grpc 1.34.0 → 1.42.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1545) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +978 -2868
  3. data/etc/roots.pem +592 -899
  4. data/include/grpc/byte_buffer.h +1 -1
  5. data/include/grpc/byte_buffer_reader.h +1 -1
  6. data/include/grpc/compression.h +1 -1
  7. data/include/grpc/event_engine/README.md +38 -0
  8. data/include/grpc/event_engine/endpoint_config.h +43 -0
  9. data/include/grpc/event_engine/event_engine.h +375 -0
  10. data/include/grpc/event_engine/internal/memory_allocator_impl.h +98 -0
  11. data/include/grpc/event_engine/memory_allocator.h +210 -0
  12. data/include/grpc/event_engine/port.h +39 -0
  13. data/include/grpc/fork.h +1 -1
  14. data/include/grpc/grpc.h +49 -4
  15. data/include/grpc/grpc_posix.h +5 -2
  16. data/include/grpc/grpc_security.h +127 -14
  17. data/include/grpc/grpc_security_constants.h +16 -0
  18. data/include/grpc/impl/codegen/atm.h +5 -3
  19. data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
  20. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  21. data/include/grpc/impl/codegen/atm_windows.h +6 -0
  22. data/include/grpc/impl/codegen/byte_buffer.h +3 -1
  23. data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
  24. data/include/grpc/impl/codegen/compression_types.h +2 -0
  25. data/include/grpc/impl/codegen/connectivity_state.h +2 -0
  26. data/include/grpc/impl/codegen/fork.h +2 -0
  27. data/include/grpc/impl/codegen/gpr_slice.h +2 -0
  28. data/include/grpc/impl/codegen/gpr_types.h +2 -0
  29. data/include/grpc/impl/codegen/grpc_types.h +49 -25
  30. data/include/grpc/impl/codegen/log.h +2 -2
  31. data/include/grpc/impl/codegen/port_platform.h +81 -22
  32. data/include/grpc/impl/codegen/propagation_bits.h +2 -0
  33. data/include/grpc/impl/codegen/slice.h +2 -0
  34. data/include/grpc/impl/codegen/status.h +2 -0
  35. data/include/grpc/impl/codegen/sync.h +8 -5
  36. data/include/grpc/impl/codegen/sync_abseil.h +2 -0
  37. data/include/grpc/impl/codegen/sync_custom.h +2 -0
  38. data/include/grpc/impl/codegen/sync_generic.h +3 -0
  39. data/include/grpc/impl/codegen/sync_posix.h +4 -2
  40. data/include/grpc/impl/codegen/sync_windows.h +6 -0
  41. data/include/grpc/module.modulemap +14 -14
  42. data/include/grpc/slice.h +1 -1
  43. data/include/grpc/slice_buffer.h +3 -3
  44. data/include/grpc/status.h +1 -1
  45. data/include/grpc/support/atm.h +1 -1
  46. data/include/grpc/support/atm_gcc_atomic.h +1 -1
  47. data/include/grpc/support/atm_gcc_sync.h +1 -1
  48. data/include/grpc/support/atm_windows.h +1 -1
  49. data/include/grpc/support/log.h +1 -1
  50. data/include/grpc/support/port_platform.h +1 -1
  51. data/include/grpc/support/sync.h +4 -4
  52. data/include/grpc/support/sync_abseil.h +1 -1
  53. data/include/grpc/support/sync_custom.h +1 -1
  54. data/include/grpc/support/sync_generic.h +1 -1
  55. data/include/grpc/support/sync_posix.h +1 -1
  56. data/include/grpc/support/sync_windows.h +1 -1
  57. data/include/grpc/support/time.h +9 -9
  58. data/src/core/ext/filters/census/grpc_context.cc +1 -0
  59. data/src/core/ext/filters/client_channel/backend_metric.cc +20 -24
  60. data/src/core/ext/filters/client_channel/backup_poller.cc +5 -4
  61. data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
  62. data/src/core/ext/filters/client_channel/channel_connectivity.cc +158 -202
  63. data/src/core/ext/filters/client_channel/client_channel.cc +2009 -3145
  64. data/src/core/ext/filters/client_channel/client_channel.h +559 -60
  65. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
  66. data/src/core/ext/filters/client_channel/client_channel_channelz.h +2 -2
  67. data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
  68. data/src/core/ext/filters/client_channel/client_channel_factory.h +18 -19
  69. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -14
  70. data/src/core/ext/filters/client_channel/config_selector.cc +2 -1
  71. data/src/core/ext/filters/client_channel/config_selector.h +33 -9
  72. data/src/core/ext/filters/client_channel/connector.h +19 -19
  73. data/src/core/ext/filters/client_channel/dynamic_filters.cc +190 -0
  74. data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
  75. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
  76. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -11
  77. data/src/core/ext/filters/client_channel/health/health_check_client.cc +53 -50
  78. data/src/core/ext/filters/client_channel/health/health_check_client.h +35 -33
  79. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +37 -34
  80. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
  81. data/src/core/ext/filters/client_channel/http_proxy.cc +36 -20
  82. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -2
  83. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +12 -21
  84. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +246 -166
  85. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +4 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
  87. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  88. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +3 -5
  89. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
  90. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +4 -3
  91. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +5 -6
  92. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  93. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +37 -30
  94. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +53 -55
  95. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +757 -0
  96. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +37 -0
  97. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2502 -0
  98. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +16 -18
  99. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -3
  100. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +24 -27
  101. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +385 -135
  102. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -8
  103. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
  104. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +57 -71
  105. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +43 -64
  106. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1362 -0
  107. data/src/core/ext/filters/client_channel/lb_policy.cc +6 -17
  108. data/src/core/ext/filters/client_channel/lb_policy.h +93 -93
  109. data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
  110. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -11
  111. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  112. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  113. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
  114. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +139 -0
  115. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +76 -88
  116. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -33
  117. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
  118. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +10 -9
  119. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +26 -23
  120. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +473 -74
  121. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +27 -2
  122. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
  123. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  124. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +45 -35
  125. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +43 -46
  126. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
  127. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +384 -0
  128. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +22 -35
  129. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +466 -254
  130. data/src/core/ext/filters/client_channel/resolver.cc +5 -5
  131. data/src/core/ext/filters/client_channel/resolver.h +4 -15
  132. data/src/core/ext/filters/client_channel/resolver_factory.h +8 -6
  133. data/src/core/ext/filters/client_channel/resolver_registry.cc +43 -44
  134. data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
  135. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +42 -252
  136. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +25 -54
  137. data/src/core/ext/filters/client_channel/retry_filter.cc +2573 -0
  138. data/src/core/ext/filters/{workarounds/workaround_cronet_compression_filter.h → client_channel/retry_filter.h} +9 -6
  139. data/src/core/ext/filters/client_channel/retry_service_config.cc +316 -0
  140. data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
  141. data/src/core/ext/filters/client_channel/retry_throttle.cc +20 -49
  142. data/src/core/ext/filters/client_channel/retry_throttle.h +3 -1
  143. data/src/core/ext/filters/client_channel/server_address.cc +10 -1
  144. data/src/core/ext/filters/client_channel/server_address.h +31 -0
  145. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +54 -40
  146. data/src/core/ext/filters/client_channel/subchannel.cc +179 -329
  147. data/src/core/ext/filters/client_channel/subchannel.h +101 -158
  148. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +38 -9
  149. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +21 -10
  150. data/src/core/ext/filters/client_idle/client_idle_filter.cc +47 -223
  151. data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
  152. data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
  153. data/src/core/ext/filters/deadline/deadline_filter.cc +33 -34
  154. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +503 -0
  155. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
  156. data/src/core/ext/filters/fault_injection/service_config_parser.cc +181 -0
  157. data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
  158. data/src/core/ext/filters/http/client/http_client_filter.cc +77 -69
  159. data/src/core/ext/filters/http/client_authority_filter.cc +19 -19
  160. data/src/core/ext/filters/http/http_filters_plugin.cc +53 -68
  161. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +42 -35
  162. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +29 -30
  163. data/src/core/ext/filters/http/server/http_server_filter.cc +104 -95
  164. data/src/core/ext/filters/max_age/max_age_filter.cc +71 -68
  165. data/src/core/ext/filters/message_size/message_size_filter.cc +43 -41
  166. data/src/core/ext/filters/message_size/message_size_filter.h +2 -2
  167. data/src/core/ext/{filters/client_channel → service_config}/service_config.cc +17 -16
  168. data/src/core/ext/{filters/client_channel → service_config}/service_config.h +11 -10
  169. data/src/core/ext/{filters/client_channel → service_config}/service_config_call_data.h +23 -19
  170. data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.cc +9 -9
  171. data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.h +15 -10
  172. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  173. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +37 -23
  174. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +9 -7
  175. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +42 -35
  176. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +32 -16
  177. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +51 -62
  178. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +664 -236
  179. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  180. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -5
  181. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +25 -11
  182. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +61 -22
  183. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -2
  184. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
  185. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
  186. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +264 -223
  187. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +16 -2
  188. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
  189. data/src/core/ext/transport/chttp2/transport/context_list.h +5 -6
  190. data/src/core/ext/transport/chttp2/transport/flow_control.cc +59 -40
  191. data/src/core/ext/transport/chttp2/transport/flow_control.h +23 -17
  192. data/src/core/ext/transport/chttp2/transport/frame_data.cc +28 -24
  193. data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -10
  194. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +21 -20
  195. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +7 -6
  196. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +13 -13
  197. data/src/core/ext/transport/chttp2/transport/frame_ping.h +8 -6
  198. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -15
  199. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +7 -6
  200. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +49 -17
  201. data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -7
  202. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +22 -19
  203. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
  204. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
  205. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +311 -665
  206. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +240 -70
  207. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
  208. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
  209. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
  210. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +865 -1172
  211. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +100 -81
  212. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +146 -0
  213. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +137 -0
  214. data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
  215. data/src/core/{lib/transport/authority_override.h → ext/transport/chttp2/transport/hpack_utils.h} +8 -12
  216. data/src/core/ext/transport/chttp2/transport/internal.h +40 -33
  217. data/src/core/ext/transport/chttp2/transport/parsing.cc +156 -286
  218. data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
  219. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
  220. data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
  221. data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
  222. data/src/core/ext/transport/chttp2/transport/writing.cc +69 -54
  223. data/src/core/ext/transport/inproc/inproc_transport.cc +204 -160
  224. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
  225. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1591 -0
  226. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
  227. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +2 -1
  228. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
  229. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +15 -2
  230. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -49
  231. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +245 -56
  232. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +371 -0
  233. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1554 -0
  234. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +16 -16
  235. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +66 -21
  236. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +178 -142
  237. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +795 -314
  238. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
  239. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +21 -7
  240. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +25 -24
  241. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +70 -23
  242. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +29 -29
  243. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +138 -47
  244. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +5 -5
  245. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +23 -8
  246. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +147 -75
  247. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +522 -96
  248. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +27 -27
  249. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +116 -49
  250. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
  251. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +15 -2
  252. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
  253. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +42 -14
  254. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +63 -63
  255. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +228 -63
  256. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +57 -56
  257. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +244 -98
  258. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
  259. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +25 -11
  260. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +125 -57
  261. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +533 -89
  262. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -4
  263. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +15 -2
  264. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
  265. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +133 -0
  266. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
  267. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +17 -4
  268. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +15 -8
  269. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +56 -9
  270. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
  271. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +96 -0
  272. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -17
  273. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +81 -40
  274. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +56 -22
  275. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +223 -34
  276. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
  277. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +137 -72
  278. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
  279. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +19 -5
  280. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +48 -38
  281. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +276 -103
  282. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +51 -45
  283. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +203 -62
  284. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
  285. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +177 -0
  286. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +10 -9
  287. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +55 -22
  288. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
  289. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +536 -0
  290. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +153 -0
  291. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +550 -0
  292. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +51 -44
  293. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +165 -43
  294. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +35 -16
  295. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +148 -40
  296. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +339 -279
  297. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1466 -543
  298. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
  299. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +48 -10
  300. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -7
  301. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +32 -6
  302. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  303. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -0
  304. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
  305. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +298 -0
  306. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +79 -0
  307. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +303 -0
  308. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -0
  309. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +123 -0
  310. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +151 -112
  311. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +693 -244
  312. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -2
  313. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +2 -1
  314. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +52 -32
  315. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +231 -59
  316. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +15 -18
  317. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +51 -28
  318. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +45 -44
  319. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +178 -74
  320. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
  321. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +15 -2
  322. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
  323. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +15 -2
  324. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +58 -51
  325. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +221 -135
  326. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -5
  327. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +15 -2
  328. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -5
  329. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +15 -2
  330. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -10
  331. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +46 -19
  332. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -4
  333. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +15 -2
  334. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
  335. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +15 -2
  336. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +121 -0
  337. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +468 -0
  338. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
  339. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +205 -0
  340. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
  341. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +44 -14
  342. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
  343. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +96 -0
  344. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
  345. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +15 -2
  346. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
  347. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +15 -2
  348. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +10 -9
  349. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +51 -12
  350. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -11
  351. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +31 -6
  352. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
  353. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +136 -0
  354. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
  355. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +41 -4
  356. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
  357. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +96 -11
  358. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
  359. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +77 -14
  360. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
  361. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +2 -1
  362. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
  363. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +30 -5
  364. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
  365. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +41 -4
  366. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
  367. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +15 -2
  368. data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
  369. data/src/core/ext/upb-generated/google/api/annotations.upb.h +2 -1
  370. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +62 -62
  371. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +227 -84
  372. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +86 -69
  373. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +256 -72
  374. data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
  375. data/src/core/ext/upb-generated/google/api/http.upb.h +47 -10
  376. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
  377. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +15 -2
  378. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +154 -154
  379. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +645 -320
  380. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
  381. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +15 -2
  382. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
  383. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +15 -2
  384. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
  385. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +44 -7
  386. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
  387. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +15 -2
  388. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
  389. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +119 -10
  390. data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
  391. data/src/core/ext/upb-generated/google/rpc/status.upb.h +18 -5
  392. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
  393. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +19 -5
  394. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +63 -63
  395. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +220 -87
  396. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +8 -8
  397. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +36 -9
  398. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
  399. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +28 -3
  400. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
  401. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +146 -35
  402. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +55 -0
  403. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +154 -0
  404. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
  405. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +41 -4
  406. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -6
  407. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +15 -2
  408. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
  409. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +2 -1
  410. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
  411. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +17 -4
  412. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
  413. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +15 -2
  414. data/src/core/ext/upb-generated/validate/validate.upb.c +243 -227
  415. data/src/core/ext/upb-generated/validate/validate.upb.h +626 -253
  416. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +58 -0
  417. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +182 -0
  418. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
  419. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +66 -0
  420. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  421. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +155 -0
  422. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  423. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +90 -0
  424. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
  425. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +100 -0
  426. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  427. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +178 -0
  428. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  429. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +91 -0
  430. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +58 -0
  431. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +130 -0
  432. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +33 -0
  433. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +83 -0
  434. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
  435. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  436. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
  437. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -170
  438. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +424 -0
  439. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +120 -0
  440. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +467 -429
  441. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +12 -2
  442. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
  443. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +156 -109
  444. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +25 -0
  445. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +89 -88
  446. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +156 -153
  447. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +240 -168
  448. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +20 -0
  449. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
  450. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
  451. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
  452. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +37 -20
  453. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
  454. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
  455. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
  456. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +90 -63
  457. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
  458. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +137 -122
  459. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
  460. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +136 -120
  461. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
  462. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
  463. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +31 -26
  464. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
  465. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  466. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +152 -0
  467. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +75 -0
  468. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -51
  469. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
  470. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +748 -681
  471. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +15 -0
  472. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
  473. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  474. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  475. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
  476. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  477. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +123 -0
  478. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  479. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +79 -0
  480. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  481. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +435 -379
  482. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
  483. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
  484. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +121 -91
  485. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
  486. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
  487. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +182 -180
  488. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
  489. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  490. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
  491. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
  492. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
  493. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
  494. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +163 -0
  495. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +55 -0
  496. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
  497. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
  498. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
  499. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
  500. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  501. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
  502. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
  503. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
  504. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  505. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
  506. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +100 -100
  507. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
  508. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
  509. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
  510. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
  511. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
  512. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
  513. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +5 -4
  514. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +19 -23
  515. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +4 -3
  516. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +5 -3
  517. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +5 -4
  518. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -157
  519. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +75 -0
  520. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
  521. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +43 -0
  522. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  523. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +63 -0
  524. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  525. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +46 -0
  526. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  527. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +50 -0
  528. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  529. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +68 -0
  530. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  531. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +51 -0
  532. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  533. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +45 -0
  534. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
  535. data/src/core/ext/xds/certificate_provider_factory.h +1 -1
  536. data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
  537. data/src/core/ext/xds/certificate_provider_store.cc +10 -7
  538. data/src/core/ext/xds/certificate_provider_store.h +15 -10
  539. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +28 -3
  540. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +3 -6
  541. data/src/core/ext/xds/xds_api.cc +2654 -808
  542. data/src/core/ext/xds/xds_api.h +460 -154
  543. data/src/core/ext/xds/xds_bootstrap.cc +139 -188
  544. data/src/core/ext/xds/xds_bootstrap.h +34 -18
  545. data/src/core/ext/xds/xds_certificate_provider.cc +237 -72
  546. data/src/core/ext/xds/xds_certificate_provider.h +104 -27
  547. data/src/core/ext/xds/xds_channel_args.h +5 -2
  548. data/src/core/ext/xds/xds_channel_stack_modifier.cc +113 -0
  549. data/src/core/ext/xds/xds_channel_stack_modifier.h +52 -0
  550. data/src/core/ext/xds/xds_client.cc +985 -429
  551. data/src/core/ext/xds/xds_client.h +100 -51
  552. data/src/core/ext/xds/xds_client_stats.cc +18 -16
  553. data/src/core/ext/xds/xds_client_stats.h +12 -11
  554. data/src/core/ext/xds/xds_http_fault_filter.cc +227 -0
  555. data/src/core/ext/xds/xds_http_fault_filter.h +64 -0
  556. data/src/core/ext/xds/xds_http_filters.cc +116 -0
  557. data/src/core/ext/xds/xds_http_filters.h +133 -0
  558. data/src/core/ext/xds/xds_server_config_fetcher.cc +544 -0
  559. data/src/core/lib/{iomgr → address_utils}/parse_address.cc +72 -68
  560. data/src/core/lib/{iomgr → address_utils}/parse_address.h +20 -16
  561. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +131 -15
  562. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +37 -7
  563. data/src/core/lib/avl/avl.cc +5 -5
  564. data/src/core/lib/backoff/backoff.cc +1 -1
  565. data/src/core/lib/channel/call_tracer.h +85 -0
  566. data/src/core/lib/channel/channel_args.cc +34 -15
  567. data/src/core/lib/channel/channel_args.h +9 -0
  568. data/src/core/lib/channel/channel_stack.cc +27 -12
  569. data/src/core/lib/channel/channel_stack.h +18 -10
  570. data/src/core/lib/channel/channel_stack_builder.cc +6 -16
  571. data/src/core/lib/channel/channel_stack_builder.h +1 -9
  572. data/src/core/lib/channel/channel_trace.cc +5 -4
  573. data/src/core/lib/channel/channel_trace.h +3 -2
  574. data/src/core/lib/channel/channelz.cc +162 -63
  575. data/src/core/lib/channel/channelz.h +62 -31
  576. data/src/core/lib/channel/channelz_registry.cc +22 -7
  577. data/src/core/lib/channel/channelz_registry.h +1 -2
  578. data/src/core/lib/channel/connected_channel.cc +6 -7
  579. data/src/core/lib/channel/connected_channel.h +1 -2
  580. data/src/core/lib/channel/context.h +3 -0
  581. data/src/core/lib/channel/handshaker.cc +13 -53
  582. data/src/core/lib/channel/handshaker.h +7 -25
  583. data/src/core/lib/channel/handshaker_factory.h +10 -2
  584. data/src/core/lib/channel/handshaker_registry.cc +15 -70
  585. data/src/core/lib/channel/handshaker_registry.h +29 -12
  586. data/src/core/lib/channel/status_util.cc +12 -2
  587. data/src/core/lib/channel/status_util.h +11 -2
  588. data/src/core/lib/compression/algorithm_metadata.h +1 -0
  589. data/src/core/lib/compression/compression.cc +2 -2
  590. data/src/core/lib/compression/compression_args.cc +11 -7
  591. data/src/core/lib/compression/compression_internal.cc +4 -6
  592. data/src/core/lib/compression/compression_internal.h +1 -1
  593. data/src/core/lib/compression/message_compress.cc +2 -2
  594. data/src/core/lib/compression/stream_compression.cc +2 -1
  595. data/src/core/lib/compression/stream_compression.h +3 -2
  596. data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
  597. data/src/core/lib/compression/stream_compression_gzip.h +1 -1
  598. data/src/core/lib/compression/stream_compression_identity.cc +2 -1
  599. data/src/core/lib/compression/stream_compression_identity.h +1 -1
  600. data/src/core/lib/config/core_configuration.cc +96 -0
  601. data/src/core/lib/config/core_configuration.h +146 -0
  602. data/src/core/lib/debug/stats.cc +1 -1
  603. data/src/core/lib/debug/stats.h +4 -3
  604. data/src/core/lib/debug/stats_data.cc +15 -14
  605. data/src/core/lib/debug/stats_data.h +14 -13
  606. data/src/core/lib/debug/trace.cc +1 -0
  607. data/src/core/lib/debug/trace.h +2 -1
  608. data/src/core/lib/event_engine/endpoint_config.cc +45 -0
  609. data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
  610. data/src/core/lib/event_engine/event_engine.cc +50 -0
  611. data/src/core/lib/event_engine/sockaddr.cc +40 -0
  612. data/src/core/lib/event_engine/sockaddr.h +44 -0
  613. data/src/core/lib/gpr/alloc.cc +7 -5
  614. data/src/core/lib/gpr/atm.cc +1 -1
  615. data/src/core/lib/gpr/cpu_posix.cc +1 -1
  616. data/src/core/lib/gpr/env_linux.cc +1 -2
  617. data/src/core/lib/gpr/env_posix.cc +2 -3
  618. data/src/core/lib/gpr/log.cc +61 -19
  619. data/src/core/lib/gpr/log_android.cc +3 -2
  620. data/src/core/lib/gpr/log_linux.cc +10 -5
  621. data/src/core/lib/gpr/log_posix.cc +9 -4
  622. data/src/core/lib/gpr/log_windows.cc +3 -1
  623. data/src/core/lib/gpr/murmur_hash.cc +4 -2
  624. data/src/core/lib/gpr/spinlock.h +10 -2
  625. data/src/core/lib/gpr/string.cc +24 -23
  626. data/src/core/lib/gpr/string.h +7 -8
  627. data/src/core/lib/gpr/sync.cc +6 -6
  628. data/src/core/lib/gpr/sync_abseil.cc +10 -12
  629. data/src/core/lib/gpr/sync_posix.cc +3 -3
  630. data/src/core/lib/gpr/sync_windows.cc +2 -2
  631. data/src/core/lib/gpr/time.cc +15 -14
  632. data/src/core/lib/gpr/time_windows.cc +3 -2
  633. data/src/core/lib/gpr/tls.h +119 -40
  634. data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
  635. data/src/core/lib/gpr/useful.h +79 -32
  636. data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
  637. data/src/core/lib/gprpp/arena.cc +2 -1
  638. data/src/core/lib/gprpp/arena.h +18 -7
  639. data/src/core/lib/gprpp/atomic_utils.h +47 -0
  640. data/src/core/lib/gprpp/bitset.h +188 -0
  641. data/src/core/lib/gprpp/chunked_vector.h +211 -0
  642. data/src/core/lib/gprpp/construct_destruct.h +39 -0
  643. data/src/core/lib/gprpp/dual_ref_counted.h +28 -29
  644. data/src/core/lib/gprpp/fork.cc +14 -12
  645. data/src/core/lib/gprpp/fork.h +4 -4
  646. data/src/core/lib/gprpp/global_config.h +1 -2
  647. data/src/core/lib/gprpp/global_config_env.cc +7 -7
  648. data/src/core/lib/gprpp/global_config_generic.h +2 -2
  649. data/src/core/lib/gprpp/manual_constructor.h +9 -6
  650. data/src/core/lib/gprpp/match.h +73 -0
  651. data/src/core/lib/gprpp/memory.h +9 -3
  652. data/src/core/lib/gprpp/mpscq.cc +9 -9
  653. data/src/core/lib/gprpp/mpscq.h +6 -5
  654. data/src/core/lib/gprpp/orphanable.h +6 -6
  655. data/src/core/lib/gprpp/overload.h +59 -0
  656. data/src/core/lib/gprpp/ref_counted.h +48 -34
  657. data/src/core/lib/gprpp/ref_counted_ptr.h +11 -1
  658. data/src/core/lib/gprpp/status_helper.cc +427 -0
  659. data/src/core/lib/gprpp/status_helper.h +194 -0
  660. data/src/core/lib/gprpp/sync.h +106 -43
  661. data/src/core/lib/gprpp/table.h +411 -0
  662. data/src/core/lib/gprpp/thd.h +1 -1
  663. data/src/core/lib/gprpp/thd_posix.cc +11 -6
  664. data/src/core/lib/gprpp/thd_windows.cc +7 -12
  665. data/src/core/lib/gprpp/time_util.cc +77 -0
  666. data/src/core/lib/gprpp/time_util.h +42 -0
  667. data/src/core/lib/http/format_request.cc +1 -0
  668. data/src/core/lib/http/format_request.h +1 -0
  669. data/src/core/lib/http/httpcli.cc +203 -185
  670. data/src/core/lib/http/httpcli.h +5 -3
  671. data/src/core/lib/http/httpcli_security_connector.cc +19 -18
  672. data/src/core/lib/http/parser.cc +19 -20
  673. data/src/core/lib/http/parser.h +5 -4
  674. data/src/core/lib/iomgr/buffer_list.cc +10 -11
  675. data/src/core/lib/iomgr/buffer_list.h +6 -8
  676. data/src/core/lib/iomgr/call_combiner.cc +46 -21
  677. data/src/core/lib/iomgr/call_combiner.h +12 -14
  678. data/src/core/lib/iomgr/cfstream_handle.cc +6 -6
  679. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  680. data/src/core/lib/iomgr/closure.h +7 -6
  681. data/src/core/lib/iomgr/combiner.cc +25 -36
  682. data/src/core/lib/iomgr/combiner.h +3 -2
  683. data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
  684. data/src/core/lib/iomgr/endpoint.cc +1 -5
  685. data/src/core/lib/iomgr/endpoint.h +3 -5
  686. data/src/core/lib/iomgr/endpoint_cfstream.cc +27 -39
  687. data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
  688. data/src/core/lib/iomgr/endpoint_pair.h +1 -0
  689. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +32 -0
  690. data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
  691. data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
  692. data/src/core/lib/iomgr/error.cc +277 -105
  693. data/src/core/lib/iomgr/error.h +280 -114
  694. data/src/core/lib/iomgr/error_cfstream.cc +10 -4
  695. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  696. data/src/core/lib/iomgr/error_internal.h +7 -2
  697. data/src/core/lib/iomgr/ev_apple.cc +16 -13
  698. data/src/core/lib/iomgr/ev_apple.h +1 -1
  699. data/src/core/lib/iomgr/ev_epoll1_linux.cc +53 -53
  700. data/src/core/lib/iomgr/ev_epollex_linux.cc +81 -81
  701. data/src/core/lib/iomgr/ev_poll_posix.cc +70 -68
  702. data/src/core/lib/iomgr/ev_posix.cc +13 -13
  703. data/src/core/lib/iomgr/ev_posix.h +9 -9
  704. data/src/core/lib/iomgr/event_engine/closure.cc +77 -0
  705. data/src/core/lib/iomgr/event_engine/closure.h +42 -0
  706. data/src/core/lib/iomgr/event_engine/endpoint.cc +173 -0
  707. data/src/core/lib/iomgr/event_engine/endpoint.h +52 -0
  708. data/src/core/lib/iomgr/event_engine/iomgr.cc +104 -0
  709. data/src/core/lib/iomgr/event_engine/iomgr.h +42 -0
  710. data/src/core/lib/iomgr/event_engine/pollset.cc +88 -0
  711. data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
  712. data/src/core/lib/iomgr/event_engine/promise.h +51 -0
  713. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
  714. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
  715. data/src/core/lib/iomgr/event_engine/resolver.cc +114 -0
  716. data/src/core/lib/iomgr/event_engine/tcp.cc +293 -0
  717. data/src/core/lib/iomgr/event_engine/timer.cc +62 -0
  718. data/src/core/lib/iomgr/exec_ctx.cc +14 -11
  719. data/src/core/lib/iomgr/exec_ctx.h +21 -28
  720. data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
  721. data/src/core/lib/iomgr/executor/mpmcqueue.h +7 -11
  722. data/src/core/lib/iomgr/executor/threadpool.cc +4 -5
  723. data/src/core/lib/iomgr/executor/threadpool.h +5 -4
  724. data/src/core/lib/iomgr/executor.cc +19 -33
  725. data/src/core/lib/iomgr/executor.h +3 -3
  726. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  727. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  728. data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
  729. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  730. data/src/core/lib/iomgr/iomgr.cc +6 -4
  731. data/src/core/lib/iomgr/iomgr.h +3 -3
  732. data/src/core/lib/iomgr/iomgr_custom.cc +3 -3
  733. data/src/core/lib/iomgr/iomgr_custom.h +2 -2
  734. data/src/core/lib/iomgr/iomgr_internal.cc +8 -12
  735. data/src/core/lib/iomgr/iomgr_internal.h +6 -5
  736. data/src/core/lib/iomgr/iomgr_posix.cc +3 -2
  737. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -13
  738. data/src/core/lib/iomgr/iomgr_windows.cc +2 -3
  739. data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
  740. data/src/core/lib/iomgr/load_file.cc +6 -6
  741. data/src/core/lib/iomgr/load_file.h +2 -2
  742. data/src/core/lib/iomgr/lockfree_event.cc +38 -15
  743. data/src/core/lib/iomgr/lockfree_event.h +2 -2
  744. data/src/core/lib/iomgr/polling_entity.cc +2 -2
  745. data/src/core/lib/iomgr/pollset.cc +5 -5
  746. data/src/core/lib/iomgr/pollset.h +9 -9
  747. data/src/core/lib/iomgr/pollset_custom.cc +10 -11
  748. data/src/core/lib/iomgr/pollset_custom.h +3 -1
  749. data/src/core/lib/iomgr/pollset_set_custom.cc +2 -3
  750. data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
  751. data/src/core/lib/iomgr/pollset_windows.cc +5 -5
  752. data/src/core/lib/iomgr/port.h +7 -10
  753. data/src/core/lib/iomgr/python_util.h +4 -3
  754. data/src/core/lib/iomgr/resolve_address.cc +14 -9
  755. data/src/core/lib/iomgr/resolve_address.h +12 -10
  756. data/src/core/lib/iomgr/resolve_address_custom.cc +14 -13
  757. data/src/core/lib/iomgr/resolve_address_custom.h +3 -4
  758. data/src/core/lib/iomgr/resolve_address_posix.cc +10 -14
  759. data/src/core/lib/iomgr/resolve_address_windows.cc +10 -12
  760. data/src/core/lib/iomgr/resource_quota.cc +152 -62
  761. data/src/core/lib/iomgr/resource_quota.h +66 -17
  762. data/src/core/lib/iomgr/sockaddr.h +2 -1
  763. data/src/core/lib/iomgr/socket_factory_posix.cc +8 -7
  764. data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
  765. data/src/core/lib/iomgr/socket_mutator.cc +20 -6
  766. data/src/core/lib/iomgr/socket_mutator.h +27 -3
  767. data/src/core/lib/iomgr/socket_utils_common_posix.cc +29 -27
  768. data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
  769. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  770. data/src/core/lib/iomgr/socket_utils_posix.h +22 -22
  771. data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
  772. data/src/core/lib/iomgr/tcp_client.cc +5 -3
  773. data/src/core/lib/iomgr/tcp_client.h +4 -0
  774. data/src/core/lib/iomgr/tcp_client_cfstream.cc +18 -26
  775. data/src/core/lib/iomgr/tcp_client_custom.cc +19 -27
  776. data/src/core/lib/iomgr/tcp_client_posix.cc +56 -47
  777. data/src/core/lib/iomgr/tcp_client_posix.h +8 -6
  778. data/src/core/lib/iomgr/tcp_client_windows.cc +23 -14
  779. data/src/core/lib/iomgr/tcp_custom.cc +46 -55
  780. data/src/core/lib/iomgr/tcp_custom.h +15 -13
  781. data/src/core/lib/iomgr/tcp_posix.cc +119 -145
  782. data/src/core/lib/iomgr/tcp_posix.h +19 -12
  783. data/src/core/lib/iomgr/tcp_server.cc +9 -7
  784. data/src/core/lib/iomgr/tcp_server.h +18 -14
  785. data/src/core/lib/iomgr/tcp_server_custom.cc +63 -73
  786. data/src/core/lib/iomgr/tcp_server_posix.cc +49 -35
  787. data/src/core/lib/iomgr/tcp_server_utils_posix.h +16 -12
  788. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +22 -20
  789. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +11 -12
  790. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  791. data/src/core/lib/iomgr/tcp_server_windows.cc +40 -36
  792. data/src/core/lib/iomgr/tcp_windows.cc +21 -40
  793. data/src/core/lib/iomgr/tcp_windows.h +4 -3
  794. data/src/core/lib/iomgr/timer.cc +1 -0
  795. data/src/core/lib/iomgr/timer.h +7 -3
  796. data/src/core/lib/iomgr/timer_custom.cc +7 -6
  797. data/src/core/lib/iomgr/timer_custom.h +1 -1
  798. data/src/core/lib/iomgr/timer_generic.cc +32 -62
  799. data/src/core/lib/iomgr/timer_generic.h +1 -0
  800. data/src/core/lib/iomgr/timer_heap.cc +2 -3
  801. data/src/core/lib/iomgr/timer_manager.cc +4 -4
  802. data/src/core/lib/iomgr/unix_sockets_posix.cc +21 -24
  803. data/src/core/lib/iomgr/unix_sockets_posix.h +4 -5
  804. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
  805. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  806. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -1
  807. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +6 -7
  808. data/src/core/lib/iomgr/wakeup_fd_posix.cc +4 -3
  809. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  810. data/src/core/lib/iomgr/work_serializer.cc +4 -4
  811. data/src/core/lib/iomgr/work_serializer.h +18 -2
  812. data/src/core/lib/json/json.h +11 -1
  813. data/src/core/lib/json/json_reader.cc +14 -23
  814. data/src/core/lib/json/json_util.cc +68 -0
  815. data/src/core/lib/json/json_util.h +65 -115
  816. data/src/core/lib/json/json_writer.cc +0 -3
  817. data/src/core/lib/matchers/matchers.cc +327 -0
  818. data/src/core/lib/matchers/matchers.h +160 -0
  819. data/src/core/lib/profiling/basic_timers.cc +8 -6
  820. data/src/core/lib/profiling/stap_timers.cc +2 -2
  821. data/src/core/lib/security/authorization/authorization_engine.h +13 -53
  822. data/src/core/lib/security/authorization/authorization_policy_provider.h +33 -0
  823. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
  824. data/src/core/lib/security/authorization/evaluate_args.cc +126 -66
  825. data/src/core/lib/security/authorization/evaluate_args.h +47 -15
  826. data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +171 -0
  827. data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
  828. data/src/core/lib/security/context/security_context.cc +15 -11
  829. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  830. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  831. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  832. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
  833. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  834. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
  835. data/src/core/lib/security/credentials/composite/composite_credentials.cc +9 -8
  836. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  837. data/src/core/lib/security/credentials/credentials.cc +16 -14
  838. data/src/core/lib/security/credentials/credentials.h +11 -5
  839. data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
  840. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +404 -0
  841. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +81 -0
  842. data/src/core/lib/security/credentials/external/aws_request_signer.cc +20 -14
  843. data/src/core/lib/security/credentials/external/aws_request_signer.h +2 -3
  844. data/src/core/lib/security/credentials/external/external_account_credentials.cc +270 -54
  845. data/src/core/lib/security/credentials/external/external_account_credentials.h +16 -12
  846. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +8 -8
  847. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +6 -6
  848. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +26 -26
  849. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +13 -12
  850. data/src/core/lib/security/credentials/fake/fake_credentials.cc +5 -4
  851. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  852. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
  853. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +92 -31
  854. data/src/core/lib/security/credentials/iam/iam_credentials.cc +4 -3
  855. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  856. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +18 -5
  857. data/src/core/lib/security/credentials/jwt/json_token.cc +4 -7
  858. data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
  859. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +34 -17
  860. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +13 -5
  861. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +15 -22
  862. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
  863. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  864. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  865. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +57 -66
  866. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +11 -9
  867. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +10 -12
  868. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  869. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -10
  870. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -3
  871. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +12 -15
  872. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +20 -21
  873. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +382 -5
  874. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +74 -1
  875. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +5 -1
  876. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -3
  877. data/src/core/lib/security/credentials/tls/tls_credentials.cc +3 -2
  878. data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
  879. data/src/core/lib/security/credentials/tls/tls_utils.cc +123 -0
  880. data/src/core/lib/security/credentials/tls/tls_utils.h +51 -0
  881. data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
  882. data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
  883. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +14 -4
  884. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +20 -12
  885. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +50 -17
  886. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +35 -8
  887. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
  888. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +4 -4
  889. data/src/core/lib/security/security_connector/local/local_security_connector.cc +23 -10
  890. data/src/core/lib/security/security_connector/security_connector.cc +12 -6
  891. data/src/core/lib/security/security_connector/security_connector.h +10 -5
  892. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +24 -17
  893. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
  894. data/src/core/lib/security/security_connector/ssl_utils.cc +41 -14
  895. data/src/core/lib/security/security_connector/ssl_utils.h +16 -23
  896. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +156 -113
  897. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +67 -52
  898. data/src/core/lib/security/transport/auth_filters.h +1 -0
  899. data/src/core/lib/security/transport/client_auth_filter.cc +27 -21
  900. data/src/core/lib/security/transport/secure_endpoint.cc +10 -20
  901. data/src/core/lib/security/transport/secure_endpoint.h +1 -0
  902. data/src/core/lib/security/transport/security_handshaker.cc +158 -90
  903. data/src/core/lib/security/transport/security_handshaker.h +2 -1
  904. data/src/core/lib/security/transport/server_auth_filter.cc +20 -16
  905. data/src/core/lib/security/transport/tsi_error.cc +5 -6
  906. data/src/core/lib/security/transport/tsi_error.h +2 -1
  907. data/src/core/lib/security/util/json_util.cc +8 -10
  908. data/src/core/lib/security/util/json_util.h +1 -1
  909. data/src/core/lib/slice/percent_encoding.cc +73 -30
  910. data/src/core/lib/slice/percent_encoding.h +29 -28
  911. data/src/core/lib/slice/slice.cc +14 -21
  912. data/src/core/lib/{gpr/tls_pthread.cc → slice/slice_api.cc} +15 -6
  913. data/src/core/lib/slice/slice_buffer.cc +6 -7
  914. data/src/core/lib/slice/slice_intern.cc +19 -27
  915. data/src/core/lib/slice/slice_internal.h +4 -246
  916. data/src/core/lib/slice/slice_refcount.cc +17 -0
  917. data/src/core/lib/slice/slice_refcount.h +121 -0
  918. data/src/core/lib/slice/slice_refcount_base.h +173 -0
  919. data/src/core/lib/slice/slice_split.cc +100 -0
  920. data/src/core/lib/slice/slice_split.h +40 -0
  921. data/src/core/lib/slice/slice_string_helpers.cc +0 -83
  922. data/src/core/lib/slice/slice_string_helpers.h +0 -11
  923. data/src/core/lib/slice/static_slice.cc +529 -0
  924. data/src/core/lib/slice/static_slice.h +331 -0
  925. data/src/core/lib/surface/api_trace.cc +2 -1
  926. data/src/core/lib/surface/api_trace.h +1 -0
  927. data/src/core/lib/surface/builtins.cc +49 -0
  928. data/src/core/lib/surface/builtins.h +26 -0
  929. data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
  930. data/src/core/lib/surface/call.cc +198 -186
  931. data/src/core/lib/surface/call.h +10 -5
  932. data/src/core/lib/surface/call_details.cc +10 -10
  933. data/src/core/lib/surface/call_log_batch.cc +2 -2
  934. data/src/core/lib/surface/channel.cc +57 -51
  935. data/src/core/lib/surface/channel.h +19 -14
  936. data/src/core/lib/surface/channel_init.cc +23 -76
  937. data/src/core/lib/surface/channel_init.h +52 -44
  938. data/src/core/lib/surface/channel_ping.cc +2 -3
  939. data/src/core/lib/surface/channel_stack_type.cc +2 -1
  940. data/src/core/lib/surface/completion_queue.cc +140 -145
  941. data/src/core/lib/surface/completion_queue.h +18 -17
  942. data/src/core/lib/surface/completion_queue_factory.cc +3 -3
  943. data/src/core/lib/surface/completion_queue_factory.h +1 -0
  944. data/src/core/lib/surface/event_string.cc +1 -0
  945. data/src/core/lib/surface/init.cc +18 -65
  946. data/src/core/lib/surface/init.h +10 -2
  947. data/src/core/lib/surface/init_secure.cc +36 -14
  948. data/src/core/lib/surface/lame_client.cc +62 -61
  949. data/src/core/lib/surface/lame_client.h +5 -0
  950. data/src/core/lib/surface/metadata_array.cc +2 -2
  951. data/src/core/lib/surface/server.cc +167 -116
  952. data/src/core/lib/surface/server.h +140 -40
  953. data/src/core/lib/surface/validate_metadata.cc +55 -24
  954. data/src/core/lib/surface/validate_metadata.h +3 -2
  955. data/src/core/lib/surface/version.cc +2 -2
  956. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  957. data/src/core/lib/transport/byte_stream.cc +5 -5
  958. data/src/core/lib/transport/byte_stream.h +9 -8
  959. data/src/core/lib/transport/connectivity_state.cc +9 -6
  960. data/src/core/lib/transport/connectivity_state.h +8 -6
  961. data/src/core/lib/transport/error_utils.cc +64 -27
  962. data/src/core/lib/transport/error_utils.h +13 -7
  963. data/src/core/lib/transport/metadata.cc +47 -22
  964. data/src/core/lib/transport/metadata.h +15 -12
  965. data/src/core/lib/transport/metadata_batch.cc +41 -339
  966. data/src/core/lib/transport/metadata_batch.h +932 -68
  967. data/src/core/lib/transport/parsed_metadata.h +263 -0
  968. data/src/core/lib/transport/pid_controller.cc +4 -4
  969. data/src/core/lib/transport/static_metadata.cc +715 -847
  970. data/src/core/lib/transport/static_metadata.h +115 -379
  971. data/src/core/lib/transport/status_metadata.cc +5 -3
  972. data/src/core/lib/transport/transport.cc +8 -8
  973. data/src/core/lib/transport/transport.h +12 -10
  974. data/src/core/lib/transport/transport_op_string.cc +46 -26
  975. data/src/core/lib/uri/uri_parser.cc +131 -249
  976. data/src/core/lib/uri/uri_parser.h +57 -21
  977. data/src/core/plugin_registry/grpc_plugin_registry.cc +101 -44
  978. data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
  979. data/src/core/tsi/alts/crypt/gsec.cc +5 -4
  980. data/src/core/tsi/alts/crypt/gsec.h +5 -0
  981. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
  982. data/src/core/tsi/alts/frame_protector/frame_handler.cc +18 -17
  983. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +27 -33
  984. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
  985. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +57 -51
  986. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
  987. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  988. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
  989. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
  990. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
  991. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
  992. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +6 -6
  993. data/src/core/tsi/fake_transport_security.cc +31 -12
  994. data/src/core/tsi/local_transport_security.cc +36 -73
  995. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
  996. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  997. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -55
  998. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +6 -7
  999. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
  1000. data/src/core/tsi/ssl_transport_security.cc +115 -77
  1001. data/src/core/tsi/ssl_transport_security.h +12 -14
  1002. data/src/core/tsi/transport_security.cc +21 -9
  1003. data/src/core/tsi/transport_security.h +16 -1
  1004. data/src/core/tsi/transport_security_grpc.h +1 -0
  1005. data/src/core/tsi/transport_security_interface.h +27 -1
  1006. data/src/ruby/bin/math_services_pb.rb +1 -1
  1007. data/src/ruby/ext/grpc/extconf.rb +21 -8
  1008. data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
  1009. data/src/ruby/ext/grpc/rb_call.c +5 -5
  1010. data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
  1011. data/src/ruby/ext/grpc/rb_channel.c +19 -8
  1012. data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
  1013. data/src/ruby/ext/grpc/rb_channel_credentials.c +15 -5
  1014. data/src/ruby/ext/grpc/rb_channel_credentials.h +5 -0
  1015. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
  1016. data/src/ruby/ext/grpc/rb_compression_options.c +6 -5
  1017. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  1018. data/src/ruby/ext/grpc/rb_event_thread.c +4 -2
  1019. data/src/ruby/ext/grpc/rb_grpc.c +9 -4
  1020. data/src/ruby/ext/grpc/rb_grpc.h +1 -0
  1021. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +24 -0
  1022. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +50 -14
  1023. data/src/ruby/ext/grpc/rb_server.c +19 -6
  1024. data/src/ruby/ext/grpc/rb_server_credentials.c +22 -6
  1025. data/src/ruby/ext/grpc/rb_server_credentials.h +5 -0
  1026. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +218 -0
  1027. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +37 -0
  1028. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +170 -0
  1029. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +37 -0
  1030. data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
  1031. data/src/ruby/lib/grpc/version.rb +1 -1
  1032. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
  1033. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
  1034. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
  1035. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +23 -5
  1036. data/src/ruby/spec/call_spec.rb +1 -1
  1037. data/src/ruby/spec/channel_credentials_spec.rb +32 -0
  1038. data/src/ruby/spec/channel_spec.rb +17 -6
  1039. data/src/ruby/spec/client_auth_spec.rb +27 -1
  1040. data/src/ruby/spec/client_server_spec.rb +1 -1
  1041. data/src/ruby/spec/errors_spec.rb +1 -1
  1042. data/src/ruby/spec/generic/active_call_spec.rb +2 -2
  1043. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  1044. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  1045. data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
  1046. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  1047. data/src/ruby/spec/server_spec.rb +22 -0
  1048. data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
  1049. data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
  1050. data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
  1051. data/third_party/abseil-cpp/absl/base/config.h +37 -9
  1052. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
  1053. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
  1054. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  1055. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
  1056. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
  1057. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
  1058. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
  1059. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
  1060. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  1061. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
  1062. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  1063. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
  1064. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  1065. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
  1066. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +9 -6
  1067. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +54 -48
  1068. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  1069. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  1070. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
  1071. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  1072. data/third_party/abseil-cpp/absl/base/macros.h +11 -0
  1073. data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
  1074. data/third_party/abseil-cpp/absl/base/options.h +1 -1
  1075. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  1076. data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
  1077. data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
  1078. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
  1079. data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
  1080. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
  1081. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
  1082. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
  1083. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
  1084. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
  1085. data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
  1086. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
  1087. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
  1088. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
  1089. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
  1090. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
  1091. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
  1092. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
  1093. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
  1094. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
  1095. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
  1096. data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
  1097. data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
  1098. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
  1099. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
  1100. data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
  1101. data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
  1102. data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
  1103. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  1104. data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
  1105. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  1106. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  1107. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
  1108. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +396 -0
  1109. data/third_party/abseil-cpp/absl/status/status.cc +29 -22
  1110. data/third_party/abseil-cpp/absl/status/status.h +81 -20
  1111. data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
  1112. data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
  1113. data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
  1114. data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
  1115. data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
  1116. data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
  1117. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
  1118. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
  1119. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
  1120. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  1121. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
  1122. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
  1123. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
  1124. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
  1125. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
  1126. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
  1127. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
  1128. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
  1129. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
  1130. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
  1131. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
  1132. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
  1133. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
  1134. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  1135. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  1136. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  1137. data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
  1138. data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
  1139. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  1140. data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
  1141. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  1142. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
  1143. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
  1144. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
  1145. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
  1146. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
  1147. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
  1148. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
  1149. data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
  1150. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  1151. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  1152. data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
  1153. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
  1154. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
  1155. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
  1156. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  1157. data/third_party/abseil-cpp/absl/time/time.h +26 -24
  1158. data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
  1159. data/third_party/abseil-cpp/absl/types/variant.h +9 -4
  1160. data/third_party/address_sorting/address_sorting_posix.c +1 -0
  1161. data/third_party/boringssl-with-bazel/err_data.c +756 -724
  1162. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +55 -50
  1163. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +22 -23
  1164. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
  1165. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  1166. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
  1167. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  1168. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
  1169. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +26 -24
  1170. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  1171. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
  1172. data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +269 -272
  1173. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
  1174. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +3 -3
  1175. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
  1176. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +3 -42
  1177. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
  1178. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
  1179. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
  1180. data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
  1181. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +196 -0
  1182. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +35 -86
  1183. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +326 -281
  1184. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +15 -26
  1185. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +20 -75
  1186. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  1187. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +3 -2
  1188. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
  1189. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
  1190. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
  1191. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
  1192. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
  1193. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
  1194. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
  1195. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
  1196. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  1197. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +156 -0
  1198. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  1199. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  1200. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
  1201. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +68 -45
  1202. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
  1203. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +49 -65
  1204. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  1205. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  1206. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
  1207. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
  1208. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
  1209. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  1210. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
  1211. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  1212. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
  1213. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  1214. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  1215. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  1216. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +31 -3
  1217. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  1218. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  1219. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
  1220. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
  1221. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
  1222. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  1223. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +28 -12
  1224. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
  1225. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +15 -4
  1226. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
  1227. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
  1228. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
  1229. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +35 -2
  1230. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
  1231. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
  1232. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  1233. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  1234. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +9 -0
  1235. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  1236. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
  1237. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
  1238. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
  1239. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
  1240. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
  1241. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  1242. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +56 -72
  1243. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +56 -73
  1244. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  1245. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  1246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  1247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  1248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
  1249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  1250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  1251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +30 -9
  1252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +123 -44
  1253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +30 -20
  1254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +50 -33
  1255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +65 -41
  1256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  1257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
  1258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +93 -107
  1259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +91 -113
  1260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +50 -86
  1261. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +400 -325
  1262. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
  1263. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
  1264. data/third_party/boringssl-with-bazel/src/crypto/internal.h +125 -0
  1265. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
  1266. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
  1267. data/third_party/boringssl-with-bazel/src/crypto/mem.c +28 -9
  1268. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +10 -6
  1269. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
  1270. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
  1271. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
  1272. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
  1273. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
  1274. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
  1275. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
  1276. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +156 -15
  1277. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
  1278. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +11 -8
  1279. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  1280. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  1281. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
  1282. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
  1283. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
  1284. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
  1285. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
  1286. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
  1287. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
  1288. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
  1289. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  1290. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  1291. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
  1292. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
  1293. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
  1294. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
  1295. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +345 -13
  1296. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
  1297. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +20 -5
  1298. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -5
  1299. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  1300. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
  1301. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +7 -2
  1302. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +24 -47
  1303. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
  1304. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +12 -9
  1305. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
  1306. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
  1307. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
  1308. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
  1309. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
  1310. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +26 -23
  1311. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +25 -69
  1312. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +54 -74
  1313. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +61 -23
  1314. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
  1315. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
  1316. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -19
  1317. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -16
  1318. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
  1319. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +15 -13
  1320. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
  1321. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +23 -21
  1322. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  1323. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
  1324. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
  1325. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
  1326. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  1327. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +50 -14
  1328. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +5 -2
  1329. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +23 -0
  1330. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
  1331. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
  1332. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
  1333. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
  1334. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
  1335. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +27 -8
  1336. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +28 -18
  1337. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +6 -3
  1338. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +26 -25
  1339. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +10 -12
  1340. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
  1341. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +7 -1
  1342. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  1343. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  1344. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +27 -36
  1345. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
  1346. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
  1347. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -13
  1348. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +2 -2
  1349. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
  1350. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +86 -44
  1351. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
  1352. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +69 -4
  1353. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +1026 -615
  1354. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -176
  1355. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +63 -13
  1356. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
  1357. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  1358. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
  1359. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +32 -7
  1360. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  1361. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +23 -6
  1362. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
  1363. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  1364. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
  1365. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  1366. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +10 -2
  1367. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
  1368. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
  1369. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  1370. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +38 -51
  1371. data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
  1372. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
  1373. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +350 -0
  1374. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
  1375. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
  1376. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
  1377. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +26 -6
  1378. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
  1379. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +33 -8
  1380. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
  1381. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
  1382. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +104 -63
  1383. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +39 -16
  1384. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +406 -108
  1385. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +48 -36
  1386. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1425 -377
  1387. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -679
  1388. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +188 -49
  1389. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +16 -18
  1390. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
  1391. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1084 -0
  1392. data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +847 -622
  1393. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
  1394. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +92 -44
  1395. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +314 -217
  1396. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +177 -35
  1397. data/third_party/boringssl-with-bazel/src/ssl/internal.h +491 -152
  1398. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
  1399. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -2
  1400. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
  1401. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
  1402. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
  1403. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
  1404. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -31
  1405. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +60 -112
  1406. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
  1407. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +136 -104
  1408. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
  1409. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +12 -17
  1410. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
  1411. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
  1412. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  1413. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +79 -34
  1414. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +235 -178
  1415. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +160 -91
  1416. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +269 -118
  1417. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  1418. data/third_party/re2/re2/compile.cc +91 -109
  1419. data/third_party/re2/re2/dfa.cc +27 -39
  1420. data/third_party/re2/re2/filtered_re2.cc +18 -2
  1421. data/third_party/re2/re2/filtered_re2.h +10 -5
  1422. data/third_party/re2/re2/nfa.cc +1 -1
  1423. data/third_party/re2/re2/parse.cc +42 -23
  1424. data/third_party/re2/re2/perl_groups.cc +34 -34
  1425. data/third_party/re2/re2/prefilter.cc +3 -2
  1426. data/third_party/re2/re2/prog.cc +182 -4
  1427. data/third_party/re2/re2/prog.h +28 -9
  1428. data/third_party/re2/re2/re2.cc +87 -118
  1429. data/third_party/re2/re2/re2.h +156 -141
  1430. data/third_party/re2/re2/regexp.cc +12 -5
  1431. data/third_party/re2/re2/regexp.h +8 -2
  1432. data/third_party/re2/re2/set.cc +31 -9
  1433. data/third_party/re2/re2/set.h +9 -4
  1434. data/third_party/re2/re2/simplify.cc +11 -3
  1435. data/third_party/re2/re2/tostring.cc +1 -1
  1436. data/third_party/re2/re2/walker-inl.h +1 -1
  1437. data/third_party/re2/util/mutex.h +2 -2
  1438. data/third_party/re2/util/pcre.h +3 -3
  1439. data/third_party/upb/upb/decode.c +354 -204
  1440. data/third_party/upb/upb/decode.h +50 -3
  1441. data/third_party/upb/upb/decode_fast.c +1053 -0
  1442. data/third_party/upb/upb/decode_fast.h +153 -0
  1443. data/third_party/upb/upb/decode_internal.h +193 -0
  1444. data/third_party/upb/upb/def.c +609 -610
  1445. data/third_party/upb/upb/def.h +57 -50
  1446. data/third_party/upb/upb/def.hpp +66 -123
  1447. data/third_party/upb/upb/encode.c +267 -176
  1448. data/third_party/upb/upb/encode.h +56 -4
  1449. data/third_party/upb/upb/msg.c +304 -84
  1450. data/third_party/upb/upb/msg.h +76 -441
  1451. data/third_party/upb/upb/msg_internal.h +687 -0
  1452. data/third_party/upb/upb/port_def.inc +156 -82
  1453. data/third_party/upb/upb/port_undef.inc +41 -8
  1454. data/third_party/upb/upb/reflection.c +64 -55
  1455. data/third_party/upb/upb/reflection.h +36 -8
  1456. data/third_party/upb/upb/reflection.hpp +37 -0
  1457. data/third_party/upb/upb/table.c +238 -276
  1458. data/third_party/upb/upb/{table.int.h → table_internal.h} +66 -181
  1459. data/third_party/upb/upb/text_encode.c +77 -26
  1460. data/third_party/upb/upb/text_encode.h +30 -1
  1461. data/third_party/upb/upb/upb.c +75 -47
  1462. data/third_party/upb/upb/upb.h +72 -13
  1463. data/third_party/upb/upb/upb.hpp +28 -4
  1464. data/third_party/upb/upb/upb_internal.h +58 -0
  1465. data/third_party/xxhash/xxhash.h +5325 -0
  1466. metadata +287 -137
  1467. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -909
  1468. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
  1469. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
  1470. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
  1471. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
  1472. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
  1473. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
  1474. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -210
  1475. data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
  1476. data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
  1477. data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
  1478. data/src/core/ext/transport/chttp2/client/authority.h +0 -36
  1479. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -242
  1480. data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
  1481. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
  1482. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
  1483. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +0 -28
  1484. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
  1485. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  1486. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
  1487. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  1488. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
  1489. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
  1490. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
  1491. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  1492. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
  1493. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  1494. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
  1495. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
  1496. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -117
  1497. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
  1498. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
  1499. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
  1500. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
  1501. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
  1502. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
  1503. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
  1504. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
  1505. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
  1506. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
  1507. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
  1508. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
  1509. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -265
  1510. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -104
  1511. data/src/core/lib/gpr/arena.h +0 -47
  1512. data/src/core/lib/gpr/tls_gcc.h +0 -52
  1513. data/src/core/lib/gpr/tls_msvc.h +0 -54
  1514. data/src/core/lib/gpr/tls_pthread.h +0 -56
  1515. data/src/core/lib/gpr/tls_stdcpp.h +0 -48
  1516. data/src/core/lib/gprpp/atomic.h +0 -104
  1517. data/src/core/lib/gprpp/map.h +0 -53
  1518. data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
  1519. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  1520. data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
  1521. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
  1522. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  1523. data/src/core/lib/iomgr/pollset_uv.cc +0 -93
  1524. data/src/core/lib/iomgr/pollset_uv.h +0 -32
  1525. data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
  1526. data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
  1527. data/src/core/lib/iomgr/tcp_uv.cc +0 -419
  1528. data/src/core/lib/iomgr/timer_uv.cc +0 -66
  1529. data/src/core/lib/iomgr/udp_server.cc +0 -748
  1530. data/src/core/lib/iomgr/udp_server.h +0 -104
  1531. data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
  1532. data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
  1533. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
  1534. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
  1535. data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
  1536. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
  1537. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
  1538. data/src/core/lib/transport/authority_override.cc +0 -38
  1539. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
  1540. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
  1541. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
  1542. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +0 -104
  1543. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -237
  1544. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
  1545. data/third_party/upb/upb/port.c +0 -26
@@ -267,7 +267,7 @@ OPENSSL_EXPORT int SSL_is_dtls(const SSL *ssl);
267
267
  // |SSL_set0_rbio| and |SSL_set0_wbio| instead.
268
268
  OPENSSL_EXPORT void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
269
269
 
270
- // SSL_set0_rbio configures |ssl| to write to |rbio|. It takes ownership of
270
+ // SSL_set0_rbio configures |ssl| to read from |rbio|. It takes ownership of
271
271
  // |rbio|.
272
272
  //
273
273
  // Note that, although this function and |SSL_set0_wbio| may be called on the
@@ -508,12 +508,10 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
508
508
  // TODO(davidben): Remove this. It's used by accept BIOs which are bizarre.
509
509
  #define SSL_ERROR_WANT_ACCEPT 8
510
510
 
511
- // SSL_ERROR_WANT_CHANNEL_ID_LOOKUP indicates the operation failed looking up
512
- // the Channel ID key. The caller may retry the operation when |channel_id_cb|
513
- // is ready to return a key or one has been configured with
514
- // |SSL_set1_tls_channel_id|.
511
+ // SSL_ERROR_WANT_CHANNEL_ID_LOOKUP is never used.
515
512
  //
516
- // See also |SSL_CTX_set_channel_id_cb|.
513
+ // TODO(davidben): Remove this. Some callers reference it when stringifying
514
+ // errors. They should use |SSL_error_description| instead.
517
515
  #define SSL_ERROR_WANT_CHANNEL_ID_LOOKUP 9
518
516
 
519
517
  // SSL_ERROR_PENDING_SESSION indicates the operation failed because the session
@@ -567,6 +565,11 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
567
565
  // See also |ssl_renegotiate_explicit|.
568
566
  #define SSL_ERROR_WANT_RENEGOTIATE 19
569
567
 
568
+ // SSL_ERROR_HANDSHAKE_HINTS_READY indicates the handshake has progressed enough
569
+ // for |SSL_serialize_handshake_hints| to be called. See also
570
+ // |SSL_request_handshake_hints|.
571
+ #define SSL_ERROR_HANDSHAKE_HINTS_READY 20
572
+
570
573
  // SSL_error_description returns a string representation of |err|, where |err|
571
574
  // is one of the |SSL_ERROR_*| constants returned by |SSL_get_error|, or NULL
572
575
  // if the value is unrecognized.
@@ -1216,6 +1219,11 @@ enum ssl_private_key_result_t BORINGSSL_ENUM_INT {
1216
1219
  // key hooks. This is used to off-load signing operations to a custom,
1217
1220
  // potentially asynchronous, backend. Metadata about the key such as the type
1218
1221
  // and size are parsed out of the certificate.
1222
+ //
1223
+ // Callers that use this structure should additionally call
1224
+ // |SSL_set_signing_algorithm_prefs| or |SSL_CTX_set_signing_algorithm_prefs|
1225
+ // with the private key's capabilities. This ensures BoringSSL will select a
1226
+ // suitable signature algorithm for the private key.
1219
1227
  struct ssl_private_key_method_st {
1220
1228
  // sign signs the message |in| in using the specified signature algorithm. On
1221
1229
  // success, it returns |ssl_private_key_success| and writes at most |max_out|
@@ -1276,6 +1284,15 @@ OPENSSL_EXPORT void SSL_set_private_key_method(
1276
1284
  OPENSSL_EXPORT void SSL_CTX_set_private_key_method(
1277
1285
  SSL_CTX *ctx, const SSL_PRIVATE_KEY_METHOD *key_method);
1278
1286
 
1287
+ // SSL_can_release_private_key returns one if |ssl| will no longer call into the
1288
+ // private key and zero otherwise. If the function returns one, the caller can
1289
+ // release state associated with the private key.
1290
+ //
1291
+ // NOTE: This function assumes the caller does not use |SSL_clear| to reuse
1292
+ // |ssl| for a second connection. If |SSL_clear| is used, BoringSSL may still
1293
+ // use the private key on the second connection.
1294
+ OPENSSL_EXPORT int SSL_can_release_private_key(const SSL *ssl);
1295
+
1279
1296
 
1280
1297
  // Cipher suites.
1281
1298
  //
@@ -1632,6 +1649,11 @@ OPENSSL_EXPORT int SSL_export_keying_material(
1632
1649
  // abbreviated handshake. It is reference-counted and immutable. Once
1633
1650
  // established, an |SSL_SESSION| may be shared by multiple |SSL| objects on
1634
1651
  // different threads and must not be modified.
1652
+ //
1653
+ // Note the TLS notion of "session" is not suitable for application-level
1654
+ // session state. It is an optional caching mechanism for the handshake. Not all
1655
+ // connections within an application-level session will reuse TLS sessions. TLS
1656
+ // sessions may be dropped by the client or ignored by the server at any time.
1635
1657
 
1636
1658
  DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1637
1659
 
@@ -1686,6 +1708,19 @@ OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session,
1686
1708
 
1687
1709
  // SSL_SESSION_get_id returns a pointer to a buffer containing |session|'s
1688
1710
  // session ID and sets |*out_len| to its length.
1711
+ //
1712
+ // This function should only be used for implementing a TLS session cache. TLS
1713
+ // sessions are not suitable for application-level session state, and a session
1714
+ // ID is an implementation detail of the TLS resumption handshake mechanism. Not
1715
+ // all resumption flows use session IDs, and not all connections within an
1716
+ // application-level session will reuse TLS sessions.
1717
+ //
1718
+ // To determine if resumption occurred, use |SSL_session_reused| instead.
1719
+ // Comparing session IDs will not give the right result in all cases.
1720
+ //
1721
+ // As a workaround for some broken applications, BoringSSL sometimes synthesizes
1722
+ // arbitrary session IDs for non-ID-based sessions. This behavior may be
1723
+ // removed in the future.
1689
1724
  OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
1690
1725
  unsigned *out_len);
1691
1726
 
@@ -1738,9 +1773,9 @@ OPENSSL_EXPORT void SSL_SESSION_get0_ocsp_response(const SSL_SESSION *session,
1738
1773
  // SSL_MAX_MASTER_KEY_LENGTH is the maximum length of a master secret.
1739
1774
  #define SSL_MAX_MASTER_KEY_LENGTH 48
1740
1775
 
1741
- // SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master
1742
- // secret to |out| and returns the number of bytes written. If |max_out| is
1743
- // zero, it returns the size of the master secret.
1776
+ // SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s secret
1777
+ // to |out| and returns the number of bytes written. If |max_out| is zero, it
1778
+ // returns the size of the secret.
1744
1779
  OPENSSL_EXPORT size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
1745
1780
  uint8_t *out, size_t max_out);
1746
1781
 
@@ -1779,8 +1814,10 @@ OPENSSL_EXPORT int SSL_SESSION_set1_id_context(SSL_SESSION *session,
1779
1814
  // used without leaking a correlator.
1780
1815
  OPENSSL_EXPORT int SSL_SESSION_should_be_single_use(const SSL_SESSION *session);
1781
1816
 
1782
- // SSL_SESSION_is_resumable returns one if |session| is resumable and zero
1783
- // otherwise.
1817
+ // SSL_SESSION_is_resumable returns one if |session| is complete and contains a
1818
+ // session ID or ticket. It returns zero otherwise. Note this function does not
1819
+ // ensure |session| will be resumed. It may be expired, dropped by the server,
1820
+ // or associated with incompatible parameters.
1784
1821
  OPENSSL_EXPORT int SSL_SESSION_is_resumable(const SSL_SESSION *session);
1785
1822
 
1786
1823
  // SSL_SESSION_has_ticket returns one if |session| has a ticket and zero
@@ -2723,8 +2760,9 @@ OPENSSL_EXPORT SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
2723
2760
 
2724
2761
  // SSL_CTX_set_alpn_protos sets the client ALPN protocol list on |ctx| to
2725
2762
  // |protos|. |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
2726
- // length-prefixed strings). It returns zero on success and one on failure.
2727
- // Configuring this list enables ALPN on a client.
2763
+ // length-prefixed strings), or the empty string to disable ALPN. It returns
2764
+ // zero on success and one on failure. Configuring a non-empty string enables
2765
+ // ALPN on a client.
2728
2766
  //
2729
2767
  // WARNING: this function is dangerous because it breaks the usual return value
2730
2768
  // convention.
@@ -2733,8 +2771,9 @@ OPENSSL_EXPORT int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const uint8_t *protos,
2733
2771
 
2734
2772
  // SSL_set_alpn_protos sets the client ALPN protocol list on |ssl| to |protos|.
2735
2773
  // |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
2736
- // length-prefixed strings). It returns zero on success and one on failure.
2737
- // Configuring this list enables ALPN on a client.
2774
+ // length-prefixed strings), or the empty string to disable ALPN. It returns
2775
+ // zero on success and one on failure. Configuring a non-empty string enables
2776
+ // ALPN on a client.
2738
2777
  //
2739
2778
  // WARNING: this function is dangerous because it breaks the usual return value
2740
2779
  // convention.
@@ -2743,18 +2782,34 @@ OPENSSL_EXPORT int SSL_set_alpn_protos(SSL *ssl, const uint8_t *protos,
2743
2782
 
2744
2783
  // SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is called
2745
2784
  // during ClientHello processing in order to select an ALPN protocol from the
2746
- // client's list of offered protocols. Configuring this callback enables ALPN on
2747
- // a server.
2785
+ // client's list of offered protocols.
2748
2786
  //
2749
2787
  // The callback is passed a wire-format (i.e. a series of non-empty, 8-bit
2750
- // length-prefixed strings) ALPN protocol list in |in|. It should set |*out| and
2751
- // |*out_len| to the selected protocol and return |SSL_TLSEXT_ERR_OK| on
2752
- // success. It does not pass ownership of the buffer. Otherwise, it should
2753
- // return |SSL_TLSEXT_ERR_NOACK|. Other |SSL_TLSEXT_ERR_*| values are
2754
- // unimplemented and will be treated as |SSL_TLSEXT_ERR_NOACK|.
2788
+ // length-prefixed strings) ALPN protocol list in |in|. To select a protocol,
2789
+ // the callback should set |*out| and |*out_len| to the selected protocol and
2790
+ // return |SSL_TLSEXT_ERR_OK| on success. It does not pass ownership of the
2791
+ // buffer, so |*out| should point to a static string, a buffer that outlives the
2792
+ // callback call, or the corresponding entry in |in|.
2793
+ //
2794
+ // If the server supports ALPN, but there are no protocols in common, the
2795
+ // callback should return |SSL_TLSEXT_ERR_ALERT_FATAL| to abort the connection
2796
+ // with a no_application_protocol alert.
2797
+ //
2798
+ // If the server does not support ALPN, it can return |SSL_TLSEXT_ERR_NOACK| to
2799
+ // continue the handshake without negotiating a protocol. This may be useful if
2800
+ // multiple server configurations share an |SSL_CTX|, only some of which have
2801
+ // ALPN protocols configured.
2802
+ //
2803
+ // |SSL_TLSEXT_ERR_ALERT_WARNING| is ignored and will be treated as
2804
+ // |SSL_TLSEXT_ERR_NOACK|.
2805
+ //
2806
+ // The callback will only be called if the client supports ALPN. Callers that
2807
+ // wish to require ALPN for all clients must check |SSL_get0_alpn_selected|
2808
+ // after the handshake. In QUIC connections, this is done automatically.
2755
2809
  //
2756
2810
  // The cipher suite is selected before negotiating ALPN. The callback may use
2757
- // |SSL_get_pending_cipher| to query the cipher suite.
2811
+ // |SSL_get_pending_cipher| to query the cipher suite. This may be used to
2812
+ // implement HTTP/2's cipher suite constraints.
2758
2813
  OPENSSL_EXPORT void SSL_CTX_set_alpn_select_cb(
2759
2814
  SSL_CTX *ctx, int (*cb)(SSL *ssl, const uint8_t **out, uint8_t *out_len,
2760
2815
  const uint8_t *in, unsigned in_len, void *arg),
@@ -2823,13 +2878,11 @@ OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl);
2823
2878
 
2824
2879
  // Certificate compression.
2825
2880
  //
2826
- // Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both
2827
- // a client and a server, but does not link against any specific compression
2828
- // libraries in order to keep dependencies to a minimum. Instead, hooks for
2829
- // compression and decompression can be installed in an |SSL_CTX| to enable
2830
- // support.
2831
- //
2832
- // [1] https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03.
2881
+ // Certificates in TLS 1.3 can be compressed (RFC 8879). BoringSSL supports this
2882
+ // as both a client and a server, but does not link against any specific
2883
+ // compression libraries in order to keep dependencies to a minimum. Instead,
2884
+ // hooks for compression and decompression can be installed in an |SSL_CTX| to
2885
+ // enable support.
2833
2886
 
2834
2887
  // ssl_cert_compression_func_t is a pointer to a function that performs
2835
2888
  // compression. It must write the compressed representation of |in| to |out|,
@@ -2942,15 +2995,16 @@ OPENSSL_EXPORT int SSL_select_next_proto(uint8_t **out, uint8_t *out_len,
2942
2995
 
2943
2996
  // Channel ID.
2944
2997
  //
2945
- // See draft-balfanz-tls-channelid-01.
2998
+ // See draft-balfanz-tls-channelid-01. This is an old, experimental mechanism
2999
+ // and should not be used in new code.
2946
3000
 
2947
3001
  // SSL_CTX_set_tls_channel_id_enabled configures whether connections associated
2948
- // with |ctx| should enable Channel ID.
3002
+ // with |ctx| should enable Channel ID as a server.
2949
3003
  OPENSSL_EXPORT void SSL_CTX_set_tls_channel_id_enabled(SSL_CTX *ctx,
2950
3004
  int enabled);
2951
3005
 
2952
3006
  // SSL_set_tls_channel_id_enabled configures whether |ssl| should enable Channel
2953
- // ID.
3007
+ // ID as a server.
2954
3008
  OPENSSL_EXPORT void SSL_set_tls_channel_id_enabled(SSL *ssl, int enabled);
2955
3009
 
2956
3010
  // SSL_CTX_set1_tls_channel_id configures a TLS client to send a TLS Channel ID
@@ -2964,55 +3018,15 @@ OPENSSL_EXPORT int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx,
2964
3018
  // success and zero on error.
2965
3019
  OPENSSL_EXPORT int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key);
2966
3020
 
2967
- // SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL*|
3021
+ // SSL_get_tls_channel_id gets the client's TLS Channel ID from a server |SSL|
2968
3022
  // and copies up to the first |max_out| bytes into |out|. The Channel ID
2969
3023
  // consists of the client's P-256 public key as an (x,y) pair where each is a
2970
3024
  // 32-byte, big-endian field element. It returns 0 if the client didn't offer a
2971
- // Channel ID and the length of the complete Channel ID otherwise.
3025
+ // Channel ID and the length of the complete Channel ID otherwise. This function
3026
+ // always returns zero if |ssl| is a client.
2972
3027
  OPENSSL_EXPORT size_t SSL_get_tls_channel_id(SSL *ssl, uint8_t *out,
2973
3028
  size_t max_out);
2974
3029
 
2975
- // SSL_CTX_set_channel_id_cb sets a callback to be called when a TLS Channel ID
2976
- // is requested. The callback may set |*out_pkey| to a key, passing a reference
2977
- // to the caller. If none is returned, the handshake will pause and
2978
- // |SSL_get_error| will return |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|.
2979
- //
2980
- // See also |SSL_ERROR_WANT_CHANNEL_ID_LOOKUP|.
2981
- OPENSSL_EXPORT void SSL_CTX_set_channel_id_cb(
2982
- SSL_CTX *ctx, void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey));
2983
-
2984
- // SSL_CTX_get_channel_id_cb returns the callback set by
2985
- // |SSL_CTX_set_channel_id_cb|.
2986
- OPENSSL_EXPORT void (*SSL_CTX_get_channel_id_cb(SSL_CTX *ctx))(
2987
- SSL *ssl, EVP_PKEY **out_pkey);
2988
-
2989
-
2990
- // Token Binding.
2991
- //
2992
- // See draft-ietf-tokbind-protocol-16.
2993
-
2994
- // SSL_set_token_binding_params sets |params| as the Token Binding Key
2995
- // parameters (section 3 of draft-ietf-tokbind-protocol-16) to negotiate on the
2996
- // connection. If this function is not called, or if |len| is 0, then this
2997
- // endpoint will not attempt to negotiate Token Binding. |params| are provided
2998
- // in preference order, with the more preferred parameters at the beginning of
2999
- // the list. This function returns 1 on success and 0 on failure.
3000
- OPENSSL_EXPORT int SSL_set_token_binding_params(SSL *ssl, const uint8_t *params,
3001
- size_t len);
3002
-
3003
- // SSL_is_token_binding_negotiated returns 1 if Token Binding was negotiated
3004
- // on this connection and 0 otherwise. On a server, it is possible for this
3005
- // function to return 1 when the client's view of the connection is that Token
3006
- // Binding was not negotiated. This occurs when the server indicates a version
3007
- // of Token Binding less than the client's minimum version.
3008
- OPENSSL_EXPORT int SSL_is_token_binding_negotiated(const SSL *ssl);
3009
-
3010
- // SSL_get_negotiated_token_binding_param returns the TokenBindingKeyParameters
3011
- // enum value that was negotiated. It is only valid to call this function if
3012
- // SSL_is_token_binding_negotiated returned 1, otherwise this function returns
3013
- // an undefined value.
3014
- OPENSSL_EXPORT uint8_t SSL_get_negotiated_token_binding_param(const SSL *ssl);
3015
-
3016
3030
 
3017
3031
  // DTLS-SRTP.
3018
3032
  //
@@ -3049,8 +3063,8 @@ OPENSSL_EXPORT int SSL_CTX_set_srtp_profiles(SSL_CTX *ctx,
3049
3063
  OPENSSL_EXPORT int SSL_set_srtp_profiles(SSL *ssl, const char *profiles);
3050
3064
 
3051
3065
  // SSL_get_srtp_profiles returns the SRTP profiles supported by |ssl|.
3052
- OPENSSL_EXPORT STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
3053
- SSL *ssl);
3066
+ OPENSSL_EXPORT const STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(
3067
+ const SSL *ssl);
3054
3068
 
3055
3069
  // SSL_get_selected_srtp_profile returns the selected SRTP profile, or NULL if
3056
3070
  // SRTP was not negotiated.
@@ -3181,7 +3195,7 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
3181
3195
  //
3182
3196
  // QUIC acts as an underlying transport for the TLS 1.3 handshake. The following
3183
3197
  // functions allow a QUIC implementation to serve as the underlying transport as
3184
- // described in draft-ietf-quic-tls.
3198
+ // described in RFC 9001.
3185
3199
  //
3186
3200
  // When configured for QUIC, |SSL_do_handshake| will drive the handshake as
3187
3201
  // before, but it will not use the configured |BIO|. It will call functions on
@@ -3201,8 +3215,7 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
3201
3215
  // confirm the handshake. As a client, |SSL_ERROR_EARLY_DATA_REJECTED| and
3202
3216
  // |SSL_reset_early_data_reject| behave as usual.
3203
3217
  //
3204
- // See https://tools.ietf.org/html/draft-ietf-quic-tls-15#section-4.1 for more
3205
- // details.
3218
+ // See https://www.rfc-editor.org/rfc/rfc9001.html#section-4.1 for more details.
3206
3219
  //
3207
3220
  // To avoid DoS attacks, the QUIC implementation must limit the amount of data
3208
3221
  // being queued up. The implementation can call
@@ -3213,7 +3226,8 @@ OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
3213
3226
  // |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be
3214
3227
  // used to query the value received from the peer. BoringSSL handles this
3215
3228
  // extension as an opaque byte string. The caller is responsible for serializing
3216
- // and parsing them. See draft-ietf-quic-transport (section 7.3) for details.
3229
+ // and parsing them. See https://www.rfc-editor.org/rfc/rfc9000#section-7.4 for
3230
+ // details.
3217
3231
  //
3218
3232
  // QUIC additionally imposes restrictions on 0-RTT. In particular, the QUIC
3219
3233
  // transport layer requires that if a server accepts 0-RTT data, then the
@@ -3325,7 +3339,7 @@ struct ssl_quic_method_st {
3325
3339
  // that may be received at the given encryption level. This function should be
3326
3340
  // used to limit buffering in the QUIC implementation.
3327
3341
  //
3328
- // See https://tools.ietf.org/html/draft-ietf-quic-transport-16#section-4.4.
3342
+ // See https://www.rfc-editor.org/rfc/rfc9000#section-7.5
3329
3343
  OPENSSL_EXPORT size_t SSL_quic_max_handshake_flight_len(
3330
3344
  const SSL *ssl, enum ssl_encryption_level_t level);
3331
3345
 
@@ -3386,6 +3400,12 @@ OPENSSL_EXPORT int SSL_set_quic_transport_params(SSL *ssl,
3386
3400
  OPENSSL_EXPORT void SSL_get_peer_quic_transport_params(
3387
3401
  const SSL *ssl, const uint8_t **out_params, size_t *out_params_len);
3388
3402
 
3403
+ // SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
3404
+ // extension codepoint 0xffa5 as opposed to the official value 57. Call with
3405
+ // |use_legacy| set to 1 to use 0xffa5 and call with 0 to use 57. By default,
3406
+ // the standard code point is used.
3407
+ OPENSSL_EXPORT void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
3408
+
3389
3409
  // SSL_set_quic_early_data_context configures a context string in QUIC servers
3390
3410
  // for accepting early data. If a resumption connection offers early data, the
3391
3411
  // server will check if the value matches that of the connection which minted
@@ -3532,8 +3552,7 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
3532
3552
  ssl_early_data_alpn_mismatch = 9,
3533
3553
  // The connection negotiated Channel ID, which is incompatible with 0-RTT.
3534
3554
  ssl_early_data_channel_id = 10,
3535
- // The connection negotiated token binding, which is incompatible with 0-RTT.
3536
- ssl_early_data_token_binding = 11,
3555
+ // Value 11 is reserved. (It has historically |ssl_early_data_token_binding|.)
3537
3556
  // The client and server ticket age were too far apart.
3538
3557
  ssl_early_data_ticket_age_skew = 12,
3539
3558
  // QUIC parameters differ between this connection and the original.
@@ -3555,6 +3574,184 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
3555
3574
  enum ssl_early_data_reason_t reason);
3556
3575
 
3557
3576
 
3577
+ // Encrypted ClientHello.
3578
+ //
3579
+ // ECH is a mechanism for encrypting the entire ClientHello message in TLS 1.3.
3580
+ // This can prevent observers from seeing cleartext information about the
3581
+ // connection, such as the server_name extension.
3582
+ //
3583
+ // By default, BoringSSL will treat the server name, session ticket, and client
3584
+ // certificate as secret, but most other parameters, such as the ALPN protocol
3585
+ // list will be treated as public and sent in the cleartext ClientHello. Other
3586
+ // APIs may be added for applications with different secrecy requirements.
3587
+ //
3588
+ // ECH support in BoringSSL is still experimental and under development.
3589
+ //
3590
+ // See https://tools.ietf.org/html/draft-ietf-tls-esni-13.
3591
+
3592
+ // SSL_set_enable_ech_grease configures whether the client will send a GREASE
3593
+ // ECH extension when no supported ECHConfig is available.
3594
+ OPENSSL_EXPORT void SSL_set_enable_ech_grease(SSL *ssl, int enable);
3595
+
3596
+ // SSL_set1_ech_config_list configures |ssl| to, as a client, offer ECH with the
3597
+ // specified configuration. |ech_config_list| should contain a serialized
3598
+ // ECHConfigList structure. It returns one on success and zero on error.
3599
+ //
3600
+ // This function returns an error if the input is malformed. If the input is
3601
+ // valid but none of the ECHConfigs implement supported parameters, it will
3602
+ // return success and proceed without ECH.
3603
+ //
3604
+ // If a supported ECHConfig is found, |ssl| will encrypt the true ClientHello
3605
+ // parameters. If the server cannot decrypt it, e.g. due to a key mismatch, ECH
3606
+ // has a recovery flow. |ssl| will handshake using the cleartext parameters,
3607
+ // including a public name in the ECHConfig. If using
3608
+ // |SSL_CTX_set_custom_verify|, callers should use |SSL_get0_ech_name_override|
3609
+ // to verify the certificate with the public name. If using the built-in
3610
+ // verifier, the |X509_STORE_CTX| will be configured automatically.
3611
+ //
3612
+ // If no other errors are found in this handshake, it will fail with
3613
+ // |SSL_R_ECH_REJECTED|. Since it didn't use the true parameters, the connection
3614
+ // cannot be used for application data. Instead, callers should handle this
3615
+ // error by calling |SSL_get0_ech_retry_configs| and retrying the connection
3616
+ // with updated ECH parameters. If the retry also fails with
3617
+ // |SSL_R_ECH_REJECTED|, the caller should report a connection failure.
3618
+ OPENSSL_EXPORT int SSL_set1_ech_config_list(SSL *ssl,
3619
+ const uint8_t *ech_config_list,
3620
+ size_t ech_config_list_len);
3621
+
3622
+ // SSL_get0_ech_name_override, if |ssl| is a client and the server rejected ECH,
3623
+ // sets |*out_name| and |*out_name_len| to point to a buffer containing the ECH
3624
+ // public name. Otherwise, the buffer will be empty.
3625
+ //
3626
+ // When offering ECH as a client, this function should be called during the
3627
+ // certificate verification callback (see |SSL_CTX_set_custom_verify|). If
3628
+ // |*out_name_len| is non-zero, the caller should verify the certificate against
3629
+ // the result, interpreted as a DNS name, rather than the true server name. In
3630
+ // this case, the handshake will never succeed and is only used to authenticate
3631
+ // retry configs. See also |SSL_get0_ech_retry_configs|.
3632
+ OPENSSL_EXPORT void SSL_get0_ech_name_override(const SSL *ssl,
3633
+ const char **out_name,
3634
+ size_t *out_name_len);
3635
+
3636
+ // SSL_get0_ech_retry_configs sets |*out_retry_configs| and
3637
+ // |*out_retry_configs_len| to a buffer containing a serialized ECHConfigList.
3638
+ // If the server did not provide an ECHConfigList, |*out_retry_configs_len| will
3639
+ // be zero.
3640
+ //
3641
+ // When handling an |SSL_R_ECH_REJECTED| error code as a client, callers should
3642
+ // use this function to recover from potential key mismatches. If the result is
3643
+ // non-empty, the caller should retry the connection, passing this buffer to
3644
+ // |SSL_set1_ech_config_list|. If the result is empty, the server has rolled
3645
+ // back ECH support, and the caller should retry without ECH.
3646
+ //
3647
+ // This function must only be called in response to an |SSL_R_ECH_REJECTED|
3648
+ // error code. Calling this function on |ssl|s that have not authenticated the
3649
+ // rejection handshake will assert in debug builds and otherwise return an
3650
+ // unparsable list.
3651
+ OPENSSL_EXPORT void SSL_get0_ech_retry_configs(
3652
+ const SSL *ssl, const uint8_t **out_retry_configs,
3653
+ size_t *out_retry_configs_len);
3654
+
3655
+ // SSL_marshal_ech_config constructs a new serialized ECHConfig. On success, it
3656
+ // sets |*out| to a newly-allocated buffer containing the result and |*out_len|
3657
+ // to the size of the buffer. The caller must call |OPENSSL_free| on |*out| to
3658
+ // release the memory. On failure, it returns zero.
3659
+ //
3660
+ // The |config_id| field is a single byte identifer for the ECHConfig. Reusing
3661
+ // config IDs is allowed, but if multiple ECHConfigs with the same config ID are
3662
+ // active at a time, server load may increase. See
3663
+ // |SSL_ECH_KEYS_has_duplicate_config_id|.
3664
+ //
3665
+ // The public key and KEM algorithm are taken from |key|. |public_name| is the
3666
+ // DNS name used to authenticate the recovery flow. |max_name_len| should be the
3667
+ // length of the longest name in the ECHConfig's anonymity set and influences
3668
+ // client padding decisions.
3669
+ OPENSSL_EXPORT int SSL_marshal_ech_config(uint8_t **out, size_t *out_len,
3670
+ uint8_t config_id,
3671
+ const EVP_HPKE_KEY *key,
3672
+ const char *public_name,
3673
+ size_t max_name_len);
3674
+
3675
+ // SSL_ECH_KEYS_new returns a newly-allocated |SSL_ECH_KEYS| or NULL on error.
3676
+ OPENSSL_EXPORT SSL_ECH_KEYS *SSL_ECH_KEYS_new(void);
3677
+
3678
+ // SSL_ECH_KEYS_up_ref increments the reference count of |keys|.
3679
+ OPENSSL_EXPORT void SSL_ECH_KEYS_up_ref(SSL_ECH_KEYS *keys);
3680
+
3681
+ // SSL_ECH_KEYS_free releases memory associated with |keys|.
3682
+ OPENSSL_EXPORT void SSL_ECH_KEYS_free(SSL_ECH_KEYS *keys);
3683
+
3684
+ // SSL_ECH_KEYS_add decodes |ech_config| as an ECHConfig and appends it with
3685
+ // |key| to |keys|. If |is_retry_config| is non-zero, this config will be
3686
+ // returned to the client on configuration mismatch. It returns one on success
3687
+ // and zero on error.
3688
+ //
3689
+ // This function should be called successively to register each ECHConfig in
3690
+ // decreasing order of preference. This configuration must be completed before
3691
+ // setting |keys| on an |SSL_CTX| with |SSL_CTX_set1_ech_keys|. After that
3692
+ // point, |keys| is immutable; no more ECHConfig values may be added.
3693
+ //
3694
+ // See also |SSL_CTX_set1_ech_keys|.
3695
+ OPENSSL_EXPORT int SSL_ECH_KEYS_add(SSL_ECH_KEYS *keys, int is_retry_config,
3696
+ const uint8_t *ech_config,
3697
+ size_t ech_config_len,
3698
+ const EVP_HPKE_KEY *key);
3699
+
3700
+ // SSL_ECH_KEYS_has_duplicate_config_id returns one if |keys| has duplicate
3701
+ // config IDs or zero otherwise. Duplicate config IDs still work, but may
3702
+ // increase server load due to trial decryption.
3703
+ OPENSSL_EXPORT int SSL_ECH_KEYS_has_duplicate_config_id(
3704
+ const SSL_ECH_KEYS *keys);
3705
+
3706
+ // SSL_ECH_KEYS_marshal_retry_configs serializes the retry configs in |keys| as
3707
+ // an ECHConfigList. On success, it sets |*out| to a newly-allocated buffer
3708
+ // containing the result and |*out_len| to the size of the buffer. The caller
3709
+ // must call |OPENSSL_free| on |*out| to release the memory. On failure, it
3710
+ // returns zero.
3711
+ //
3712
+ // This output may be advertised to clients in DNS.
3713
+ OPENSSL_EXPORT int SSL_ECH_KEYS_marshal_retry_configs(const SSL_ECH_KEYS *keys,
3714
+ uint8_t **out,
3715
+ size_t *out_len);
3716
+
3717
+ // SSL_CTX_set1_ech_keys configures |ctx| to use |keys| to decrypt encrypted
3718
+ // ClientHellos. It returns one on success, and zero on failure. If |keys| does
3719
+ // not contain any retry configs, this function will fail. Retry configs are
3720
+ // marked as such when they are added to |keys| with |SSL_ECH_KEYS_add|.
3721
+ //
3722
+ // Once |keys| has been passed to this function, it is immutable. Unlike most
3723
+ // |SSL_CTX| configuration functions, this function may be called even if |ctx|
3724
+ // already has associated connections on multiple threads. This may be used to
3725
+ // rotate keys in a long-lived server process.
3726
+ //
3727
+ // The configured ECHConfig values should also be advertised out-of-band via DNS
3728
+ // (see draft-ietf-dnsop-svcb-https). Before advertising an ECHConfig in DNS,
3729
+ // deployments should ensure all instances of the service are configured with
3730
+ // the ECHConfig and corresponding private key.
3731
+ //
3732
+ // Only the most recent fully-deployed ECHConfigs should be advertised in DNS.
3733
+ // |keys| may contain a newer set if those ECHConfigs are mid-deployment. It
3734
+ // should also contain older sets, until the DNS change has rolled out and the
3735
+ // old records have expired from caches.
3736
+ //
3737
+ // If there is a mismatch, |SSL| objects associated with |ctx| will complete the
3738
+ // handshake using the cleartext ClientHello and send updated ECHConfig values
3739
+ // to the client. The client will then retry to recover, but with a latency
3740
+ // penalty. This recovery flow depends on the public name in the ECHConfig.
3741
+ // Before advertising an ECHConfig in DNS, deployments must ensure all instances
3742
+ // of the service can present a valid certificate for the public name.
3743
+ //
3744
+ // BoringSSL negotiates ECH before certificate selection callbacks are called,
3745
+ // including |SSL_CTX_set_select_certificate_cb|. If ECH is negotiated, the
3746
+ // reported |SSL_CLIENT_HELLO| structure and |SSL_get_servername| function will
3747
+ // transparently reflect the inner ClientHello. Callers should select parameters
3748
+ // based on these values to correctly handle ECH as well as the recovery flow.
3749
+ OPENSSL_EXPORT int SSL_CTX_set1_ech_keys(SSL_CTX *ctx, SSL_ECH_KEYS *keys);
3750
+
3751
+ // SSL_ech_accepted returns one if |ssl| negotiated ECH and zero otherwise.
3752
+ OPENSSL_EXPORT int SSL_ech_accepted(const SSL *ssl);
3753
+
3754
+
3558
3755
  // Alerts.
3559
3756
  //
3560
3757
  // TLS uses alerts to signal error conditions. Alerts have a type (warning or
@@ -3608,6 +3805,7 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
3608
3805
  #define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY
3609
3806
  #define SSL_AD_CERTIFICATE_REQUIRED TLS1_AD_CERTIFICATE_REQUIRED
3610
3807
  #define SSL_AD_NO_APPLICATION_PROTOCOL TLS1_AD_NO_APPLICATION_PROTOCOL
3808
+ #define SSL_AD_ECH_REQUIRED TLS1_AD_ECH_REQUIRED
3611
3809
 
3612
3810
  // SSL_alert_type_string_long returns a string description of |value| as an
3613
3811
  // alert type (warning or fatal).
@@ -3690,6 +3888,101 @@ OPENSSL_EXPORT uint64_t SSL_get_read_sequence(const SSL *ssl);
3690
3888
  OPENSSL_EXPORT uint64_t SSL_get_write_sequence(const SSL *ssl);
3691
3889
 
3692
3890
 
3891
+ // Handshake hints.
3892
+ //
3893
+ // *** EXPERIMENTAL — DO NOT USE WITHOUT CHECKING ***
3894
+ //
3895
+ // Some server deployments make asynchronous RPC calls in both ClientHello
3896
+ // dispatch and private key operations. In TLS handshakes where the private key
3897
+ // operation occurs in the first round-trip, this results in two consecutive RPC
3898
+ // round-trips. Handshake hints allow the RPC service to predicte a signature.
3899
+ // If correctly predicted, this can skip the second RPC call.
3900
+ //
3901
+ // First, the server installs a certificate selection callback (see
3902
+ // |SSL_CTX_set_select_certificate_cb|). When that is called, it performs the
3903
+ // RPC as before, but includes the ClientHello and a capabilities string from
3904
+ // |SSL_serialize_capabilities|.
3905
+ //
3906
+ // Next, the RPC service creates its own |SSL| object, applies the results of
3907
+ // certificate selection, calls |SSL_request_handshake_hints|, and runs the
3908
+ // handshake. If this successfully computes handshake hints (see
3909
+ // |SSL_serialize_handshake_hints|), the RPC server should send the hints
3910
+ // alongside any certificate selection results.
3911
+ //
3912
+ // Finally, the server calls |SSL_set_handshake_hints| and applies any
3913
+ // configuration from the RPC server. It then completes the handshake as before.
3914
+ // If the hints apply, BoringSSL will use the predicted signature and skip the
3915
+ // private key callbacks. Otherwise, BoringSSL will call private key callbacks
3916
+ // to generate a signature as before.
3917
+ //
3918
+ // Callers should synchronize configuration across the two services.
3919
+ // Configuration mismatches and some cases of version skew are not fatal, but
3920
+ // may result in the hints not applying. Additionally, some handshake flows use
3921
+ // the private key in later round-trips, such as TLS 1.3 HelloRetryRequest. In
3922
+ // those cases, BoringSSL will not predict a signature as there is no benefit.
3923
+ // Callers must allow for handshakes to complete without a predicted signature.
3924
+ //
3925
+ // For now, only TLS 1.3 is hinted. TLS 1.2 will work, but the hints will be
3926
+ // empty.
3927
+
3928
+ // SSL_serialize_capabilities writes an opaque byte string to |out| describing
3929
+ // some of |ssl|'s capabilities. It returns one on success and zero on error.
3930
+ //
3931
+ // This string is used by BoringSSL internally to reduce the impact of version
3932
+ // skew.
3933
+ OPENSSL_EXPORT int SSL_serialize_capabilities(const SSL *ssl, CBB *out);
3934
+
3935
+ // SSL_request_handshake_hints configures |ssl| to generate a handshake hint for
3936
+ // |client_hello|. It returns one on success and zero on error. |client_hello|
3937
+ // should contain a serialized ClientHello structure, from the |client_hello|
3938
+ // and |client_hello_len| fields of the |SSL_CLIENT_HELLO| structure.
3939
+ // |capabilities| should contain the output of |SSL_serialize_capabilities|.
3940
+ //
3941
+ // When configured, |ssl| will perform no I/O (so there is no need to configure
3942
+ // |BIO|s). For QUIC, the caller should still configure an |SSL_QUIC_METHOD|,
3943
+ // but the callbacks themselves will never be called and may be left NULL or
3944
+ // report failure. |SSL_provide_quic_data| also should not be called.
3945
+ //
3946
+ // If hint generation is successful, |SSL_do_handshake| will stop the handshake
3947
+ // early with |SSL_get_error| returning |SSL_ERROR_HANDSHAKE_HINTS_READY|. At
3948
+ // this point, the caller should run |SSL_serialize_handshake_hints| to extract
3949
+ // the resulting hints.
3950
+ //
3951
+ // Hint generation may fail if, e.g., |ssl| was unable to process the
3952
+ // ClientHello. Callers should then complete the certificate selection RPC and
3953
+ // continue the original handshake with no hint. It will likely fail, but this
3954
+ // reports the correct alert to the client and is more robust in case of
3955
+ // mismatch.
3956
+ OPENSSL_EXPORT int SSL_request_handshake_hints(SSL *ssl,
3957
+ const uint8_t *client_hello,
3958
+ size_t client_hello_len,
3959
+ const uint8_t *capabilities,
3960
+ size_t capabilities_len);
3961
+
3962
+ // SSL_serialize_handshake_hints writes an opaque byte string to |out|
3963
+ // containing the handshake hints computed by |out|. It returns one on success
3964
+ // and zero on error. This function should only be called if
3965
+ // |SSL_request_handshake_hints| was configured and the handshake terminated
3966
+ // with |SSL_ERROR_HANDSHAKE_HINTS_READY|.
3967
+ //
3968
+ // This string may be passed to |SSL_set_handshake_hints| on another |SSL| to
3969
+ // avoid an extra signature call.
3970
+ OPENSSL_EXPORT int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out);
3971
+
3972
+ // SSL_set_handshake_hints configures |ssl| to use |hints| as handshake hints.
3973
+ // It returns one on success and zero on error. The handshake will then continue
3974
+ // as before, but apply predicted values from |hints| where applicable.
3975
+ //
3976
+ // Hints may contain connection and session secrets, so they must not leak and
3977
+ // must come from a source trusted to terminate the connection. However, they
3978
+ // will not change |ssl|'s configuration. The caller is responsible for
3979
+ // serializing and applying options from the RPC server as needed. This ensures
3980
+ // |ssl|'s behavior is self-consistent and consistent with the caller's local
3981
+ // decisions.
3982
+ OPENSSL_EXPORT int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints,
3983
+ size_t hints_len);
3984
+
3985
+
3693
3986
  // Obscure functions.
3694
3987
 
3695
3988
  // SSL_CTX_set_msg_callback installs |cb| as the message callback for |ctx|.
@@ -3865,7 +4158,7 @@ OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
3865
4158
  // callbacks that are called very early on during the server handshake. At this
3866
4159
  // point, much of the SSL* hasn't been filled out and only the ClientHello can
3867
4160
  // be depended on.
3868
- typedef struct ssl_early_callback_ctx {
4161
+ struct ssl_early_callback_ctx {
3869
4162
  SSL *ssl;
3870
4163
  const uint8_t *client_hello;
3871
4164
  size_t client_hello_len;
@@ -3880,7 +4173,7 @@ typedef struct ssl_early_callback_ctx {
3880
4173
  size_t compression_methods_len;
3881
4174
  const uint8_t *extensions;
3882
4175
  size_t extensions_len;
3883
- } SSL_CLIENT_HELLO;
4176
+ } /* SSL_CLIENT_HELLO */;
3884
4177
 
3885
4178
  // ssl_select_cert_result_t enumerates the possible results from selecting a
3886
4179
  // certificate with |select_certificate_cb|.
@@ -4074,9 +4367,17 @@ OPENSSL_EXPORT void SSL_CTX_set_retain_only_sha256_of_client_certs(SSL_CTX *ctx,
4074
4367
  int enable);
4075
4368
 
4076
4369
  // SSL_CTX_set_grease_enabled configures whether sockets on |ctx| should enable
4077
- // GREASE. See draft-davidben-tls-grease-01.
4370
+ // GREASE. See RFC 8701.
4078
4371
  OPENSSL_EXPORT void SSL_CTX_set_grease_enabled(SSL_CTX *ctx, int enabled);
4079
4372
 
4373
+ // SSL_CTX_set_permute_extensions configures whether sockets on |ctx| should
4374
+ // permute extensions. For now, this is only implemented for the ClientHello.
4375
+ OPENSSL_EXPORT void SSL_CTX_set_permute_extensions(SSL_CTX *ctx, int enabled);
4376
+
4377
+ // SSL_set_permute_extensions configures whether sockets on |ssl| should
4378
+ // permute extensions. For now, this is only implemented for the ClientHello.
4379
+ OPENSSL_EXPORT void SSL_set_permute_extensions(SSL *ssl, int enabled);
4380
+
4080
4381
  // SSL_max_seal_overhead returns the maximum overhead, in bytes, of sealing a
4081
4382
  // record with |ssl|.
4082
4383
  OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
@@ -4087,19 +4388,6 @@ OPENSSL_EXPORT size_t SSL_max_seal_overhead(const SSL *ssl);
4087
4388
  OPENSSL_EXPORT void SSL_CTX_set_false_start_allowed_without_alpn(SSL_CTX *ctx,
4088
4389
  int allowed);
4089
4390
 
4090
- // SSL_CTX_set_ignore_tls13_downgrade configures whether connections on |ctx|
4091
- // ignore the downgrade signal in the server's random value.
4092
- OPENSSL_EXPORT void SSL_CTX_set_ignore_tls13_downgrade(SSL_CTX *ctx,
4093
- int ignore);
4094
-
4095
- // SSL_set_ignore_tls13_downgrade configures whether |ssl| ignores the downgrade
4096
- // signal in the server's random value.
4097
- OPENSSL_EXPORT void SSL_set_ignore_tls13_downgrade(SSL *ssl, int ignore);
4098
-
4099
- // SSL_is_tls13_downgrade returns one if the TLS 1.3 anti-downgrade
4100
- // mechanism would have aborted |ssl|'s handshake and zero otherwise.
4101
- OPENSSL_EXPORT int SSL_is_tls13_downgrade(const SSL *ssl);
4102
-
4103
4391
  // SSL_used_hello_retry_request returns one if the TLS 1.3 HelloRetryRequest
4104
4392
  // message has been either sent by the server or received by the client. It
4105
4393
  // returns zero otherwise.
@@ -4624,12 +4912,6 @@ OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
4624
4912
  OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
4625
4913
  const char *dir);
4626
4914
 
4627
- // SSL_set_verify_result calls |abort| unless |result| is |X509_V_OK|.
4628
- //
4629
- // TODO(davidben): Remove this function once it has been removed from
4630
- // netty-tcnative.
4631
- OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
4632
-
4633
4915
  // SSL_CTX_enable_tls_channel_id calls |SSL_CTX_set_tls_channel_id_enabled|.
4634
4916
  OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx);
4635
4917
 
@@ -4938,6 +5220,8 @@ BSSL_NAMESPACE_BEGIN
4938
5220
  BORINGSSL_MAKE_DELETER(SSL, SSL_free)
4939
5221
  BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
4940
5222
  BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref)
5223
+ BORINGSSL_MAKE_DELETER(SSL_ECH_KEYS, SSL_ECH_KEYS_free)
5224
+ BORINGSSL_MAKE_UP_REF(SSL_ECH_KEYS, SSL_ECH_KEYS_up_ref)
4941
5225
  BORINGSSL_MAKE_DELETER(SSL_SESSION, SSL_SESSION_free)
4942
5226
  BORINGSSL_MAKE_UP_REF(SSL_SESSION, SSL_SESSION_up_ref)
4943
5227
 
@@ -5054,6 +5338,7 @@ OPENSSL_EXPORT bool SSL_get_traffic_secrets(
5054
5338
  const SSL *ssl, Span<const uint8_t> *out_read_traffic_secret,
5055
5339
  Span<const uint8_t> *out_write_traffic_secret);
5056
5340
 
5341
+
5057
5342
  BSSL_NAMESPACE_END
5058
5343
 
5059
5344
  } // extern C++
@@ -5268,9 +5553,21 @@ BSSL_NAMESPACE_END
5268
5553
  #define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304
5269
5554
  #define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
5270
5555
  #define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306
5271
- #define SSL_R_MISSING_ALPN 307
5556
+ #define SSL_R_NO_APPLICATION_PROTOCOL 307
5272
5557
  #define SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN 308
5273
5558
  #define SSL_R_ALPS_MISMATCH_ON_EARLY_DATA 309
5559
+ #define SSL_R_ECH_SERVER_CONFIG_AND_PRIVATE_KEY_MISMATCH 310
5560
+ #define SSL_R_ECH_SERVER_CONFIG_UNSUPPORTED_EXTENSION 311
5561
+ #define SSL_R_UNSUPPORTED_ECH_SERVER_CONFIG 312
5562
+ #define SSL_R_ECH_SERVER_WOULD_HAVE_NO_RETRY_CONFIGS 313
5563
+ #define SSL_R_INVALID_CLIENT_HELLO_INNER 314
5564
+ #define SSL_R_INVALID_ALPN_PROTOCOL_LIST 315
5565
+ #define SSL_R_COULD_NOT_PARSE_HINTS 316
5566
+ #define SSL_R_INVALID_ECH_PUBLIC_NAME 317
5567
+ #define SSL_R_INVALID_ECH_CONFIG_LIST 318
5568
+ #define SSL_R_ECH_REJECTED 319
5569
+ #define SSL_R_OUTER_EXTENSION_NOT_FOUND 320
5570
+ #define SSL_R_INCONSISTENT_ECH_NEGOTIATION 321
5274
5571
  #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
5275
5572
  #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
5276
5573
  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -5304,5 +5601,6 @@ BSSL_NAMESPACE_END
5304
5601
  #define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
5305
5602
  #define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116
5306
5603
  #define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
5604
+ #define SSL_R_TLSV1_ALERT_ECH_REQUIRED 1121
5307
5605
 
5308
5606
  #endif // OPENSSL_HEADER_SSL_H