2/re2/set.h +9 -4
- data/third_party/re2/re2/simplify.cc +11 -3
- data/third_party/re2/re2/tostring.cc +1 -1
- data/third_party/re2/re2/walker-inl.h +1 -1
- data/third_party/re2/util/mutex.h +2 -2
- data/third_party/re2/util/pcre.h +3 -3
- data/third_party/upb/upb/decode.c +354 -204
- data/third_party/upb/upb/decode.h +50 -3
- data/third_party/upb/upb/decode_fast.c +1053 -0
- data/third_party/upb/upb/decode_fast.h +153 -0
- data/third_party/upb/upb/decode_internal.h +193 -0
- data/third_party/upb/upb/def.c +609 -610
- data/third_party/upb/upb/def.h +57 -50
- data/third_party/upb/upb/def.hpp +66 -123
- data/third_party/upb/upb/encode.c +267 -176
- data/third_party/upb/upb/encode.h +56 -4
- data/third_party/upb/upb/msg.c +304 -84
- data/third_party/upb/upb/msg.h +76 -441
- data/third_party/upb/upb/msg_internal.h +687 -0
- data/third_party/upb/upb/port_def.inc +156 -82
- data/third_party/upb/upb/port_undef.inc +41 -8
- data/third_party/upb/upb/reflection.c +64 -55
- data/third_party/upb/upb/reflection.h +36 -8
- data/third_party/upb/upb/reflection.hpp +37 -0
- data/third_party/upb/upb/table.c +238 -276
- data/third_party/upb/upb/{table.int.h → table_internal.h} +66 -181
- data/third_party/upb/upb/text_encode.c +77 -26
- data/third_party/upb/upb/text_encode.h +30 -1
- data/third_party/upb/upb/upb.c +75 -47
- data/third_party/upb/upb/upb.h +72 -13
- data/third_party/upb/upb/upb.hpp +28 -4
- data/third_party/upb/upb/upb_internal.h +58 -0
- data/third_party/xxhash/xxhash.h +5325 -0
- metadata +287 -137
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -909
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -210
- data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
- data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
- data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
- data/src/core/ext/transport/chttp2/client/authority.h +0 -36
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -242
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +0 -28
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -117
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -265
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -104
- data/src/core/lib/gpr/arena.h +0 -47
- data/src/core/lib/gpr/tls_gcc.h +0 -52
- data/src/core/lib/gpr/tls_msvc.h +0 -54
- data/src/core/lib/gpr/tls_pthread.h +0 -56
- data/src/core/lib/gpr/tls_stdcpp.h +0 -48
- data/src/core/lib/gprpp/atomic.h +0 -104
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/iomgr/pollset_uv.cc +0 -93
- data/src/core/lib/iomgr/pollset_uv.h +0 -32
- data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
- data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
- data/src/core/lib/iomgr/tcp_uv.cc +0 -419
- data/src/core/lib/iomgr/timer_uv.cc +0 -66
- data/src/core/lib/iomgr/udp_server.cc +0 -748
- data/src/core/lib/iomgr/udp_server.h +0 -104
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/src/core/lib/transport/authority_override.cc +0 -38
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +0 -104
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -237
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
- data/third_party/upb/upb/port.c +0 -26
@@ -267,7 +267,7 @@ OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl);
|
|
267
267
|
// |SSL_set0_rbio| and |SSL_set0_wbio| instead.
|
268
268
|
OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
|
269
269
|
|
270
|
-
// SSL_set0_rbio configures |ssl| to
|
270
|
+
// SSL_set0_rbio configures |ssl| to read from |rbio|. It takes ownership of
|
271
271
|
// |rbio|.
|
272
272
|
//
|
273
273
|
// Note that, although this function and |SSL_set0_wbio| may be called on the
|
@@ -508,12 +508,10 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
|
|
508
508
|
// TODO(davidben): Remove this. It's used by accept BIOs which are bizarre.
|
509
509
|
#define SSL_ERROR_WANT_ACCEPT 8
|
510
510
|
|
511
|
-
// SSL_ERROR_WANT_CHANNEL_ID_LOOKUP
|
512
|
-
// the Channel ID key. The caller may retry the operation when |channel_id_cb|
|
513
|
-
// is ready to return a key or one has been configured with
|
514
|
-
// |SSL_set1_tls_channel_id|.
|
511
|
+
// SSL_ERROR_WANT_CHANNEL_ID_LOOKUP is never used.
|
515
512
|
//
|
516
|
-
//
|
513
|
+
// TODO(davidben): Remove this. Some callers reference it when stringifying
|
514
|
+
// errors. They should use |SSL_error_description| instead.
|
517
515
|
#define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
|
518
516
|
|
519
517
|
// SSL_ERROR_PENDING_SESSION indicates the operation failed because the session
|
@@ -567,6 +565,11 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
|
|
567
565
|
// See also |ssl_renegotiate_explicit|.
|
568
566
|
#define SSL_ERROR_WANT_RENEGOTIATE 19
|
569
567
|
|
568
|
+
// SSL_ERROR_HANDSHAKE_HINTS_READY indicates the handshake has progressed enough
|
569
|
+
// for |SSL_serialize_handshake_hints| to be called. See also
|
570
|
+
// |SSL_request_handshake_hints|.
|
571
|
+
#define SSL_ERROR_HANDSHAKE_HINTS_READY 20
|
572
|
+
|
570
573
|
// SSL_error_description returns a string representation of |err|, where |err|
|
571
574
|
// is one of the |SSL_ERROR_*| constants returned by |SSL_get_error|, or NULL
|
572
575
|
// if the value is unrecognized.
|
@@ -1216,6 +1219,11 @@ enum ssl_private_key_result_t BORINGSSL_ENUM_INT {
|
|
1216
1219
|
// key hooks. This is used to off-load signing operations to a custom,
|
1217
1220
|
// potentially asynchronous, backend. Metadata about the key such as the type
|
1218
1221
|
// and size are parsed out of the certificate.
|
1222
|
+
//
|
1223
|
+
// Callers that use this structure should additionally call
|
1224
|
+
// |SSL_set_signing_algorithm_prefs| or |SSL_CTX_set_signing_algorithm_prefs|
|
1225
|
+
// with the private key's capabilities. This ensures BoringSSL will select a
|
1226
|
+
// suitable signature algorithm for the private key.
|
1219
1227
|
struct ssl_private_key_method_st {
|
1220
1228
|
// sign signs the message |in| in using the specified signature algorithm. On
|
1221
1229
|
// success, it returns |ssl_private_key_success| and writes at most |max_out|
|
@@ -1276,6 +1284,15 @@ OPENSSL_EXPORT void SSL_set_private_key_method(
|
|
1276
1284
|
OPENSSL_EXPORT void SSL_CTX_set_private_key_method(
|
1277
1285
|
SSL_CTX *ctx, const SSL_PRIVATE_KEY_METHOD *key_method);
|
1278
1286
|
|
1287
|
+
// SSL_can_release_private_key returns one if |ssl| will no longer call into the
|
1288
|
+
// private key and zero otherwise. If the function returns one, the caller can
|
1289
|
+
// release state associated with the private key.
|
1290
|
+
//
|
1291
|
+
// NOTE: This function assumes the caller does not use |SSL_clear| to reuse
|
1292
|
+
// |ssl| for a second connection. If |SSL_clear| is used, BoringSSL may still
|
1293
|
+
// use the private key on the second connection.
|
1294
|
+
OPENSSL_EXPORT int SSL_can_release_private_key(const SSL *ssl);
|
1295
|
+
|
1279
1296
|
|
1280
1297
|
// Cipher suites.
|
1281
1298
|
//
|
@@ -1632,6 +1649,11 @@ OPENSSL_EXPORT int SSL_export_keying_material(
|
|
1632
1649
|
// abbreviated handshake. It is reference-counted and immutable. Once
|
1633
1650
|
// established, an |SSL_SESSION| may be shared by multiple |SSL| objects on
|
1634
1651
|
// different threads and must not be modified.
|
1652
|
+
//
|
1653
|
+
// Note the TLS notion of "session" is not suitable for application-level
|
1654
|
+
// session state. It is an optional caching mechanism for the handshake. Not all
|
1655
|
+
// connections within an application-level session will reuse TLS sessions. TLS
|
1656
|
+
// sessions may be dropped by the client or ignored by the server at any time.
|
1635
1657
|
|
1636
1658
|
DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
|
1637
1659
|
|
@@ -1686,6 +1708,19 @@ OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session,
|
|
1686
1708
|
|
1687
1709
|
// SSL_SESSION_get_id returns a pointer to a buffer containing |session|'s
|
1688
1710
|
// session ID and sets |*out_len| to its length.
|
1711
|
+
//
|
1712
|
+
// This function should only be used for implementing a TLS session cache. TLS
|
1713
|
+
// sessions are not suitable for application-level session state, and a session
|
1714
|
+
// ID is an implementation detail of the TLS resumption handshake mechanism. Not
|
1715
|
+
// all resumption flows use session IDs, and not all connections within an
|
1716
|
+
// application-level session will reuse TLS sessions.
|
1717
|
+
//
|
1718
|
+
// To determine if resumption occurred, use |SSL_session_reused| instead.
|
1719
|
+
// Comparing session IDs will not give the right result in all cases.
|
1720
|
+
//
|
1721
|
+
// As a workaround for some broken applications, BoringSSL sometimes synthesizes
|
1722
|
+
// arbitrary session IDs for non-ID-based sessions. This behavior may be
|
1723
|
+
// removed in the future.
|
1689
1724
|
OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
|
1690
1725
|
unsigned *out_len);
|
1691
1726
|
|
@@ -1738,9 +1773,9 @@ OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
|
|
1738
1773
|
// SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret.
|
1739
1774
|
#define SSL_MAX_MASTER_KEY_LENGTH 48
|
1740
1775
|
|
1741
|
-
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s
|
1742
|
-
//
|
1743
|
-
//
|
1776
|
+
// SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s secret
|
1777
|
+
// to |out| and returns the number of bytes written. If |max_out| is zero, it
|
1778
|
+
// returns the size of the secret.
|
1744
1779
|
OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
|
1745
1780
|
uint8_t *out, size_t max_out);
|
1746
1781
|
|
@@ -1779,8 +1814,10 @@ OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session,
|
|
1779
1814
|
// used without leaking a correlator.
|
1780
1815
|
OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session);
|
1781
1816
|
|
1782
|
-
// SSL_SESSION_is_resumable returns one if |session| is
|
1783
|
-
// otherwise.
|
1817
|
+
// SSL_SESSION_is_resumable returns one if |session| is complete and contains a
|
1818
|
+
// session ID or ticket. It returns zero otherwise. Note this function does not
|
1819
|
+
// ensure |session| will be resumed. It may be expired, dropped by the server,
|
1820
|
+
// or associated with incompatible parameters.
|
1784
1821
|
OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session);
|
1785
1822
|
|
1786
1823
|
// SSL_SESSION_has_ticket returns one if |session| has a ticket and zero
|
@@ -2723,8 +2760,9 @@ OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
|
|
2723
2760
|
|
2724
2761
|
// SSL_CTX_set_alpn_protos sets the client ALPN protocol list on |ctx| to
|
2725
2762
|
// |protos|. |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
|
2726
|
-
// length-prefixed strings)
|
2727
|
-
//
|
2763
|
+
// length-prefixed strings), or the empty string to disable ALPN. It returns
|
2764
|
+
// zero on success and one on failure. Configuring a non-empty string enables
|
2765
|
+
// ALPN on a client.
|
2728
2766
|
//
|
2729
2767
|
// WARNING: this function is dangerous because it breaks the usual return value
|
2730
2768
|
// convention.
|
@@ -2733,8 +2771,9 @@ OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
|
|
2733
2771
|
|
2734
2772
|
// SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|.
|
2735
2773
|
// |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
|
2736
|
-
// length-prefixed strings)
|
2737
|
-
//
|
2774
|
+
// length-prefixed strings), or the empty string to disable ALPN. It returns
|
2775
|
+
// zero on success and one on failure. Configuring a non-empty string enables
|
2776
|
+
// ALPN on a client.
|
2738
2777
|
//
|
2739
2778
|
// WARNING: this function is dangerous because it breaks the usual return value
|
2740
2779
|
// convention.
|
@@ -2743,18 +2782,34 @@ OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
|
|
2743
2782
|
|
2744
2783
|
// SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
|
2745
2784
|
// during ClientHello processing in order to select an ALPN protocol from the
|
2746
|
-
// client's list of offered protocols.
|
2747
|
-
// a server.
|
2785
|
+
// client's list of offered protocols.
|
2748
2786
|
//
|
2749
2787
|
// The callback is passed a wire-format (i.e. a series of non-empty, 8-bit
|
2750
|
-
// length-prefixed strings) ALPN protocol list in |in|.
|
2751
|
-
// |*out_len| to the selected protocol and
|
2752
|
-
// success. It does not pass ownership of the
|
2753
|
-
//
|
2754
|
-
//
|
2788
|
+
// length-prefixed strings) ALPN protocol list in |in|. To select a protocol,
|
2789
|
+
// the callback should set |*out| and |*out_len| to the selected protocol and
|
2790
|
+
// return |SSL_TLSEXT_ERR_OK| on success. It does not pass ownership of the
|
2791
|
+
// buffer, so |*out| should point to a static string, a buffer that outlives the
|
2792
|
+
// callback call, or the corresponding entry in |in|.
|
2793
|
+
//
|
2794
|
+
// If the server supports ALPN, but there are no protocols in common, the
|
2795
|
+
// callback should return |SSL_TLSEXT_ERR_ALERT_FATAL| to abort the connection
|
2796
|
+
// with a no_application_protocol alert.
|
2797
|
+
//
|
2798
|
+
// If the server does not support ALPN, it can return |SSL_TLSEXT_ERR_NOACK| to
|
2799
|
+
// continue the handshake without negotiating a protocol. This may be useful if
|
2800
|
+
// multiple server configurations share an |SSL_CTX|, only some of which have
|
2801
|
+
// ALPN protocols configured.
|
2802
|
+
//
|
2803
|
+
// |SSL_TLSEXT_ERR_ALERT_WARNING| is ignored and will be treated as
|
2804
|
+
// |SSL_TLSEXT_ERR_NOACK|.
|
2805
|
+
//
|
2806
|
+
// The callback will only be called if the client supports ALPN. Callers that
|
2807
|
+
// wish to require ALPN for all clients must check |SSL_get0_alpn_selected|
|
2808
|
+
// after the handshake. In QUIC connections, this is done automatically.
|
2755
2809
|
//
|
2756
2810
|
// The cipher suite is selected before negotiating ALPN. The callback may use
|
2757
|
-
// |SSL_get_pending_cipher| to query the cipher suite.
|
2811
|
+
// |SSL_get_pending_cipher| to query the cipher suite. This may be used to
|
2812
|
+
// implement HTTP/2's cipher suite constraints.
|
2758
2813
|
OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
|
2759
2814
|
SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
|
2760
2815
|
const uint8_t *in, unsigned in_len, void *arg),
|
@@ -2823,13 +2878,11 @@ OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl);
|
|
2823
2878
|
|
2824
2879
|
// Certificate compression.
|
2825
2880
|
//
|
2826
|
-
// Certificates in TLS 1.3 can be compressed
|
2827
|
-
// a client and a server, but does not link against any specific
|
2828
|
-
// libraries in order to keep dependencies to a minimum. Instead,
|
2829
|
-
// compression and decompression can be installed in an |SSL_CTX| to
|
2830
|
-
// support.
|
2831
|
-
//
|
2832
|
-
// [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03.
|
2881
|
+
// Certificates in TLS 1.3 can be compressed (RFC 8879). BoringSSL supports this
|
2882
|
+
// as both a client and a server, but does not link against any specific
|
2883
|
+
// compression libraries in order to keep dependencies to a minimum. Instead,
|
2884
|
+
// hooks for compression and decompression can be installed in an |SSL_CTX| to
|
2885
|
+
// enable support.
|
2833
2886
|
|
2834
2887
|
// ssl_cert_compression_func_t is a pointer to a function that performs
|
2835
2888
|
// compression. It must write the compressed representation of |in| to |out|,
|
@@ -2942,15 +2995,16 @@ OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len,
|
|
2942
2995
|
|
2943
2996
|
// Channel ID.
|
2944
2997
|
//
|
2945
|
-
// See draft-balfanz-tls-channelid-01.
|
2998
|
+
// See draft-balfanz-tls-channelid-01. This is an old, experimental mechanism
|
2999
|
+
// and should not be used in new code.
|
2946
3000
|
|
2947
3001
|
// SSL_CTX_set_tls_channel_id_enabled configures whether connections associated
|
2948
|
-
// with |ctx| should enable Channel ID.
|
3002
|
+
// with |ctx| should enable Channel ID as a server.
|
2949
3003
|
OPENSSL_EXPORT void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx,
|
2950
3004
|
int enabled);
|
2951
3005
|
|
2952
3006
|
// SSL_set_tls_channel_id_enabled configures whether |ssl| should enable Channel
|
2953
|
-
// ID.
|
3007
|
+
// ID as a server.
|
2954
3008
|
OPENSSL_EXPORT void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled);
|
2955
3009
|
|
2956
3010
|
// SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID
|
@@ -2964,55 +3018,15 @@ OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx,
|
|
2964
3018
|
// success and zero on error.
|
2965
3019
|
OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key);
|
2966
3020
|
|
2967
|
-
// SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL
|
3021
|
+
// SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL|
|
2968
3022
|
// and copies up to the first |max_out| bytes into |out|. The Channel ID
|
2969
3023
|
// consists of the client's P-256 public key as an (x,y) pair where each is a
|
2970
3024
|
// 32-byte, big-endian field element. It returns 0 if the client didn't offer a
|
2971
|
-
// Channel ID and the length of the complete Channel ID otherwise.
|
3025
|
+
// Channel ID and the length of the complete Channel ID otherwise. This function
|
3026
|
+
// always returns zero if |ssl| is a client.
|
2972
3027
|
OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out,
|
2973
3028
|
size_t max_out);
|
2974
3029
|
|
2975
|
-
// SSL_CTX_set_channel_id_cb sets a callback to be called when a TLS Channel ID
|
2976
|
-
// is requested. The callback may set |*out_pkey| to a key, passing a reference
|
2977
|
-
// to the caller. If none is returned, the handshake will pause and
|
2978
|
-
// |SSL_get_error| will return |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|.
|
2979
|
-
//
|
2980
|
-
// See also |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|.
|
2981
|
-
OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb(
|
2982
|
-
SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey));
|
2983
|
-
|
2984
|
-
// SSL_CTX_get_channel_id_cb returns the callback set by
|
2985
|
-
// |SSL_CTX_set_channel_id_cb|.
|
2986
|
-
OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(
|
2987
|
-
SSL *ssl, EVP_PKEY **out_pkey);
|
2988
|
-
|
2989
|
-
|
2990
|
-
// Token Binding.
|
2991
|
-
//
|
2992
|
-
// See draft-ietf-tokbind-protocol-16.
|
2993
|
-
|
2994
|
-
// SSL_set_token_binding_params sets |params| as the Token Binding Key
|
2995
|
-
// parameters (section 3 of draft-ietf-tokbind-protocol-16) to negotiate on the
|
2996
|
-
// connection. If this function is not called, or if |len| is 0, then this
|
2997
|
-
// endpoint will not attempt to negotiate Token Binding. |params| are provided
|
2998
|
-
// in preference order, with the more preferred parameters at the beginning of
|
2999
|
-
// the list. This function returns 1 on success and 0 on failure.
|
3000
|
-
OPENSSL_EXPORT int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params,
|
3001
|
-
size_t len);
|
3002
|
-
|
3003
|
-
// SSL_is_token_binding_negotiated returns 1 if Token Binding was negotiated
|
3004
|
-
// on this connection and 0 otherwise. On a server, it is possible for this
|
3005
|
-
// function to return 1 when the client's view of the connection is that Token
|
3006
|
-
// Binding was not negotiated. This occurs when the server indicates a version
|
3007
|
-
// of Token Binding less than the client's minimum version.
|
3008
|
-
OPENSSL_EXPORT int SSL_is_token_binding_negotiated(const SSL *ssl);
|
3009
|
-
|
3010
|
-
// SSL_get_negotiated_token_binding_param returns the TokenBindingKeyParameters
|
3011
|
-
// enum value that was negotiated. It is only valid to call this function if
|
3012
|
-
// SSL_is_token_binding_negotiated returned 1, otherwise this function returns
|
3013
|
-
// an undefined value.
|
3014
|
-
OPENSSL_EXPORT uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl);
|
3015
|
-
|
3016
3030
|
|
3017
3031
|
// DTLS-SRTP.
|
3018
3032
|
//
|
@@ -3049,8 +3063,8 @@ OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx,
|
|
3049
3063
|
OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles);
|
3050
3064
|
|
3051
3065
|
// SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|.
|
3052
|
-
OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
|
3053
|
-
SSL *ssl);
|
3066
|
+
OPENSSL_EXPORT const STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
|
3067
|
+
const SSL *ssl);
|
3054
3068
|
|
3055
3069
|
// SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
|
3056
3070
|
// SRTP was not negotiated.
|
@@ -3181,7 +3195,7 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3181
3195
|
//
|
3182
3196
|
// QUIC acts as an underlying transport for the TLS 1.3 handshake. The following
|
3183
3197
|
// functions allow a QUIC implementation to serve as the underlying transport as
|
3184
|
-
// described in
|
3198
|
+
// described in RFC 9001.
|
3185
3199
|
//
|
3186
3200
|
// When configured for QUIC, |SSL_do_handshake| will drive the handshake as
|
3187
3201
|
// before, but it will not use the configured |BIO|. It will call functions on
|
@@ -3201,8 +3215,7 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3201
3215
|
// confirm the handshake. As a client, |SSL_ERROR_EARLY_DATA_REJECTED| and
|
3202
3216
|
// |SSL_reset_early_data_reject| behave as usual.
|
3203
3217
|
//
|
3204
|
-
// See https://
|
3205
|
-
// details.
|
3218
|
+
// See https://www.rfc-editor.org/rfc/rfc9001.html#section-4.1 for more details.
|
3206
3219
|
//
|
3207
3220
|
// To avoid DoS attacks, the QUIC implementation must limit the amount of data
|
3208
3221
|
// being queued up. The implementation can call
|
@@ -3213,7 +3226,8 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
|
|
3213
3226
|
// |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be
|
3214
3227
|
// used to query the value received from the peer. BoringSSL handles this
|
3215
3228
|
// extension as an opaque byte string. The caller is responsible for serializing
|
3216
|
-
// and parsing them. See
|
3229
|
+
// and parsing them. See https://www.rfc-editor.org/rfc/rfc9000#section-7.4 for
|
3230
|
+
// details.
|
3217
3231
|
//
|
3218
3232
|
// QUIC additionally imposes restrictions on 0-RTT. In particular, the QUIC
|
3219
3233
|
// transport layer requires that if a server accepts 0-RTT data, then the
|
@@ -3325,7 +3339,7 @@ struct ssl_quic_method_st {
|
|
3325
3339
|
// that may be received at the given encryption level. This function should be
|
3326
3340
|
// used to limit buffering in the QUIC implementation.
|
3327
3341
|
//
|
3328
|
-
// See https://
|
3342
|
+
// See https://www.rfc-editor.org/rfc/rfc9000#section-7.5
|
3329
3343
|
OPENSSL_EXPORT size_t SSL_quic_max_handshake_flight_len(
|
3330
3344
|
const SSL *ssl, enum ssl_encryption_level_t level);
|
3331
3345
|
|
@@ -3386,6 +3400,12 @@ OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
|
|
3386
3400
|
OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(
|
3387
3401
|
const SSL *ssl, const uint8_t **out_params, size_t *out_params_len);
|
3388
3402
|
|
3403
|
+
// SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
|
3404
|
+
// extension codepoint 0xffa5 as opposed to the official value 57. Call with
|
3405
|
+
// |use_legacy| set to 1 to use 0xffa5 and call with 0 to use 57. By default,
|
3406
|
+
// the standard code point is used.
|
3407
|
+
OPENSSL_EXPORT void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
|
3408
|
+
|
3389
3409
|
// SSL_set_quic_early_data_context configures a context string in QUIC servers
|
3390
3410
|
// for accepting early data. If a resumption connection offers early data, the
|
3391
3411
|
// server will check if the value matches that of the connection which minted
|
@@ -3532,8 +3552,7 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
|
|
3532
3552
|
ssl_early_data_alpn_mismatch = 9,
|
3533
3553
|
// The connection negotiated Channel ID, which is incompatible with 0-RTT.
|
3534
3554
|
ssl_early_data_channel_id = 10,
|
3535
|
-
//
|
3536
|
-
ssl_early_data_token_binding = 11,
|
3555
|
+
// Value 11 is reserved. (It has historically |ssl_early_data_token_binding|.)
|
3537
3556
|
// The client and server ticket age were too far apart.
|
3538
3557
|
ssl_early_data_ticket_age_skew = 12,
|
3539
3558
|
// QUIC parameters differ between this connection and the original.
|
@@ -3555,6 +3574,184 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
|
|
3555
3574
|
enum ssl_early_data_reason_t reason);
|
3556
3575
|
|
3557
3576
|
|
3577
|
+
// Encrypted ClientHello.
|
3578
|
+
//
|
3579
|
+
// ECH is a mechanism for encrypting the entire ClientHello message in TLS 1.3.
|
3580
|
+
// This can prevent observers from seeing cleartext information about the
|
3581
|
+
// connection, such as the server_name extension.
|
3582
|
+
//
|
3583
|
+
// By default, BoringSSL will treat the server name, session ticket, and client
|
3584
|
+
// certificate as secret, but most other parameters, such as the ALPN protocol
|
3585
|
+
// list will be treated as public and sent in the cleartext ClientHello. Other
|
3586
|
+
// APIs may be added for applications with different secrecy requirements.
|
3587
|
+
//
|
3588
|
+
// ECH support in BoringSSL is still experimental and under development.
|
3589
|
+
//
|
3590
|
+
// See https://tools.ietf.org/html/draft-ietf-tls-esni-13.
|
3591
|
+
|
3592
|
+
// SSL_set_enable_ech_grease configures whether the client will send a GREASE
|
3593
|
+
// ECH extension when no supported ECHConfig is available.
|
3594
|
+
OPENSSL_EXPORT void SSL_set_enable_ech_grease(SSL *ssl, int enable);
|
3595
|
+
|
3596
|
+
// SSL_set1_ech_config_list configures |ssl| to, as a client, offer ECH with the
|
3597
|
+
// specified configuration. |ech_config_list| should contain a serialized
|
3598
|
+
// ECHConfigList structure. It returns one on success and zero on error.
|
3599
|
+
//
|
3600
|
+
// This function returns an error if the input is malformed. If the input is
|
3601
|
+
// valid but none of the ECHConfigs implement supported parameters, it will
|
3602
|
+
// return success and proceed without ECH.
|
3603
|
+
//
|
3604
|
+
// If a supported ECHConfig is found, |ssl| will encrypt the true ClientHello
|
3605
|
+
// parameters. If the server cannot decrypt it, e.g. due to a key mismatch, ECH
|
3606
|
+
// has a recovery flow. |ssl| will handshake using the cleartext parameters,
|
3607
|
+
// including a public name in the ECHConfig. If using
|
3608
|
+
// |SSL_CTX_set_custom_verify|, callers should use |SSL_get0_ech_name_override|
|
3609
|
+
// to verify the certificate with the public name. If using the built-in
|
3610
|
+
// verifier, the |X509_STORE_CTX| will be configured automatically.
|
3611
|
+
//
|
3612
|
+
// If no other errors are found in this handshake, it will fail with
|
3613
|
+
// |SSL_R_ECH_REJECTED|. Since it didn't use the true parameters, the connection
|
3614
|
+
// cannot be used for application data. Instead, callers should handle this
|
3615
|
+
// error by calling |SSL_get0_ech_retry_configs| and retrying the connection
|
3616
|
+
// with updated ECH parameters. If the retry also fails with
|
3617
|
+
// |SSL_R_ECH_REJECTED|, the caller should report a connection failure.
|
3618
|
+
OPENSSL_EXPORT int SSL_set1_ech_config_list(SSL *ssl,
|
3619
|
+
const uint8_t *ech_config_list,
|
3620
|
+
size_t ech_config_list_len);
|
3621
|
+
|
3622
|
+
// SSL_get0_ech_name_override, if |ssl| is a client and the server rejected ECH,
|
3623
|
+
// sets |*out_name| and |*out_name_len| to point to a buffer containing the ECH
|
3624
|
+
// public name. Otherwise, the buffer will be empty.
|
3625
|
+
//
|
3626
|
+
// When offering ECH as a client, this function should be called during the
|
3627
|
+
// certificate verification callback (see |SSL_CTX_set_custom_verify|). If
|
3628
|
+
// |*out_name_len| is non-zero, the caller should verify the certificate against
|
3629
|
+
// the result, interpreted as a DNS name, rather than the true server name. In
|
3630
|
+
// this case, the handshake will never succeed and is only used to authenticate
|
3631
|
+
// retry configs. See also |SSL_get0_ech_retry_configs|.
|
3632
|
+
OPENSSL_EXPORT void SSL_get0_ech_name_override(const SSL *ssl,
|
3633
|
+
const char **out_name,
|
3634
|
+
size_t *out_name_len);
|
3635
|
+
|
3636
|
+
// SSL_get0_ech_retry_configs sets |*out_retry_configs| and
|
3637
|
+
// |*out_retry_configs_len| to a buffer containing a serialized ECHConfigList.
|
3638
|
+
// If the server did not provide an ECHConfigList, |*out_retry_configs_len| will
|
3639
|
+
// be zero.
|
3640
|
+
//
|
3641
|
+
// When handling an |SSL_R_ECH_REJECTED| error code as a client, callers should
|
3642
|
+
// use this function to recover from potential key mismatches. If the result is
|
3643
|
+
// non-empty, the caller should retry the connection, passing this buffer to
|
3644
|
+
// |SSL_set1_ech_config_list|. If the result is empty, the server has rolled
|
3645
|
+
// back ECH support, and the caller should retry without ECH.
|
3646
|
+
//
|
3647
|
+
// This function must only be called in response to an |SSL_R_ECH_REJECTED|
|
3648
|
+
// error code. Calling this function on |ssl|s that have not authenticated the
|
3649
|
+
// rejection handshake will assert in debug builds and otherwise return an
|
3650
|
+
// unparsable list.
|
3651
|
+
OPENSSL_EXPORT void SSL_get0_ech_retry_configs(
|
3652
|
+
const SSL *ssl, const uint8_t **out_retry_configs,
|
3653
|
+
size_t *out_retry_configs_len);
|
3654
|
+
|
3655
|
+
// SSL_marshal_ech_config constructs a new serialized ECHConfig. On success, it
|
3656
|
+
// sets |*out| to a newly-allocated buffer containing the result and |*out_len|
|
3657
|
+
// to the size of the buffer. The caller must call |OPENSSL_free| on |*out| to
|
3658
|
+
// release the memory. On failure, it returns zero.
|
3659
|
+
//
|
3660
|
+
// The |config_id| field is a single byte identifer for the ECHConfig. Reusing
|
3661
|
+
// config IDs is allowed, but if multiple ECHConfigs with the same config ID are
|
3662
|
+
// active at a time, server load may increase. See
|
3663
|
+
// |SSL_ECH_KEYS_has_duplicate_config_id|.
|
3664
|
+
//
|
3665
|
+
// The public key and KEM algorithm are taken from |key|. |public_name| is the
|
3666
|
+
// DNS name used to authenticate the recovery flow. |max_name_len| should be the
|
3667
|
+
// length of the longest name in the ECHConfig's anonymity set and influences
|
3668
|
+
// client padding decisions.
|
3669
|
+
OPENSSL_EXPORT int SSL_marshal_ech_config(uint8_t **out, size_t *out_len,
|
3670
|
+
uint8_t config_id,
|
3671
|
+
const EVP_HPKE_KEY *key,
|
3672
|
+
const char *public_name,
|
3673
|
+
size_t max_name_len);
|
3674
|
+
|
3675
|
+
// SSL_ECH_KEYS_new returns a newly-allocated |SSL_ECH_KEYS| or NULL on error.
|
3676
|
+
OPENSSL_EXPORT SSL_ECH_KEYS *SSL_ECH_KEYS_new(void);
|
3677
|
+
|
3678
|
+
// SSL_ECH_KEYS_up_ref increments the reference count of |keys|.
|
3679
|
+
OPENSSL_EXPORT void SSL_ECH_KEYS_up_ref(SSL_ECH_KEYS *keys);
|
3680
|
+
|
3681
|
+
// SSL_ECH_KEYS_free releases memory associated with |keys|.
|
3682
|
+
OPENSSL_EXPORT void SSL_ECH_KEYS_free(SSL_ECH_KEYS *keys);
|
3683
|
+
|
3684
|
+
// SSL_ECH_KEYS_add decodes |ech_config| as an ECHConfig and appends it with
|
3685
|
+
// |key| to |keys|. If |is_retry_config| is non-zero, this config will be
|
3686
|
+
// returned to the client on configuration mismatch. It returns one on success
|
3687
|
+
// and zero on error.
|
3688
|
+
//
|
3689
|
+
// This function should be called successively to register each ECHConfig in
|
3690
|
+
// decreasing order of preference. This configuration must be completed before
|
3691
|
+
// setting |keys| on an |SSL_CTX| with |SSL_CTX_set1_ech_keys|. After that
|
3692
|
+
// point, |keys| is immutable; no more ECHConfig values may be added.
|
3693
|
+
//
|
3694
|
+
// See also |SSL_CTX_set1_ech_keys|.
|
3695
|
+
OPENSSL_EXPORT int SSL_ECH_KEYS_add(SSL_ECH_KEYS *keys, int is_retry_config,
|
3696
|
+
const uint8_t *ech_config,
|
3697
|
+
size_t ech_config_len,
|
3698
|
+
const EVP_HPKE_KEY *key);
|
3699
|
+
|
3700
|
+
// SSL_ECH_KEYS_has_duplicate_config_id returns one if |keys| has duplicate
|
3701
|
+
// config IDs or zero otherwise. Duplicate config IDs still work, but may
|
3702
|
+
// increase server load due to trial decryption.
|
3703
|
+
OPENSSL_EXPORT int SSL_ECH_KEYS_has_duplicate_config_id(
|
3704
|
+
const SSL_ECH_KEYS *keys);
|
3705
|
+
|
3706
|
+
// SSL_ECH_KEYS_marshal_retry_configs serializes the retry configs in |keys| as
|
3707
|
+
// an ECHConfigList. On success, it sets |*out| to a newly-allocated buffer
|
3708
|
+
// containing the result and |*out_len| to the size of the buffer. The caller
|
3709
|
+
// must call |OPENSSL_free| on |*out| to release the memory. On failure, it
|
3710
|
+
// returns zero.
|
3711
|
+
//
|
3712
|
+
// This output may be advertised to clients in DNS.
|
3713
|
+
OPENSSL_EXPORT int SSL_ECH_KEYS_marshal_retry_configs(const SSL_ECH_KEYS *keys,
|
3714
|
+
uint8_t **out,
|
3715
|
+
size_t *out_len);
|
3716
|
+
|
3717
|
+
// SSL_CTX_set1_ech_keys configures |ctx| to use |keys| to decrypt encrypted
|
3718
|
+
// ClientHellos. It returns one on success, and zero on failure. If |keys| does
|
3719
|
+
// not contain any retry configs, this function will fail. Retry configs are
|
3720
|
+
// marked as such when they are added to |keys| with |SSL_ECH_KEYS_add|.
|
3721
|
+
//
|
3722
|
+
// Once |keys| has been passed to this function, it is immutable. Unlike most
|
3723
|
+
// |SSL_CTX| configuration functions, this function may be called even if |ctx|
|
3724
|
+
// already has associated connections on multiple threads. This may be used to
|
3725
|
+
// rotate keys in a long-lived server process.
|
3726
|
+
//
|
3727
|
+
// The configured ECHConfig values should also be advertised out-of-band via DNS
|
3728
|
+
// (see draft-ietf-dnsop-svcb-https). Before advertising an ECHConfig in DNS,
|
3729
|
+
// deployments should ensure all instances of the service are configured with
|
3730
|
+
// the ECHConfig and corresponding private key.
|
3731
|
+
//
|
3732
|
+
// Only the most recent fully-deployed ECHConfigs should be advertised in DNS.
|
3733
|
+
// |keys| may contain a newer set if those ECHConfigs are mid-deployment. It
|
3734
|
+
// should also contain older sets, until the DNS change has rolled out and the
|
3735
|
+
// old records have expired from caches.
|
3736
|
+
//
|
3737
|
+
// If there is a mismatch, |SSL| objects associated with |ctx| will complete the
|
3738
|
+
// handshake using the cleartext ClientHello and send updated ECHConfig values
|
3739
|
+
// to the client. The client will then retry to recover, but with a latency
|
3740
|
+
// penalty. This recovery flow depends on the public name in the ECHConfig.
|
3741
|
+
// Before advertising an ECHConfig in DNS, deployments must ensure all instances
|
3742
|
+
// of the service can present a valid certificate for the public name.
|
3743
|
+
//
|
3744
|
+
// BoringSSL negotiates ECH before certificate selection callbacks are called,
|
3745
|
+
// including |SSL_CTX_set_select_certificate_cb|. If ECH is negotiated, the
|
3746
|
+
// reported |SSL_CLIENT_HELLO| structure and |SSL_get_servername| function will
|
3747
|
+
// transparently reflect the inner ClientHello. Callers should select parameters
|
3748
|
+
// based on these values to correctly handle ECH as well as the recovery flow.
|
3749
|
+
OPENSSL_EXPORT int SSL_CTX_set1_ech_keys(SSL_CTX *ctx, SSL_ECH_KEYS *keys);
|
3750
|
+
|
3751
|
+
// SSL_ech_accepted returns one if |ssl| negotiated ECH and zero otherwise.
|
3752
|
+
OPENSSL_EXPORT int SSL_ech_accepted(const SSL *ssl);
|
3753
|
+
|
3754
|
+
|
3558
3755
|
// Alerts.
|
3559
3756
|
//
|
3560
3757
|
// TLS uses alerts to signal error conditions. Alerts have a type (warning or
|
@@ -3608,6 +3805,7 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
|
|
3608
3805
|
#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
|
3609
3806
|
#define SSL_AD_CERTIFICATE_REQUIRED TLS1_AD_CERTIFICATE_REQUIRED
|
3610
3807
|
#define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL
|
3808
|
+
#define SSL_AD_ECH_REQUIRED TLS1_AD_ECH_REQUIRED
|
3611
3809
|
|
3612
3810
|
// SSL_alert_type_string_long returns a string description of |value| as an
|
3613
3811
|
// alert type (warning or fatal).
|
@@ -3690,6 +3888,101 @@ OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
|
|
3690
3888
|
OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
|
3691
3889
|
|
3692
3890
|
|
3891
|
+
// Handshake hints.
|
3892
|
+
//
|
3893
|
+
// *** EXPERIMENTAL — DO NOT USE WITHOUT CHECKING ***
|
3894
|
+
//
|
3895
|
+
// Some server deployments make asynchronous RPC calls in both ClientHello
|
3896
|
+
// dispatch and private key operations. In TLS handshakes where the private key
|
3897
|
+
// operation occurs in the first round-trip, this results in two consecutive RPC
|
3898
|
+
// round-trips. Handshake hints allow the RPC service to predicte a signature.
|
3899
|
+
// If correctly predicted, this can skip the second RPC call.
|
3900
|
+
//
|
3901
|
+
// First, the server installs a certificate selection callback (see
|
3902
|
+
// |SSL_CTX_set_select_certificate_cb|). When that is called, it performs the
|
3903
|
+
// RPC as before, but includes the ClientHello and a capabilities string from
|
3904
|
+
// |SSL_serialize_capabilities|.
|
3905
|
+
//
|
3906
|
+
// Next, the RPC service creates its own |SSL| object, applies the results of
|
3907
|
+
// certificate selection, calls |SSL_request_handshake_hints|, and runs the
|
3908
|
+
// handshake. If this successfully computes handshake hints (see
|
3909
|
+
// |SSL_serialize_handshake_hints|), the RPC server should send the hints
|
3910
|
+
// alongside any certificate selection results.
|
3911
|
+
//
|
3912
|
+
// Finally, the server calls |SSL_set_handshake_hints| and applies any
|
3913
|
+
// configuration from the RPC server. It then completes the handshake as before.
|
3914
|
+
// If the hints apply, BoringSSL will use the predicted signature and skip the
|
3915
|
+
// private key callbacks. Otherwise, BoringSSL will call private key callbacks
|
3916
|
+
// to generate a signature as before.
|
3917
|
+
//
|
3918
|
+
// Callers should synchronize configuration across the two services.
|
3919
|
+
// Configuration mismatches and some cases of version skew are not fatal, but
|
3920
|
+
// may result in the hints not applying. Additionally, some handshake flows use
|
3921
|
+
// the private key in later round-trips, such as TLS 1.3 HelloRetryRequest. In
|
3922
|
+
// those cases, BoringSSL will not predict a signature as there is no benefit.
|
3923
|
+
// Callers must allow for handshakes to complete without a predicted signature.
|
3924
|
+
//
|
3925
|
+
// For now, only TLS 1.3 is hinted. TLS 1.2 will work, but the hints will be
|
3926
|
+
// empty.
|
3927
|
+
|
3928
|
+
// SSL_serialize_capabilities writes an opaque byte string to |out| describing
|
3929
|
+
// some of |ssl|'s capabilities. It returns one on success and zero on error.
|
3930
|
+
//
|
3931
|
+
// This string is used by BoringSSL internally to reduce the impact of version
|
3932
|
+
// skew.
|
3933
|
+
OPENSSL_EXPORT int SSL_serialize_capabilities(const SSL *ssl, CBB *out);
|
3934
|
+
|
3935
|
+
// SSL_request_handshake_hints configures |ssl| to generate a handshake hint for
|
3936
|
+
// |client_hello|. It returns one on success and zero on error. |client_hello|
|
3937
|
+
// should contain a serialized ClientHello structure, from the |client_hello|
|
3938
|
+
// and |client_hello_len| fields of the |SSL_CLIENT_HELLO| structure.
|
3939
|
+
// |capabilities| should contain the output of |SSL_serialize_capabilities|.
|
3940
|
+
//
|
3941
|
+
// When configured, |ssl| will perform no I/O (so there is no need to configure
|
3942
|
+
// |BIO|s). For QUIC, the caller should still configure an |SSL_QUIC_METHOD|,
|
3943
|
+
// but the callbacks themselves will never be called and may be left NULL or
|
3944
|
+
// report failure. |SSL_provide_quic_data| also should not be called.
|
3945
|
+
//
|
3946
|
+
// If hint generation is successful, |SSL_do_handshake| will stop the handshake
|
3947
|
+
// early with |SSL_get_error| returning |SSL_ERROR_HANDSHAKE_HINTS_READY|. At
|
3948
|
+
// this point, the caller should run |SSL_serialize_handshake_hints| to extract
|
3949
|
+
// the resulting hints.
|
3950
|
+
//
|
3951
|
+
// Hint generation may fail if, e.g., |ssl| was unable to process the
|
3952
|
+
// ClientHello. Callers should then complete the certificate selection RPC and
|
3953
|
+
// continue the original handshake with no hint. It will likely fail, but this
|
3954
|
+
// reports the correct alert to the client and is more robust in case of
|
3955
|
+
// mismatch.
|
3956
|
+
OPENSSL_EXPORT int SSL_request_handshake_hints(SSL *ssl,
|
3957
|
+
const uint8_t *client_hello,
|
3958
|
+
size_t client_hello_len,
|
3959
|
+
const uint8_t *capabilities,
|
3960
|
+
size_t capabilities_len);
|
3961
|
+
|
3962
|
+
// SSL_serialize_handshake_hints writes an opaque byte string to |out|
|
3963
|
+
// containing the handshake hints computed by |out|. It returns one on success
|
3964
|
+
// and zero on error. This function should only be called if
|
3965
|
+
// |SSL_request_handshake_hints| was configured and the handshake terminated
|
3966
|
+
// with |SSL_ERROR_HANDSHAKE_HINTS_READY|.
|
3967
|
+
//
|
3968
|
+
// This string may be passed to |SSL_set_handshake_hints| on another |SSL| to
|
3969
|
+
// avoid an extra signature call.
|
3970
|
+
OPENSSL_EXPORT int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out);
|
3971
|
+
|
3972
|
+
// SSL_set_handshake_hints configures |ssl| to use |hints| as handshake hints.
|
3973
|
+
// It returns one on success and zero on error. The handshake will then continue
|
3974
|
+
// as before, but apply predicted values from |hints| where applicable.
|
3975
|
+
//
|
3976
|
+
// Hints may contain connection and session secrets, so they must not leak and
|
3977
|
+
// must come from a source trusted to terminate the connection. However, they
|
3978
|
+
// will not change |ssl|'s configuration. The caller is responsible for
|
3979
|
+
// serializing and applying options from the RPC server as needed. This ensures
|
3980
|
+
// |ssl|'s behavior is self-consistent and consistent with the caller's local
|
3981
|
+
// decisions.
|
3982
|
+
OPENSSL_EXPORT int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints,
|
3983
|
+
size_t hints_len);
|
3984
|
+
|
3985
|
+
|
3693
3986
|
// Obscure functions.
|
3694
3987
|
|
3695
3988
|
// SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|.
|
@@ -3865,7 +4158,7 @@ OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
|
|
3865
4158
|
// callbacks that are called very early on during the server handshake. At this
|
3866
4159
|
// point, much of the SSL* hasn't been filled out and only the ClientHello can
|
3867
4160
|
// be depended on.
|
3868
|
-
|
4161
|
+
struct ssl_early_callback_ctx {
|
3869
4162
|
SSL *ssl;
|
3870
4163
|
const uint8_t *client_hello;
|
3871
4164
|
size_t client_hello_len;
|
@@ -3880,7 +4173,7 @@ typedef struct ssl_early_callback_ctx {
|
|
3880
4173
|
size_t compression_methods_len;
|
3881
4174
|
const uint8_t *extensions;
|
3882
4175
|
size_t extensions_len;
|
3883
|
-
} SSL_CLIENT_HELLO
|
4176
|
+
} /* SSL_CLIENT_HELLO */;
|
3884
4177
|
|
3885
4178
|
// ssl_select_cert_result_t enumerates the possible results from selecting a
|
3886
4179
|
// certificate with |select_certificate_cb|.
|
@@ -4074,9 +4367,17 @@ OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx,
|
|
4074
4367
|
int enable);
|
4075
4368
|
|
4076
4369
|
// SSL_CTX_set_grease_enabled configures whether sockets on |ctx| should enable
|
4077
|
-
// GREASE. See
|
4370
|
+
// GREASE. See RFC 8701.
|
4078
4371
|
OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled);
|
4079
4372
|
|
4373
|
+
// SSL_CTX_set_permute_extensions configures whether sockets on |ctx| should
|
4374
|
+
// permute extensions. For now, this is only implemented for the ClientHello.
|
4375
|
+
OPENSSL_EXPORT void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled);
|
4376
|
+
|
4377
|
+
// SSL_set_permute_extensions configures whether sockets on |ssl| should
|
4378
|
+
// permute extensions. For now, this is only implemented for the ClientHello.
|
4379
|
+
OPENSSL_EXPORT void SSL_set_permute_extensions(SSL *ssl, int enabled);
|
4380
|
+
|
4080
4381
|
// SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a
|
4081
4382
|
// record with |ssl|.
|
4082
4383
|
OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
|
@@ -4087,19 +4388,6 @@ OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
|
|
4087
4388
|
OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx,
|
4088
4389
|
int allowed);
|
4089
4390
|
|
4090
|
-
// SSL_CTX_set_ignore_tls13_downgrade configures whether connections on |ctx|
|
4091
|
-
// ignore the downgrade signal in the server's random value.
|
4092
|
-
OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx,
|
4093
|
-
int ignore);
|
4094
|
-
|
4095
|
-
// SSL_set_ignore_tls13_downgrade configures whether |ssl| ignores the downgrade
|
4096
|
-
// signal in the server's random value.
|
4097
|
-
OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore);
|
4098
|
-
|
4099
|
-
// SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade
|
4100
|
-
// mechanism would have aborted |ssl|'s handshake and zero otherwise.
|
4101
|
-
OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
|
4102
|
-
|
4103
4391
|
// SSL_used_hello_retry_request returns one if the TLS 1.3 HelloRetryRequest
|
4104
4392
|
// message has been either sent by the server or received by the client. It
|
4105
4393
|
// returns zero otherwise.
|
@@ -4624,12 +4912,6 @@ OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
|
|
4624
4912
|
OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
|
4625
4913
|
const char *dir);
|
4626
4914
|
|
4627
|
-
// SSL_set_verify_result calls |abort| unless |result| is |X509_V_OK|.
|
4628
|
-
//
|
4629
|
-
// TODO(davidben): Remove this function once it has been removed from
|
4630
|
-
// netty-tcnative.
|
4631
|
-
OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
|
4632
|
-
|
4633
4915
|
// SSL_CTX_enable_tls_channel_id calls |SSL_CTX_set_tls_channel_id_enabled|.
|
4634
4916
|
OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx);
|
4635
4917
|
|
@@ -4938,6 +5220,8 @@ BSSL_NAMESPACE_BEGIN
|
|
4938
5220
|
BORINGSSL_MAKE_DELETER(SSL, SSL_free)
|
4939
5221
|
BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
|
4940
5222
|
BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref)
|
5223
|
+
BORINGSSL_MAKE_DELETER(SSL_ECH_KEYS, SSL_ECH_KEYS_free)
|
5224
|
+
BORINGSSL_MAKE_UP_REF(SSL_ECH_KEYS, SSL_ECH_KEYS_up_ref)
|
4941
5225
|
BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
|
4942
5226
|
BORINGSSL_MAKE_UP_REF(SSL_SESSION, SSL_SESSION_up_ref)
|
4943
5227
|
|
@@ -5054,6 +5338,7 @@ OPENSSL_EXPORT bool SSL_get_traffic_secrets(
|
|
5054
5338
|
const SSL *ssl, Span<const uint8_t> *out_read_traffic_secret,
|
5055
5339
|
Span<const uint8_t> *out_write_traffic_secret);
|
5056
5340
|
|
5341
|
+
|
5057
5342
|
BSSL_NAMESPACE_END
|
5058
5343
|
|
5059
5344
|
} // extern C++
|
@@ -5268,9 +5553,21 @@ BSSL_NAMESPACE_END
|
|
5268
5553
|
#define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304
|
5269
5554
|
#define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
|
5270
5555
|
#define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306
|
5271
|
-
#define
|
5556
|
+
#define SSL_R_NO_APPLICATION_PROTOCOL 307
|
5272
5557
|
#define SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN 308
|
5273
5558
|
#define SSL_R_ALPS_MISMATCH_ON_EARLY_DATA 309
|
5559
|
+
#define SSL_R_ECH_SERVER_CONFIG_AND_PRIVATE_KEY_MISMATCH 310
|
5560
|
+
#define SSL_R_ECH_SERVER_CONFIG_UNSUPPORTED_EXTENSION 311
|
5561
|
+
#define SSL_R_UNSUPPORTED_ECH_SERVER_CONFIG 312
|
5562
|
+
#define SSL_R_ECH_SERVER_WOULD_HAVE_NO_RETRY_CONFIGS 313
|
5563
|
+
#define SSL_R_INVALID_CLIENT_HELLO_INNER 314
|
5564
|
+
#define SSL_R_INVALID_ALPN_PROTOCOL_LIST 315
|
5565
|
+
#define SSL_R_COULD_NOT_PARSE_HINTS 316
|
5566
|
+
#define SSL_R_INVALID_ECH_PUBLIC_NAME 317
|
5567
|
+
#define SSL_R_INVALID_ECH_CONFIG_LIST 318
|
5568
|
+
#define SSL_R_ECH_REJECTED 319
|
5569
|
+
#define SSL_R_OUTER_EXTENSION_NOT_FOUND 320
|
5570
|
+
#define SSL_R_INCONSISTENT_ECH_NEGOTIATION 321
|
5274
5571
|
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
|
5275
5572
|
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
|
5276
5573
|
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
|
@@ -5304,5 +5601,6 @@ BSSL_NAMESPACE_END
|
|
5304
5601
|
#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
|
5305
5602
|
#define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116
|
5306
5603
|
#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
|
5604
|
+
#define SSL_R_TLSV1_ALERT_ECH_REQUIRED 1121
|
5307
5605
|
|
5308
5606
|
#endif // OPENSSL_HEADER_SSL_H
|