grpc 1.34.0 → 1.42.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +978 -2868
- data/etc/roots.pem +592 -899
- data/include/grpc/byte_buffer.h +1 -1
- data/include/grpc/byte_buffer_reader.h +1 -1
- data/include/grpc/compression.h +1 -1
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/endpoint_config.h +43 -0
- data/include/grpc/event_engine/event_engine.h +375 -0
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +98 -0
- data/include/grpc/event_engine/memory_allocator.h +210 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/fork.h +1 -1
- data/include/grpc/grpc.h +49 -4
- data/include/grpc/grpc_posix.h +5 -2
- data/include/grpc/grpc_security.h +127 -14
- data/include/grpc/grpc_security_constants.h +16 -0
- data/include/grpc/impl/codegen/atm.h +5 -3
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
- data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
- data/include/grpc/impl/codegen/atm_windows.h +6 -0
- data/include/grpc/impl/codegen/byte_buffer.h +3 -1
- data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
- data/include/grpc/impl/codegen/compression_types.h +2 -0
- data/include/grpc/impl/codegen/connectivity_state.h +2 -0
- data/include/grpc/impl/codegen/fork.h +2 -0
- data/include/grpc/impl/codegen/gpr_slice.h +2 -0
- data/include/grpc/impl/codegen/gpr_types.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +49 -25
- data/include/grpc/impl/codegen/log.h +2 -2
- data/include/grpc/impl/codegen/port_platform.h +81 -22
- data/include/grpc/impl/codegen/propagation_bits.h +2 -0
- data/include/grpc/impl/codegen/slice.h +2 -0
- data/include/grpc/impl/codegen/status.h +2 -0
- data/include/grpc/impl/codegen/sync.h +8 -5
- data/include/grpc/impl/codegen/sync_abseil.h +2 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +3 -0
- data/include/grpc/impl/codegen/sync_posix.h +4 -2
- data/include/grpc/impl/codegen/sync_windows.h +6 -0
- data/include/grpc/module.modulemap +14 -14
- data/include/grpc/slice.h +1 -1
- data/include/grpc/slice_buffer.h +3 -3
- data/include/grpc/status.h +1 -1
- data/include/grpc/support/atm.h +1 -1
- data/include/grpc/support/atm_gcc_atomic.h +1 -1
- data/include/grpc/support/atm_gcc_sync.h +1 -1
- data/include/grpc/support/atm_windows.h +1 -1
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/port_platform.h +1 -1
- data/include/grpc/support/sync.h +4 -4
- data/include/grpc/support/sync_abseil.h +1 -1
- data/include/grpc/support/sync_custom.h +1 -1
- data/include/grpc/support/sync_generic.h +1 -1
- data/include/grpc/support/sync_posix.h +1 -1
- data/include/grpc/support/sync_windows.h +1 -1
- data/include/grpc/support/time.h +9 -9
- data/src/core/ext/filters/census/grpc_context.cc +1 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +20 -24
- data/src/core/ext/filters/client_channel/backup_poller.cc +5 -4
- data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +158 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +2009 -3145
- data/src/core/ext/filters/client_channel/client_channel.h +559 -60
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +2 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +18 -19
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -14
- data/src/core/ext/filters/client_channel/config_selector.cc +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +33 -9
- data/src/core/ext/filters/client_channel/connector.h +19 -19
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +190 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.h +99 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -11
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +53 -50
- data/src/core/ext/filters/client_channel/health/health_check_client.h +35 -33
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +37 -34
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
- data/src/core/ext/filters/client_channel/http_proxy.cc +36 -20
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +12 -21
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +246 -166
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +4 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +5 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +37 -30
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +53 -55
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +757 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +37 -0
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2502 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +16 -18
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +24 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +385 -135
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +0 -8
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +29 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +57 -71
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +43 -64
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +1362 -0
- data/src/core/ext/filters/client_channel/lb_policy.cc +6 -17
- data/src/core/ext/filters/client_channel/lb_policy.h +93 -93
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -11
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +139 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +76 -88
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -33
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +10 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +26 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +473 -74
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +27 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +45 -35
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +43 -46
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +384 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +22 -35
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +466 -254
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +4 -15
- data/src/core/ext/filters/client_channel/resolver_factory.h +8 -6
- data/src/core/ext/filters/client_channel/resolver_registry.cc +43 -44
- data/src/core/ext/filters/client_channel/resolver_registry.h +2 -2
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +42 -252
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +25 -54
- data/src/core/ext/filters/client_channel/retry_filter.cc +2573 -0
- data/src/core/ext/filters/{workarounds/workaround_cronet_compression_filter.h → client_channel/retry_filter.h} +9 -6
- data/src/core/ext/filters/client_channel/retry_service_config.cc +316 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +20 -49
- data/src/core/ext/filters/client_channel/retry_throttle.h +3 -1
- data/src/core/ext/filters/client_channel/server_address.cc +10 -1
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +54 -40
- data/src/core/ext/filters/client_channel/subchannel.cc +179 -329
- data/src/core/ext/filters/client_channel/subchannel.h +101 -158
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +38 -9
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +21 -10
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +47 -223
- data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
- data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +33 -34
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +503 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +181 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +77 -69
- data/src/core/ext/filters/http/client_authority_filter.cc +19 -19
- data/src/core/ext/filters/http/http_filters_plugin.cc +53 -68
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +42 -35
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +29 -30
- data/src/core/ext/filters/http/server/http_server_filter.cc +104 -95
- data/src/core/ext/filters/max_age/max_age_filter.cc +71 -68
- data/src/core/ext/filters/message_size/message_size_filter.cc +43 -41
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -2
- data/src/core/ext/{filters/client_channel → service_config}/service_config.cc +17 -16
- data/src/core/ext/{filters/client_channel → service_config}/service_config.h +11 -10
- data/src/core/ext/{filters/client_channel → service_config}/service_config_call_data.h +23 -19
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.cc +9 -9
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.h +15 -10
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +37 -23
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +9 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +42 -35
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +32 -16
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +51 -62
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +664 -236
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -5
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +25 -11
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +61 -22
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +264 -223
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +16 -2
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +5 -6
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +59 -40
- data/src/core/ext/transport/chttp2/transport/flow_control.h +23 -17
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +28 -24
- data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +21 -20
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +8 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -15
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +49 -17
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +9 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +22 -19
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +311 -665
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +240 -70
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +865 -1172
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +100 -81
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +146 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +137 -0
- data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
- data/src/core/{lib/transport/authority_override.h → ext/transport/chttp2/transport/hpack_utils.h} +8 -12
- data/src/core/ext/transport/chttp2/transport/internal.h +40 -33
- data/src/core/ext/transport/chttp2/transport/parsing.cc +156 -286
- data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
- data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
- data/src/core/ext/transport/chttp2/transport/writing.cc +69 -54
- data/src/core/ext/transport/inproc/inproc_transport.cc +204 -160
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1591 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -49
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +245 -56
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +371 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1554 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +66 -21
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +178 -142
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +795 -314
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +21 -7
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +25 -24
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +70 -23
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +29 -29
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +138 -47
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +23 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +147 -75
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +522 -96
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +27 -27
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +116 -49
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +42 -14
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +63 -63
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +228 -63
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +57 -56
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +244 -98
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +25 -11
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +125 -57
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +533 -89
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +17 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +15 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +56 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +96 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -17
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +81 -40
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +56 -22
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +223 -34
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +137 -72
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +19 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +48 -38
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +276 -103
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +51 -45
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +203 -62
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +177 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +10 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +55 -22
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +536 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +153 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +550 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +51 -44
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +165 -43
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +35 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +148 -40
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +339 -279
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +1466 -543
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +48 -10
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -7
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +32 -6
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +298 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +303 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +123 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +151 -112
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +693 -244
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -2
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +52 -32
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +231 -59
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +15 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +51 -28
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +45 -44
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +178 -74
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +58 -51
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +221 -135
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -5
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -5
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -10
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +46 -19
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -4
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +121 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +468 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +205 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +44 -14
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +96 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +15 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +10 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +51 -12
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +31 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +41 -4
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +96 -11
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +77 -14
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +2 -1
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +30 -5
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +41 -4
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +15 -2
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +2 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +62 -62
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +227 -84
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +86 -69
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +256 -72
- data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
- data/src/core/ext/upb-generated/google/api/http.upb.h +47 -10
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +154 -154
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +645 -320
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +44 -7
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +15 -2
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +119 -10
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +18 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +19 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +63 -63
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +220 -87
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +36 -9
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +28 -3
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +146 -35
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +55 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +154 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +41 -4
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -6
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +15 -2
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +2 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +17 -4
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +15 -2
- data/src/core/ext/upb-generated/validate/validate.upb.c +243 -227
- data/src/core/ext/upb-generated/validate/validate.upb.h +626 -253
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +182 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +66 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +155 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +90 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +100 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +178 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +91 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +130 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +83 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -170
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +424 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +120 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +467 -429
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +12 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +156 -109
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +25 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +89 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +156 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +240 -168
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +20 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +37 -20
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +90 -63
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +137 -122
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +136 -120
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +31 -26
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +152 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +75 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -51
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +748 -681
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +123 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +79 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +435 -379
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +121 -91
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +182 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +163 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +8 -7
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +100 -100
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +8 -8
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +19 -23
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +4 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +5 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -157
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +75 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +68 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
- data/src/core/ext/xds/certificate_provider_store.cc +10 -7
- data/src/core/ext/xds/certificate_provider_store.h +15 -10
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +28 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +3 -6
- data/src/core/ext/xds/xds_api.cc +2654 -808
- data/src/core/ext/xds/xds_api.h +460 -154
- data/src/core/ext/xds/xds_bootstrap.cc +139 -188
- data/src/core/ext/xds/xds_bootstrap.h +34 -18
- data/src/core/ext/xds/xds_certificate_provider.cc +237 -72
- data/src/core/ext/xds/xds_certificate_provider.h +104 -27
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +113 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.h +52 -0
- data/src/core/ext/xds/xds_client.cc +985 -429
- data/src/core/ext/xds/xds_client.h +100 -51
- data/src/core/ext/xds/xds_client_stats.cc +18 -16
- data/src/core/ext/xds/xds_client_stats.h +12 -11
- data/src/core/ext/xds/xds_http_fault_filter.cc +227 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +64 -0
- data/src/core/ext/xds/xds_http_filters.cc +116 -0
- data/src/core/ext/xds/xds_http_filters.h +133 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +544 -0
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +72 -68
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +20 -16
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +131 -15
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +37 -7
- data/src/core/lib/avl/avl.cc +5 -5
- data/src/core/lib/backoff/backoff.cc +1 -1
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_args.cc +34 -15
- data/src/core/lib/channel/channel_args.h +9 -0
- data/src/core/lib/channel/channel_stack.cc +27 -12
- data/src/core/lib/channel/channel_stack.h +18 -10
- data/src/core/lib/channel/channel_stack_builder.cc +6 -16
- data/src/core/lib/channel/channel_stack_builder.h +1 -9
- data/src/core/lib/channel/channel_trace.cc +5 -4
- data/src/core/lib/channel/channel_trace.h +3 -2
- data/src/core/lib/channel/channelz.cc +162 -63
- data/src/core/lib/channel/channelz.h +62 -31
- data/src/core/lib/channel/channelz_registry.cc +22 -7
- data/src/core/lib/channel/channelz_registry.h +1 -2
- data/src/core/lib/channel/connected_channel.cc +6 -7
- data/src/core/lib/channel/connected_channel.h +1 -2
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/handshaker.cc +13 -53
- data/src/core/lib/channel/handshaker.h +7 -25
- data/src/core/lib/channel/handshaker_factory.h +10 -2
- data/src/core/lib/channel/handshaker_registry.cc +15 -70
- data/src/core/lib/channel/handshaker_registry.h +29 -12
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +11 -2
- data/src/core/lib/compression/algorithm_metadata.h +1 -0
- data/src/core/lib/compression/compression.cc +2 -2
- data/src/core/lib/compression/compression_args.cc +11 -7
- data/src/core/lib/compression/compression_internal.cc +4 -6
- data/src/core/lib/compression/compression_internal.h +1 -1
- data/src/core/lib/compression/message_compress.cc +2 -2
- data/src/core/lib/compression/stream_compression.cc +2 -1
- data/src/core/lib/compression/stream_compression.h +3 -2
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/config/core_configuration.cc +96 -0
- data/src/core/lib/config/core_configuration.h +146 -0
- data/src/core/lib/debug/stats.cc +1 -1
- data/src/core/lib/debug/stats.h +4 -3
- data/src/core/lib/debug/stats_data.cc +15 -14
- data/src/core/lib/debug/stats_data.h +14 -13
- data/src/core/lib/debug/trace.cc +1 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/event_engine/endpoint_config.cc +45 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +40 -0
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/alloc.cc +7 -5
- data/src/core/lib/gpr/atm.cc +1 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env_linux.cc +1 -2
- data/src/core/lib/gpr/env_posix.cc +2 -3
- data/src/core/lib/gpr/log.cc +61 -19
- data/src/core/lib/gpr/log_android.cc +3 -2
- data/src/core/lib/gpr/log_linux.cc +10 -5
- data/src/core/lib/gpr/log_posix.cc +9 -4
- data/src/core/lib/gpr/log_windows.cc +3 -1
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/spinlock.h +10 -2
- data/src/core/lib/gpr/string.cc +24 -23
- data/src/core/lib/gpr/string.h +7 -8
- data/src/core/lib/gpr/sync.cc +6 -6
- data/src/core/lib/gpr/sync_abseil.cc +10 -12
- data/src/core/lib/gpr/sync_posix.cc +3 -3
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gpr/time.cc +15 -14
- data/src/core/lib/gpr/time_windows.cc +3 -2
- data/src/core/lib/gpr/tls.h +119 -40
- data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
- data/src/core/lib/gpr/useful.h +79 -32
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/arena.cc +2 -1
- data/src/core/lib/gprpp/arena.h +18 -7
- data/src/core/lib/gprpp/atomic_utils.h +47 -0
- data/src/core/lib/gprpp/bitset.h +188 -0
- data/src/core/lib/gprpp/chunked_vector.h +211 -0
- data/src/core/lib/gprpp/construct_destruct.h +39 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +28 -29
- data/src/core/lib/gprpp/fork.cc +14 -12
- data/src/core/lib/gprpp/fork.h +4 -4
- data/src/core/lib/gprpp/global_config.h +1 -2
- data/src/core/lib/gprpp/global_config_env.cc +7 -7
- data/src/core/lib/gprpp/global_config_generic.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +9 -6
- data/src/core/lib/gprpp/match.h +73 -0
- data/src/core/lib/gprpp/memory.h +9 -3
- data/src/core/lib/gprpp/mpscq.cc +9 -9
- data/src/core/lib/gprpp/mpscq.h +6 -5
- data/src/core/lib/gprpp/orphanable.h +6 -6
- data/src/core/lib/gprpp/overload.h +59 -0
- data/src/core/lib/gprpp/ref_counted.h +48 -34
- data/src/core/lib/gprpp/ref_counted_ptr.h +11 -1
- data/src/core/lib/gprpp/status_helper.cc +427 -0
- data/src/core/lib/gprpp/status_helper.h +194 -0
- data/src/core/lib/gprpp/sync.h +106 -43
- data/src/core/lib/gprpp/table.h +411 -0
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/thd_posix.cc +11 -6
- data/src/core/lib/gprpp/thd_windows.cc +7 -12
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/format_request.cc +1 -0
- data/src/core/lib/http/format_request.h +1 -0
- data/src/core/lib/http/httpcli.cc +203 -185
- data/src/core/lib/http/httpcli.h +5 -3
- data/src/core/lib/http/httpcli_security_connector.cc +19 -18
- data/src/core/lib/http/parser.cc +19 -20
- data/src/core/lib/http/parser.h +5 -4
- data/src/core/lib/iomgr/buffer_list.cc +10 -11
- data/src/core/lib/iomgr/buffer_list.h +6 -8
- data/src/core/lib/iomgr/call_combiner.cc +46 -21
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +6 -6
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +25 -36
- data/src/core/lib/iomgr/combiner.h +3 -2
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +1 -5
- data/src/core/lib/iomgr/endpoint.h +3 -5
- data/src/core/lib/iomgr/endpoint_cfstream.cc +27 -39
- data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
- data/src/core/lib/iomgr/endpoint_pair.h +1 -0
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +32 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
- data/src/core/lib/iomgr/error.cc +277 -105
- data/src/core/lib/iomgr/error.h +280 -114
- data/src/core/lib/iomgr/error_cfstream.cc +10 -4
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +7 -2
- data/src/core/lib/iomgr/ev_apple.cc +16 -13
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +53 -53
- data/src/core/lib/iomgr/ev_epollex_linux.cc +81 -81
- data/src/core/lib/iomgr/ev_poll_posix.cc +70 -68
- data/src/core/lib/iomgr/ev_posix.cc +13 -13
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/event_engine/closure.cc +77 -0
- data/src/core/lib/iomgr/event_engine/closure.h +42 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +173 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +52 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +104 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +42 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +88 -0
- data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +114 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +293 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +62 -0
- data/src/core/lib/iomgr/exec_ctx.cc +14 -11
- data/src/core/lib/iomgr/exec_ctx.h +21 -28
- data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
- data/src/core/lib/iomgr/executor/mpmcqueue.h +7 -11
- data/src/core/lib/iomgr/executor/threadpool.cc +4 -5
- data/src/core/lib/iomgr/executor/threadpool.h +5 -4
- data/src/core/lib/iomgr/executor.cc +19 -33
- data/src/core/lib/iomgr/executor.h +3 -3
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr.cc +6 -4
- data/src/core/lib/iomgr/iomgr.h +3 -3
- data/src/core/lib/iomgr/iomgr_custom.cc +3 -3
- data/src/core/lib/iomgr/iomgr_custom.h +2 -2
- data/src/core/lib/iomgr/iomgr_internal.cc +8 -12
- data/src/core/lib/iomgr/iomgr_internal.h +6 -5
- data/src/core/lib/iomgr/iomgr_posix.cc +3 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -13
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -3
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
- data/src/core/lib/iomgr/load_file.cc +6 -6
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +38 -15
- data/src/core/lib/iomgr/lockfree_event.h +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +2 -2
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +10 -11
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_set_custom.cc +2 -3
- data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +7 -10
- data/src/core/lib/iomgr/python_util.h +4 -3
- data/src/core/lib/iomgr/resolve_address.cc +14 -9
- data/src/core/lib/iomgr/resolve_address.h +12 -10
- data/src/core/lib/iomgr/resolve_address_custom.cc +14 -13
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -4
- data/src/core/lib/iomgr/resolve_address_posix.cc +10 -14
- data/src/core/lib/iomgr/resolve_address_windows.cc +10 -12
- data/src/core/lib/iomgr/resource_quota.cc +152 -62
- data/src/core/lib/iomgr/resource_quota.h +66 -17
- data/src/core/lib/iomgr/sockaddr.h +2 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +8 -7
- data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +20 -6
- data/src/core/lib/iomgr/socket_mutator.h +27 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +29 -27
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +22 -22
- data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client.cc +5 -3
- data/src/core/lib/iomgr/tcp_client.h +4 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +18 -26
- data/src/core/lib/iomgr/tcp_client_custom.cc +19 -27
- data/src/core/lib/iomgr/tcp_client_posix.cc +56 -47
- data/src/core/lib/iomgr/tcp_client_posix.h +8 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +23 -14
- data/src/core/lib/iomgr/tcp_custom.cc +46 -55
- data/src/core/lib/iomgr/tcp_custom.h +15 -13
- data/src/core/lib/iomgr/tcp_posix.cc +119 -145
- data/src/core/lib/iomgr/tcp_posix.h +19 -12
- data/src/core/lib/iomgr/tcp_server.cc +9 -7
- data/src/core/lib/iomgr/tcp_server.h +18 -14
- data/src/core/lib/iomgr/tcp_server_custom.cc +63 -73
- data/src/core/lib/iomgr/tcp_server_posix.cc +49 -35
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +16 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +22 -20
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +11 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +40 -36
- data/src/core/lib/iomgr/tcp_windows.cc +21 -40
- data/src/core/lib/iomgr/tcp_windows.h +4 -3
- data/src/core/lib/iomgr/timer.cc +1 -0
- data/src/core/lib/iomgr/timer.h +7 -3
- data/src/core/lib/iomgr/timer_custom.cc +7 -6
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +32 -62
- data/src/core/lib/iomgr/timer_generic.h +1 -0
- data/src/core/lib/iomgr/timer_heap.cc +2 -3
- data/src/core/lib/iomgr/timer_manager.cc +4 -4
- data/src/core/lib/iomgr/unix_sockets_posix.cc +21 -24
- data/src/core/lib/iomgr/unix_sockets_posix.h +4 -5
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +2 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +6 -7
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.cc +4 -4
- data/src/core/lib/iomgr/work_serializer.h +18 -2
- data/src/core/lib/json/json.h +11 -1
- data/src/core/lib/json/json_reader.cc +14 -23
- data/src/core/lib/json/json_util.cc +68 -0
- data/src/core/lib/json/json_util.h +65 -115
- data/src/core/lib/json/json_writer.cc +0 -3
- data/src/core/lib/matchers/matchers.cc +327 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/profiling/basic_timers.cc +8 -6
- data/src/core/lib/profiling/stap_timers.cc +2 -2
- data/src/core/lib/security/authorization/authorization_engine.h +13 -53
- data/src/core/lib/security/authorization/authorization_policy_provider.h +33 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +126 -66
- data/src/core/lib/security/authorization/evaluate_args.h +47 -15
- data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +171 -0
- data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
- data/src/core/lib/security/context/security_context.cc +15 -11
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +9 -8
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.cc +16 -14
- data/src/core/lib/security/credentials/credentials.h +11 -5
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +404 -0
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +81 -0
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +20 -14
- data/src/core/lib/security/credentials/external/aws_request_signer.h +2 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +270 -54
- data/src/core/lib/security/credentials/external/external_account_credentials.h +16 -12
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +8 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +6 -6
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +26 -26
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +13 -12
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +5 -4
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +92 -31
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +4 -3
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +18 -5
- data/src/core/lib/security/credentials/jwt/json_token.cc +4 -7
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +34 -17
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +13 -5
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +15 -22
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +57 -66
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +11 -9
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +10 -12
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +11 -10
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +2 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +12 -15
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +20 -21
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +382 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +74 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +5 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -3
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +3 -2
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_utils.cc +123 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +51 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +209 -10
- data/src/core/lib/security/credentials/xds/xds_credentials.h +27 -9
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +20 -12
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +50 -17
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +35 -8
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +4 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +23 -10
- data/src/core/lib/security/security_connector/security_connector.cc +12 -6
- data/src/core/lib/security/security_connector/security_connector.h +10 -5
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +24 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
- data/src/core/lib/security/security_connector/ssl_utils.cc +41 -14
- data/src/core/lib/security/security_connector/ssl_utils.h +16 -23
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +156 -113
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +67 -52
- data/src/core/lib/security/transport/auth_filters.h +1 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +27 -21
- data/src/core/lib/security/transport/secure_endpoint.cc +10 -20
- data/src/core/lib/security/transport/secure_endpoint.h +1 -0
- data/src/core/lib/security/transport/security_handshaker.cc +158 -90
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -16
- data/src/core/lib/security/transport/tsi_error.cc +5 -6
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +8 -10
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/percent_encoding.cc +73 -30
- data/src/core/lib/slice/percent_encoding.h +29 -28
- data/src/core/lib/slice/slice.cc +14 -21
- data/src/core/lib/{gpr/tls_pthread.cc → slice/slice_api.cc} +15 -6
- data/src/core/lib/slice/slice_buffer.cc +6 -7
- data/src/core/lib/slice/slice_intern.cc +19 -27
- data/src/core/lib/slice/slice_internal.h +4 -246
- data/src/core/lib/slice/slice_refcount.cc +17 -0
- data/src/core/lib/slice/slice_refcount.h +121 -0
- data/src/core/lib/slice/slice_refcount_base.h +173 -0
- data/src/core/lib/slice/slice_split.cc +100 -0
- data/src/core/lib/slice/slice_split.h +40 -0
- data/src/core/lib/slice/slice_string_helpers.cc +0 -83
- data/src/core/lib/slice/slice_string_helpers.h +0 -11
- data/src/core/lib/slice/static_slice.cc +529 -0
- data/src/core/lib/slice/static_slice.h +331 -0
- data/src/core/lib/surface/api_trace.cc +2 -1
- data/src/core/lib/surface/api_trace.h +1 -0
- data/src/core/lib/surface/builtins.cc +49 -0
- data/src/core/lib/surface/builtins.h +26 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
- data/src/core/lib/surface/call.cc +198 -186
- data/src/core/lib/surface/call.h +10 -5
- data/src/core/lib/surface/call_details.cc +10 -10
- data/src/core/lib/surface/call_log_batch.cc +2 -2
- data/src/core/lib/surface/channel.cc +57 -51
- data/src/core/lib/surface/channel.h +19 -14
- data/src/core/lib/surface/channel_init.cc +23 -76
- data/src/core/lib/surface/channel_init.h +52 -44
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/channel_stack_type.cc +2 -1
- data/src/core/lib/surface/completion_queue.cc +140 -145
- data/src/core/lib/surface/completion_queue.h +18 -17
- data/src/core/lib/surface/completion_queue_factory.cc +3 -3
- data/src/core/lib/surface/completion_queue_factory.h +1 -0
- data/src/core/lib/surface/event_string.cc +1 -0
- data/src/core/lib/surface/init.cc +18 -65
- data/src/core/lib/surface/init.h +10 -2
- data/src/core/lib/surface/init_secure.cc +36 -14
- data/src/core/lib/surface/lame_client.cc +62 -61
- data/src/core/lib/surface/lame_client.h +5 -0
- data/src/core/lib/surface/metadata_array.cc +2 -2
- data/src/core/lib/surface/server.cc +167 -116
- data/src/core/lib/surface/server.h +140 -40
- data/src/core/lib/surface/validate_metadata.cc +55 -24
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +9 -8
- data/src/core/lib/transport/connectivity_state.cc +9 -6
- data/src/core/lib/transport/connectivity_state.h +8 -6
- data/src/core/lib/transport/error_utils.cc +64 -27
- data/src/core/lib/transport/error_utils.h +13 -7
- data/src/core/lib/transport/metadata.cc +47 -22
- data/src/core/lib/transport/metadata.h +15 -12
- data/src/core/lib/transport/metadata_batch.cc +41 -339
- data/src/core/lib/transport/metadata_batch.h +932 -68
- data/src/core/lib/transport/parsed_metadata.h +263 -0
- data/src/core/lib/transport/pid_controller.cc +4 -4
- data/src/core/lib/transport/static_metadata.cc +715 -847
- data/src/core/lib/transport/static_metadata.h +115 -379
- data/src/core/lib/transport/status_metadata.cc +5 -3
- data/src/core/lib/transport/transport.cc +8 -8
- data/src/core/lib/transport/transport.h +12 -10
- data/src/core/lib/transport/transport_op_string.cc +46 -26
- data/src/core/lib/uri/uri_parser.cc +131 -249
- data/src/core/lib/uri/uri_parser.h +57 -21
- data/src/core/plugin_registry/grpc_plugin_registry.cc +101 -44
- data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
- data/src/core/tsi/alts/crypt/gsec.cc +5 -4
- data/src/core/tsi/alts/crypt/gsec.h +5 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +18 -17
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +27 -33
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +57 -51
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +8 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +6 -6
- data/src/core/tsi/fake_transport_security.cc +31 -12
- data/src/core/tsi/local_transport_security.cc +36 -73
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -55
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
- data/src/core/tsi/ssl_transport_security.cc +115 -77
- data/src/core/tsi/ssl_transport_security.h +12 -14
- data/src/core/tsi/transport_security.cc +21 -9
- data/src/core/tsi/transport_security.h +16 -1
- data/src/core/tsi/transport_security_grpc.h +1 -0
- data/src/core/tsi/transport_security_interface.h +27 -1
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +21 -8
- data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
- data/src/ruby/ext/grpc/rb_call.c +5 -5
- data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
- data/src/ruby/ext/grpc/rb_channel.c +19 -8
- data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
- data/src/ruby/ext/grpc/rb_channel_credentials.c +15 -5
- data/src/ruby/ext/grpc/rb_channel_credentials.h +5 -0
- data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
- data/src/ruby/ext/grpc/rb_compression_options.c +6 -5
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_event_thread.c +4 -2
- data/src/ruby/ext/grpc/rb_grpc.c +9 -4
- data/src/ruby/ext/grpc/rb_grpc.h +1 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +24 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +50 -14
- data/src/ruby/ext/grpc/rb_server.c +19 -6
- data/src/ruby/ext/grpc/rb_server_credentials.c +22 -6
- data/src/ruby/ext/grpc/rb_server_credentials.h +5 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +218 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +37 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +170 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +37 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +35 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +23 -5
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/client_server_spec.rb +1 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/pb/codegen/package_option_spec.rb +2 -6
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +9 -6
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +54 -48
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +606 -0
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +197 -0
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +396 -0
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.cc +71 -0
- data/third_party/abseil-cpp/absl/status/statusor.h +760 -0
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/address_sorting/address_sorting_posix.c +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +756 -724
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +55 -50
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +22 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +269 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +3 -42
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +196 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +35 -86
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +326 -281
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +15 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +20 -75
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +156 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +68 -45
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +49 -65
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +31 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +28 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +15 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +35 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +56 -72
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +56 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +30 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +123 -44
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +30 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +50 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +65 -41
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +93 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +91 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +50 -86
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +400 -325
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +125 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +156 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +345 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +20 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +24 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +12 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +25 -69
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +54 -74
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +61 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -19
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +15 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +23 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +50 -14
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +23 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +27 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +28 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +26 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +10 -12
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +7 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +27 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +86 -44
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +69 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +1026 -615
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -176
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +63 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +32 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +23 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +10 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +38 -51
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +350 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +33 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +104 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +39 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +406 -108
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +48 -36
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1425 -377
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -679
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +188 -49
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +16 -18
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1084 -0
- data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +847 -622
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +92 -44
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +314 -217
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +177 -35
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +491 -152
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +60 -112
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +136 -104
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +12 -17
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +79 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +235 -178
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +160 -91
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +269 -118
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/re2/re2/compile.cc +91 -109
- data/third_party/re2/re2/dfa.cc +27 -39
- data/third_party/re2/re2/filtered_re2.cc +18 -2
- data/third_party/re2/re2/filtered_re2.h +10 -5
- data/third_party/re2/re2/nfa.cc +1 -1
- data/third_party/re2/re2/parse.cc +42 -23
- data/third_party/re2/re2/perl_groups.cc +34 -34
- data/third_party/re2/re2/prefilter.cc +3 -2
- data/third_party/re2/re2/prog.cc +182 -4
- data/third_party/re2/re2/prog.h +28 -9
- data/third_party/re2/re2/re2.cc +87 -118
- data/third_party/re2/re2/re2.h +156 -141
- data/third_party/re2/re2/regexp.cc +12 -5
- data/third_party/re2/re2/regexp.h +8 -2
- data/third_party/re2/re2/set.cc +31 -9
- data/third_party/re2/re2/set.h +9 -4
- data/third_party/re2/re2/simplify.cc +11 -3
- data/third_party/re2/re2/tostring.cc +1 -1
- data/third_party/re2/re2/walker-inl.h +1 -1
- data/third_party/re2/util/mutex.h +2 -2
- data/third_party/re2/util/pcre.h +3 -3
- data/third_party/upb/upb/decode.c +354 -204
- data/third_party/upb/upb/decode.h +50 -3
- data/third_party/upb/upb/decode_fast.c +1053 -0
- data/third_party/upb/upb/decode_fast.h +153 -0
- data/third_party/upb/upb/decode_internal.h +193 -0
- data/third_party/upb/upb/def.c +609 -610
- data/third_party/upb/upb/def.h +57 -50
- data/third_party/upb/upb/def.hpp +66 -123
- data/third_party/upb/upb/encode.c +267 -176
- data/third_party/upb/upb/encode.h +56 -4
- data/third_party/upb/upb/msg.c +304 -84
- data/third_party/upb/upb/msg.h +76 -441
- data/third_party/upb/upb/msg_internal.h +687 -0
- data/third_party/upb/upb/port_def.inc +156 -82
- data/third_party/upb/upb/port_undef.inc +41 -8
- data/third_party/upb/upb/reflection.c +64 -55
- data/third_party/upb/upb/reflection.h +36 -8
- data/third_party/upb/upb/reflection.hpp +37 -0
- data/third_party/upb/upb/table.c +238 -276
- data/third_party/upb/upb/{table.int.h → table_internal.h} +66 -181
- data/third_party/upb/upb/text_encode.c +77 -26
- data/third_party/upb/upb/text_encode.h +30 -1
- data/third_party/upb/upb/upb.c +75 -47
- data/third_party/upb/upb/upb.h +72 -13
- data/third_party/upb/upb/upb.hpp +28 -4
- data/third_party/upb/upb/upb_internal.h +58 -0
- data/third_party/xxhash/xxhash.h +5325 -0
- metadata +287 -137
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +0 -909
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +0 -485
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +0 -68
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +0 -355
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +0 -138
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -210
- data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
- data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
- data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
- data/src/core/ext/transport/chttp2/client/authority.h +0 -36
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -242
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +0 -28
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -53
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -129
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -77
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -85
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -160
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -117
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +0 -265
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +0 -104
- data/src/core/lib/gpr/arena.h +0 -47
- data/src/core/lib/gpr/tls_gcc.h +0 -52
- data/src/core/lib/gpr/tls_msvc.h +0 -54
- data/src/core/lib/gpr/tls_pthread.h +0 -56
- data/src/core/lib/gpr/tls_stdcpp.h +0 -48
- data/src/core/lib/gprpp/atomic.h +0 -104
- data/src/core/lib/gprpp/map.h +0 -53
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/iomgr/pollset_uv.cc +0 -93
- data/src/core/lib/iomgr/pollset_uv.h +0 -32
- data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
- data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
- data/src/core/lib/iomgr/tcp_uv.cc +0 -419
- data/src/core/lib/iomgr/timer_uv.cc +0 -66
- data/src/core/lib/iomgr/udp_server.cc +0 -748
- data/src/core/lib/iomgr/udp_server.h +0 -104
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/src/core/lib/transport/authority_override.cc +0 -38
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +0 -104
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -237
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
- data/third_party/upb/upb/port.c +0 -26
|
@@ -146,13 +146,16 @@
|
|
|
146
146
|
|
|
147
147
|
#include <stdlib.h>
|
|
148
148
|
|
|
149
|
+
#include <initializer_list>
|
|
149
150
|
#include <limits>
|
|
150
151
|
#include <new>
|
|
151
152
|
#include <type_traits>
|
|
152
153
|
#include <utility>
|
|
153
154
|
|
|
154
155
|
#include <openssl/aead.h>
|
|
156
|
+
#include <openssl/curve25519.h>
|
|
155
157
|
#include <openssl/err.h>
|
|
158
|
+
#include <openssl/hpke.h>
|
|
156
159
|
#include <openssl/lhash.h>
|
|
157
160
|
#include <openssl/mem.h>
|
|
158
161
|
#include <openssl/span.h>
|
|
@@ -161,6 +164,7 @@
|
|
|
161
164
|
|
|
162
165
|
#include "../crypto/err/internal.h"
|
|
163
166
|
#include "../crypto/internal.h"
|
|
167
|
+
#include "../crypto/lhash/internal.h"
|
|
164
168
|
|
|
165
169
|
|
|
166
170
|
#if defined(OPENSSL_WINDOWS)
|
|
@@ -276,9 +280,9 @@ class Array {
|
|
|
276
280
|
T &operator[](size_t i) { return data_[i]; }
|
|
277
281
|
|
|
278
282
|
T *begin() { return data_; }
|
|
279
|
-
const T *
|
|
283
|
+
const T *begin() const { return data_; }
|
|
280
284
|
T *end() { return data_ + size_; }
|
|
281
|
-
const T *
|
|
285
|
+
const T *end() const { return data_ + size_; }
|
|
282
286
|
|
|
283
287
|
void Reset() { Reset(nullptr, 0); }
|
|
284
288
|
|
|
@@ -378,6 +382,8 @@ class GrowableArray {
|
|
|
378
382
|
return *this;
|
|
379
383
|
}
|
|
380
384
|
|
|
385
|
+
const T *data() const { return array_.data(); }
|
|
386
|
+
T *data() { return array_.data(); }
|
|
381
387
|
size_t size() const { return size_; }
|
|
382
388
|
bool empty() const { return size_ == 0; }
|
|
383
389
|
|
|
@@ -385,9 +391,9 @@ class GrowableArray {
|
|
|
385
391
|
T &operator[](size_t i) { return array_[i]; }
|
|
386
392
|
|
|
387
393
|
T *begin() { return array_.data(); }
|
|
388
|
-
const T *
|
|
394
|
+
const T *begin() const { return array_.data(); }
|
|
389
395
|
T *end() { return array_.data() + size_; }
|
|
390
|
-
const T *
|
|
396
|
+
const T *end() const { return array_.data() + size_; }
|
|
391
397
|
|
|
392
398
|
void clear() {
|
|
393
399
|
size_ = 0;
|
|
@@ -484,15 +490,17 @@ bool ssl_get_version_range(const SSL_HANDSHAKE *hs, uint16_t *out_min_version,
|
|
|
484
490
|
uint16_t *out_max_version);
|
|
485
491
|
|
|
486
492
|
// ssl_supports_version returns whether |hs| supports |version|.
|
|
487
|
-
bool ssl_supports_version(SSL_HANDSHAKE *hs, uint16_t version);
|
|
493
|
+
bool ssl_supports_version(const SSL_HANDSHAKE *hs, uint16_t version);
|
|
488
494
|
|
|
489
495
|
// ssl_method_supports_version returns whether |method| supports |version|.
|
|
490
496
|
bool ssl_method_supports_version(const SSL_PROTOCOL_METHOD *method,
|
|
491
497
|
uint16_t version);
|
|
492
498
|
|
|
493
499
|
// ssl_add_supported_versions writes the supported versions of |hs| to |cbb|, in
|
|
494
|
-
// decreasing preference order.
|
|
495
|
-
|
|
500
|
+
// decreasing preference order. The version list is filtered to those whose
|
|
501
|
+
// protocol version is at least |extra_min_version|.
|
|
502
|
+
bool ssl_add_supported_versions(const SSL_HANDSHAKE *hs, CBB *cbb,
|
|
503
|
+
uint16_t extra_min_version);
|
|
496
504
|
|
|
497
505
|
// ssl_negotiate_version negotiates a common version based on |hs|'s preferences
|
|
498
506
|
// and the peer preference list in |peer_versions|. On success, it returns true
|
|
@@ -675,6 +683,9 @@ class SSLTranscript {
|
|
|
675
683
|
SSLTranscript();
|
|
676
684
|
~SSLTranscript();
|
|
677
685
|
|
|
686
|
+
SSLTranscript(SSLTranscript &&other) = default;
|
|
687
|
+
SSLTranscript &operator=(SSLTranscript &&other) = default;
|
|
688
|
+
|
|
678
689
|
// Init initializes the handshake transcript. If called on an existing
|
|
679
690
|
// transcript, it resets the transcript and hash. It returns true on success
|
|
680
691
|
// and false on failure.
|
|
@@ -683,7 +694,8 @@ class SSLTranscript {
|
|
|
683
694
|
// InitHash initializes the handshake hash based on the PRF and contents of
|
|
684
695
|
// the handshake transcript. Subsequent calls to |Update| will update the
|
|
685
696
|
// rolling hash. It returns one on success and zero on failure. It is an error
|
|
686
|
-
// to call this function after the handshake buffer is released.
|
|
697
|
+
// to call this function after the handshake buffer is released. This may be
|
|
698
|
+
// called multiple times to change the hash function.
|
|
687
699
|
bool InitHash(uint16_t version, const SSL_CIPHER *cipher);
|
|
688
700
|
|
|
689
701
|
// UpdateForHelloRetryRequest resets the rolling hash with the
|
|
@@ -696,9 +708,9 @@ class SSLTranscript {
|
|
|
696
708
|
// the transcript. It returns true on success and false on failure. If the
|
|
697
709
|
// handshake buffer is still present, |digest| may be any supported digest.
|
|
698
710
|
// Otherwise, |digest| must match the transcript hash.
|
|
699
|
-
bool CopyToHashContext(EVP_MD_CTX *ctx, const EVP_MD *digest);
|
|
711
|
+
bool CopyToHashContext(EVP_MD_CTX *ctx, const EVP_MD *digest) const;
|
|
700
712
|
|
|
701
|
-
Span<const uint8_t> buffer() {
|
|
713
|
+
Span<const uint8_t> buffer() const {
|
|
702
714
|
return MakeConstSpan(reinterpret_cast<const uint8_t *>(buffer_->data),
|
|
703
715
|
buffer_->length);
|
|
704
716
|
}
|
|
@@ -721,14 +733,14 @@ class SSLTranscript {
|
|
|
721
733
|
// GetHash writes the handshake hash to |out| which must have room for at
|
|
722
734
|
// least |DigestLen| bytes. On success, it returns true and sets |*out_len| to
|
|
723
735
|
// the number of bytes written. Otherwise, it returns false.
|
|
724
|
-
bool GetHash(uint8_t *out, size_t *out_len);
|
|
736
|
+
bool GetHash(uint8_t *out, size_t *out_len) const;
|
|
725
737
|
|
|
726
738
|
// GetFinishedMAC computes the MAC for the Finished message into the bytes
|
|
727
739
|
// pointed by |out| and writes the number of bytes to |*out_len|. |out| must
|
|
728
740
|
// have room for |EVP_MAX_MD_SIZE| bytes. It returns true on success and false
|
|
729
741
|
// on failure.
|
|
730
742
|
bool GetFinishedMAC(uint8_t *out, size_t *out_len, const SSL_SESSION *session,
|
|
731
|
-
bool from_server);
|
|
743
|
+
bool from_server) const;
|
|
732
744
|
|
|
733
745
|
private:
|
|
734
746
|
// buffer_, if non-null, contains the handshake transcript.
|
|
@@ -1066,6 +1078,10 @@ class SSLKeyShare {
|
|
|
1066
1078
|
// |Serialize|.
|
|
1067
1079
|
static UniquePtr<SSLKeyShare> Create(CBS *in);
|
|
1068
1080
|
|
|
1081
|
+
// Serializes writes the group ID and private key, in a format that can be
|
|
1082
|
+
// read by |Create|.
|
|
1083
|
+
bool Serialize(CBB *out);
|
|
1084
|
+
|
|
1069
1085
|
// GroupID returns the group ID.
|
|
1070
1086
|
virtual uint16_t GroupID() const PURE_VIRTUAL;
|
|
1071
1087
|
|
|
@@ -1090,13 +1106,13 @@ class SSLKeyShare {
|
|
|
1090
1106
|
virtual bool Finish(Array<uint8_t> *out_secret, uint8_t *out_alert,
|
|
1091
1107
|
Span<const uint8_t> peer_key) PURE_VIRTUAL;
|
|
1092
1108
|
|
|
1093
|
-
//
|
|
1094
|
-
// successful and false otherwise.
|
|
1095
|
-
virtual bool
|
|
1109
|
+
// SerializePrivateKey writes the private key to |out|, returning true if
|
|
1110
|
+
// successful and false otherwise. It should be called after |Offer|.
|
|
1111
|
+
virtual bool SerializePrivateKey(CBB *out) { return false; }
|
|
1096
1112
|
|
|
1097
|
-
//
|
|
1098
|
-
// true if successful and false otherwise.
|
|
1099
|
-
virtual bool
|
|
1113
|
+
// DeserializePrivateKey initializes the state of the key exchange from |in|,
|
|
1114
|
+
// returning true if successful and false otherwise.
|
|
1115
|
+
virtual bool DeserializePrivateKey(CBS *in) { return false; }
|
|
1100
1116
|
};
|
|
1101
1117
|
|
|
1102
1118
|
struct NamedGroup {
|
|
@@ -1352,9 +1368,10 @@ bool ssl_on_certificate_selected(SSL_HANDSHAKE *hs);
|
|
|
1352
1368
|
bool tls13_init_key_schedule(SSL_HANDSHAKE *hs, Span<const uint8_t> psk);
|
|
1353
1369
|
|
|
1354
1370
|
// tls13_init_early_key_schedule initializes the handshake hash and key
|
|
1355
|
-
// derivation state from
|
|
1356
|
-
//
|
|
1357
|
-
bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs,
|
|
1371
|
+
// derivation state from |session| for use with 0-RTT. It returns one on success
|
|
1372
|
+
// and zero on error.
|
|
1373
|
+
bool tls13_init_early_key_schedule(SSL_HANDSHAKE *hs,
|
|
1374
|
+
const SSL_SESSION *session);
|
|
1358
1375
|
|
|
1359
1376
|
// tls13_advance_key_schedule incorporates |in| into the key schedule with
|
|
1360
1377
|
// HKDF-Extract. It returns true on success and false on error.
|
|
@@ -1407,16 +1424,184 @@ bool tls13_finished_mac(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len,
|
|
|
1407
1424
|
// on failure.
|
|
1408
1425
|
bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce);
|
|
1409
1426
|
|
|
1410
|
-
// tls13_write_psk_binder calculates the PSK binder value
|
|
1411
|
-
// bytes of |msg| with the resulting value. It
|
|
1412
|
-
// false on failure.
|
|
1413
|
-
|
|
1427
|
+
// tls13_write_psk_binder calculates the PSK binder value over |transcript| and
|
|
1428
|
+
// |msg|, and replaces the last bytes of |msg| with the resulting value. It
|
|
1429
|
+
// returns true on success, and false on failure. If |out_binder_len| is
|
|
1430
|
+
// non-NULL, it sets |*out_binder_len| to the length of the value computed.
|
|
1431
|
+
bool tls13_write_psk_binder(const SSL_HANDSHAKE *hs,
|
|
1432
|
+
const SSLTranscript &transcript, Span<uint8_t> msg,
|
|
1433
|
+
size_t *out_binder_len);
|
|
1414
1434
|
|
|
1415
1435
|
// tls13_verify_psk_binder verifies that the handshake transcript, truncated up
|
|
1416
1436
|
// to the binders has a valid signature using the value of |session|'s
|
|
1417
1437
|
// resumption secret. It returns true on success, and false on failure.
|
|
1418
|
-
bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs,
|
|
1419
|
-
const SSLMessage &msg,
|
|
1438
|
+
bool tls13_verify_psk_binder(const SSL_HANDSHAKE *hs,
|
|
1439
|
+
const SSL_SESSION *session, const SSLMessage &msg,
|
|
1440
|
+
CBS *binders);
|
|
1441
|
+
|
|
1442
|
+
|
|
1443
|
+
// Encrypted ClientHello.
|
|
1444
|
+
|
|
1445
|
+
struct ECHConfig {
|
|
1446
|
+
static constexpr bool kAllowUniquePtr = true;
|
|
1447
|
+
// raw contains the serialized ECHConfig.
|
|
1448
|
+
Array<uint8_t> raw;
|
|
1449
|
+
// The following fields alias into |raw|.
|
|
1450
|
+
Span<const uint8_t> public_key;
|
|
1451
|
+
Span<const uint8_t> public_name;
|
|
1452
|
+
Span<const uint8_t> cipher_suites;
|
|
1453
|
+
uint16_t kem_id = 0;
|
|
1454
|
+
uint8_t maximum_name_length = 0;
|
|
1455
|
+
uint8_t config_id = 0;
|
|
1456
|
+
};
|
|
1457
|
+
|
|
1458
|
+
class ECHServerConfig {
|
|
1459
|
+
public:
|
|
1460
|
+
static constexpr bool kAllowUniquePtr = true;
|
|
1461
|
+
ECHServerConfig() = default;
|
|
1462
|
+
ECHServerConfig(const ECHServerConfig &other) = delete;
|
|
1463
|
+
ECHServerConfig &operator=(ECHServerConfig &&) = delete;
|
|
1464
|
+
|
|
1465
|
+
// Init parses |ech_config| as an ECHConfig and saves a copy of |key|.
|
|
1466
|
+
// It returns true on success and false on error.
|
|
1467
|
+
bool Init(Span<const uint8_t> ech_config, const EVP_HPKE_KEY *key,
|
|
1468
|
+
bool is_retry_config);
|
|
1469
|
+
|
|
1470
|
+
// SetupContext sets up |ctx| for a new connection, given the specified
|
|
1471
|
+
// HPKE ciphersuite and encapsulated KEM key. It returns true on success and
|
|
1472
|
+
// false on error. This function may only be called on an initialized object.
|
|
1473
|
+
bool SetupContext(EVP_HPKE_CTX *ctx, uint16_t kdf_id, uint16_t aead_id,
|
|
1474
|
+
Span<const uint8_t> enc) const;
|
|
1475
|
+
|
|
1476
|
+
const ECHConfig &ech_config() const { return ech_config_; }
|
|
1477
|
+
bool is_retry_config() const { return is_retry_config_; }
|
|
1478
|
+
|
|
1479
|
+
private:
|
|
1480
|
+
ECHConfig ech_config_;
|
|
1481
|
+
ScopedEVP_HPKE_KEY key_;
|
|
1482
|
+
bool is_retry_config_ = false;
|
|
1483
|
+
};
|
|
1484
|
+
|
|
1485
|
+
enum ssl_client_hello_type_t {
|
|
1486
|
+
ssl_client_hello_unencrypted,
|
|
1487
|
+
ssl_client_hello_inner,
|
|
1488
|
+
ssl_client_hello_outer,
|
|
1489
|
+
};
|
|
1490
|
+
|
|
1491
|
+
// ECH_CLIENT_* are types for the ClientHello encrypted_client_hello extension.
|
|
1492
|
+
#define ECH_CLIENT_OUTER 0
|
|
1493
|
+
#define ECH_CLIENT_INNER 1
|
|
1494
|
+
|
|
1495
|
+
// ssl_decode_client_hello_inner recovers the full ClientHelloInner from the
|
|
1496
|
+
// EncodedClientHelloInner |encoded_client_hello_inner| by replacing its
|
|
1497
|
+
// outer_extensions extension with the referenced extensions from the
|
|
1498
|
+
// ClientHelloOuter |client_hello_outer|. If successful, it writes the recovered
|
|
1499
|
+
// ClientHelloInner to |out_client_hello_inner|. It returns true on success and
|
|
1500
|
+
// false on failure.
|
|
1501
|
+
OPENSSL_EXPORT bool ssl_decode_client_hello_inner(
|
|
1502
|
+
SSL *ssl, uint8_t *out_alert, Array<uint8_t> *out_client_hello_inner,
|
|
1503
|
+
Span<const uint8_t> encoded_client_hello_inner,
|
|
1504
|
+
const SSL_CLIENT_HELLO *client_hello_outer);
|
|
1505
|
+
|
|
1506
|
+
// ssl_client_hello_decrypt attempts to decrypt the |payload| and writes the
|
|
1507
|
+
// result to |*out|. |payload| must point into |client_hello_outer|. It returns
|
|
1508
|
+
// true on success and false on error. On error, it sets |*out_is_decrypt_error|
|
|
1509
|
+
// to whether the failure was due to a bad ciphertext.
|
|
1510
|
+
bool ssl_client_hello_decrypt(EVP_HPKE_CTX *hpke_ctx, Array<uint8_t> *out,
|
|
1511
|
+
bool *out_is_decrypt_error,
|
|
1512
|
+
const SSL_CLIENT_HELLO *client_hello_outer,
|
|
1513
|
+
Span<const uint8_t> payload);
|
|
1514
|
+
|
|
1515
|
+
#define ECH_CONFIRMATION_SIGNAL_LEN 8
|
|
1516
|
+
|
|
1517
|
+
// ssl_ech_confirmation_signal_hello_offset returns the offset of the ECH
|
|
1518
|
+
// confirmation signal in a ServerHello message, including the handshake header.
|
|
1519
|
+
size_t ssl_ech_confirmation_signal_hello_offset(const SSL *ssl);
|
|
1520
|
+
|
|
1521
|
+
// ssl_ech_accept_confirmation computes the server's ECH acceptance signal,
|
|
1522
|
+
// writing it to |out|. The transcript portion is the concatenation of
|
|
1523
|
+
// |transcript| with |msg|. The |ECH_CONFIRMATION_SIGNAL_LEN| bytes from
|
|
1524
|
+
// |offset| in |msg| are replaced with zeros before hashing. This function
|
|
1525
|
+
// returns true on success, and false on failure.
|
|
1526
|
+
bool ssl_ech_accept_confirmation(const SSL_HANDSHAKE *hs, Span<uint8_t> out,
|
|
1527
|
+
Span<const uint8_t> client_random,
|
|
1528
|
+
const SSLTranscript &transcript, bool is_hrr,
|
|
1529
|
+
Span<const uint8_t> msg, size_t offset);
|
|
1530
|
+
|
|
1531
|
+
// ssl_is_valid_ech_public_name returns true if |public_name| is a valid ECH
|
|
1532
|
+
// public name and false otherwise. It is exported for testing.
|
|
1533
|
+
OPENSSL_EXPORT bool ssl_is_valid_ech_public_name(
|
|
1534
|
+
Span<const uint8_t> public_name);
|
|
1535
|
+
|
|
1536
|
+
// ssl_is_valid_ech_config_list returns true if |ech_config_list| is a valid
|
|
1537
|
+
// ECHConfigList structure and false otherwise.
|
|
1538
|
+
bool ssl_is_valid_ech_config_list(Span<const uint8_t> ech_config_list);
|
|
1539
|
+
|
|
1540
|
+
// ssl_select_ech_config selects an ECHConfig and associated parameters to offer
|
|
1541
|
+
// on the client and updates |hs|. It returns true on success, whether an
|
|
1542
|
+
// ECHConfig was found or not, and false on internal error. On success, the
|
|
1543
|
+
// encapsulated key is written to |out_enc| and |*out_enc_len| is set to the
|
|
1544
|
+
// number of bytes written. If the function did not select an ECHConfig, the
|
|
1545
|
+
// encapsulated key is the empty string.
|
|
1546
|
+
bool ssl_select_ech_config(SSL_HANDSHAKE *hs, Span<uint8_t> out_enc,
|
|
1547
|
+
size_t *out_enc_len);
|
|
1548
|
+
|
|
1549
|
+
// ssl_ech_extension_body_length returns the length of the body of a ClientHello
|
|
1550
|
+
// ECH extension that encrypts |in_len| bytes with |aead| and an 'enc' value of
|
|
1551
|
+
// length |enc_len|. The result does not include the four-byte extension header.
|
|
1552
|
+
size_t ssl_ech_extension_body_length(const EVP_HPKE_AEAD *aead, size_t enc_len,
|
|
1553
|
+
size_t in_len);
|
|
1554
|
+
|
|
1555
|
+
// ssl_encrypt_client_hello constructs a new ClientHelloInner, adds it to the
|
|
1556
|
+
// inner transcript, and encrypts for inclusion in the ClientHelloOuter. |enc|
|
|
1557
|
+
// is the encapsulated key to include in the extension. It returns true on
|
|
1558
|
+
// success and false on error. If not offering ECH, |enc| is ignored and the
|
|
1559
|
+
// function will compute a GREASE ECH extension if necessary, and otherwise
|
|
1560
|
+
// return success while doing nothing.
|
|
1561
|
+
//
|
|
1562
|
+
// Encrypting the ClientHelloInner incorporates all extensions in the
|
|
1563
|
+
// ClientHelloOuter, so all other state necessary for |ssl_add_client_hello|
|
|
1564
|
+
// must already be computed.
|
|
1565
|
+
bool ssl_encrypt_client_hello(SSL_HANDSHAKE *hs, Span<const uint8_t> enc);
|
|
1566
|
+
|
|
1567
|
+
|
|
1568
|
+
// Delegated credentials.
|
|
1569
|
+
|
|
1570
|
+
// This structure stores a delegated credential (DC) as defined by
|
|
1571
|
+
// draft-ietf-tls-subcerts-03.
|
|
1572
|
+
struct DC {
|
|
1573
|
+
static constexpr bool kAllowUniquePtr = true;
|
|
1574
|
+
~DC();
|
|
1575
|
+
|
|
1576
|
+
// Dup returns a copy of this DC and takes references to |raw| and |pkey|.
|
|
1577
|
+
UniquePtr<DC> Dup();
|
|
1578
|
+
|
|
1579
|
+
// Parse parses the delegated credential stored in |in|. If successful it
|
|
1580
|
+
// returns the parsed structure, otherwise it returns |nullptr| and sets
|
|
1581
|
+
// |*out_alert|.
|
|
1582
|
+
static UniquePtr<DC> Parse(CRYPTO_BUFFER *in, uint8_t *out_alert);
|
|
1583
|
+
|
|
1584
|
+
// raw is the delegated credential encoded as specified in draft-ietf-tls-
|
|
1585
|
+
// subcerts-03.
|
|
1586
|
+
UniquePtr<CRYPTO_BUFFER> raw;
|
|
1587
|
+
|
|
1588
|
+
// expected_cert_verify_algorithm is the signature scheme of the DC public
|
|
1589
|
+
// key.
|
|
1590
|
+
uint16_t expected_cert_verify_algorithm = 0;
|
|
1591
|
+
|
|
1592
|
+
// pkey is the public key parsed from |public_key|.
|
|
1593
|
+
UniquePtr<EVP_PKEY> pkey;
|
|
1594
|
+
|
|
1595
|
+
private:
|
|
1596
|
+
friend DC* New<DC>();
|
|
1597
|
+
DC();
|
|
1598
|
+
};
|
|
1599
|
+
|
|
1600
|
+
// ssl_signing_with_dc returns true if the peer has indicated support for
|
|
1601
|
+
// delegated credentials and this host has sent a delegated credential in
|
|
1602
|
+
// response. If this is true then we've committed to using the DC in the
|
|
1603
|
+
// handshake.
|
|
1604
|
+
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs);
|
|
1420
1605
|
|
|
1421
1606
|
|
|
1422
1607
|
// Handshake functions.
|
|
@@ -1431,7 +1616,6 @@ enum ssl_hs_wait_t {
|
|
|
1431
1616
|
ssl_hs_handoff,
|
|
1432
1617
|
ssl_hs_handback,
|
|
1433
1618
|
ssl_hs_x509_lookup,
|
|
1434
|
-
ssl_hs_channel_id_lookup,
|
|
1435
1619
|
ssl_hs_private_key_operation,
|
|
1436
1620
|
ssl_hs_pending_session,
|
|
1437
1621
|
ssl_hs_pending_ticket,
|
|
@@ -1440,6 +1624,7 @@ enum ssl_hs_wait_t {
|
|
|
1440
1624
|
ssl_hs_read_end_of_early_data,
|
|
1441
1625
|
ssl_hs_read_change_cipher_spec,
|
|
1442
1626
|
ssl_hs_certificate_verify,
|
|
1627
|
+
ssl_hs_hints_ready,
|
|
1443
1628
|
};
|
|
1444
1629
|
|
|
1445
1630
|
enum ssl_grease_index_t {
|
|
@@ -1449,12 +1634,14 @@ enum ssl_grease_index_t {
|
|
|
1449
1634
|
ssl_grease_extension2,
|
|
1450
1635
|
ssl_grease_version,
|
|
1451
1636
|
ssl_grease_ticket_extension,
|
|
1452
|
-
|
|
1637
|
+
ssl_grease_ech_config_id,
|
|
1638
|
+
ssl_grease_last_index = ssl_grease_ech_config_id,
|
|
1453
1639
|
};
|
|
1454
1640
|
|
|
1455
1641
|
enum tls12_server_hs_state_t {
|
|
1456
1642
|
state12_start_accept = 0,
|
|
1457
1643
|
state12_read_client_hello,
|
|
1644
|
+
state12_read_client_hello_after_ech,
|
|
1458
1645
|
state12_select_certificate,
|
|
1459
1646
|
state12_tls13,
|
|
1460
1647
|
state12_select_parameters,
|
|
@@ -1506,46 +1693,30 @@ enum handback_t {
|
|
|
1506
1693
|
handback_max_value = handback_tls13,
|
|
1507
1694
|
};
|
|
1508
1695
|
|
|
1509
|
-
|
|
1510
|
-
//
|
|
1511
|
-
|
|
1512
|
-
// This structure stores a delegated credential (DC) as defined by
|
|
1513
|
-
// draft-ietf-tls-subcerts-03.
|
|
1514
|
-
struct DC {
|
|
1696
|
+
// SSL_HANDSHAKE_HINTS contains handshake hints for a connection. See
|
|
1697
|
+
// |SSL_request_handshake_hints| and related functions.
|
|
1698
|
+
struct SSL_HANDSHAKE_HINTS {
|
|
1515
1699
|
static constexpr bool kAllowUniquePtr = true;
|
|
1516
|
-
~DC();
|
|
1517
1700
|
|
|
1518
|
-
|
|
1519
|
-
UniquePtr<DC> Dup();
|
|
1701
|
+
Array<uint8_t> server_random;
|
|
1520
1702
|
|
|
1521
|
-
|
|
1522
|
-
|
|
1523
|
-
|
|
1524
|
-
static UniquePtr<DC> Parse(CRYPTO_BUFFER *in, uint8_t *out_alert);
|
|
1703
|
+
uint16_t key_share_group_id = 0;
|
|
1704
|
+
Array<uint8_t> key_share_public_key;
|
|
1705
|
+
Array<uint8_t> key_share_secret;
|
|
1525
1706
|
|
|
1526
|
-
|
|
1527
|
-
|
|
1528
|
-
|
|
1707
|
+
uint16_t signature_algorithm = 0;
|
|
1708
|
+
Array<uint8_t> signature_input;
|
|
1709
|
+
Array<uint8_t> signature_spki;
|
|
1710
|
+
Array<uint8_t> signature;
|
|
1529
1711
|
|
|
1530
|
-
|
|
1531
|
-
|
|
1532
|
-
uint16_t expected_cert_verify_algorithm = 0;
|
|
1533
|
-
|
|
1534
|
-
// pkey is the public key parsed from |public_key|.
|
|
1535
|
-
UniquePtr<EVP_PKEY> pkey;
|
|
1712
|
+
Array<uint8_t> decrypted_psk;
|
|
1713
|
+
bool ignore_psk = false;
|
|
1536
1714
|
|
|
1537
|
-
|
|
1538
|
-
|
|
1539
|
-
|
|
1715
|
+
uint16_t cert_compression_alg_id = 0;
|
|
1716
|
+
Array<uint8_t> cert_compression_input;
|
|
1717
|
+
Array<uint8_t> cert_compression_output;
|
|
1540
1718
|
};
|
|
1541
1719
|
|
|
1542
|
-
// ssl_signing_with_dc returns true if the peer has indicated support for
|
|
1543
|
-
// delegated credentials and this host has sent a delegated credential in
|
|
1544
|
-
// response. If this is true then we've committed to using the DC in the
|
|
1545
|
-
// handshake.
|
|
1546
|
-
bool ssl_signing_with_dc(const SSL_HANDSHAKE *hs);
|
|
1547
|
-
|
|
1548
|
-
|
|
1549
1720
|
struct SSL_HANDSHAKE {
|
|
1550
1721
|
explicit SSL_HANDSHAKE(SSL *ssl);
|
|
1551
1722
|
~SSL_HANDSHAKE();
|
|
@@ -1590,7 +1761,21 @@ struct SSL_HANDSHAKE {
|
|
|
1590
1761
|
public:
|
|
1591
1762
|
void ResizeSecrets(size_t hash_len);
|
|
1592
1763
|
|
|
1764
|
+
// GetClientHello, on the server, returns either the normal ClientHello
|
|
1765
|
+
// message or the ClientHelloInner if it has been serialized to
|
|
1766
|
+
// |ech_client_hello_buf|. This function should only be called when the
|
|
1767
|
+
// current message is a ClientHello. It returns true on success and false on
|
|
1768
|
+
// error.
|
|
1769
|
+
//
|
|
1770
|
+
// Note that fields of the returned |out_msg| and |out_client_hello| point
|
|
1771
|
+
// into a handshake-owned buffer, so their lifetimes should not exceed this
|
|
1772
|
+
// SSL_HANDSHAKE.
|
|
1773
|
+
bool GetClientHello(SSLMessage *out_msg, SSL_CLIENT_HELLO *out_client_hello);
|
|
1774
|
+
|
|
1593
1775
|
Span<uint8_t> secret() { return MakeSpan(secret_, hash_len_); }
|
|
1776
|
+
Span<const uint8_t> secret() const {
|
|
1777
|
+
return MakeConstSpan(secret_, hash_len_);
|
|
1778
|
+
}
|
|
1594
1779
|
Span<uint8_t> early_traffic_secret() {
|
|
1595
1780
|
return MakeSpan(early_traffic_secret_, hash_len_);
|
|
1596
1781
|
}
|
|
@@ -1612,7 +1797,7 @@ struct SSL_HANDSHAKE {
|
|
|
1612
1797
|
|
|
1613
1798
|
union {
|
|
1614
1799
|
// sent is a bitset where the bits correspond to elements of kExtensions
|
|
1615
|
-
// in
|
|
1800
|
+
// in extensions.cc. Each bit is set if that extension was sent in a
|
|
1616
1801
|
// ClientHello. It's not used by servers.
|
|
1617
1802
|
uint32_t sent = 0;
|
|
1618
1803
|
// received is a bitset, like |sent|, but is used by servers to record
|
|
@@ -1620,9 +1805,9 @@ struct SSL_HANDSHAKE {
|
|
|
1620
1805
|
uint32_t received;
|
|
1621
1806
|
} extensions;
|
|
1622
1807
|
|
|
1623
|
-
//
|
|
1624
|
-
//
|
|
1625
|
-
|
|
1808
|
+
// inner_extensions_sent, on clients that offer ECH, is |extensions.sent| for
|
|
1809
|
+
// the ClientHelloInner.
|
|
1810
|
+
uint32_t inner_extensions_sent = 0;
|
|
1626
1811
|
|
|
1627
1812
|
// error, if |wait| is |ssl_hs_error|, is the error the handshake failed on.
|
|
1628
1813
|
UniquePtr<ERR_SAVE_STATE> error;
|
|
@@ -1635,11 +1820,31 @@ struct SSL_HANDSHAKE {
|
|
|
1635
1820
|
// transcript is the current handshake transcript.
|
|
1636
1821
|
SSLTranscript transcript;
|
|
1637
1822
|
|
|
1823
|
+
// inner_transcript, on the client, is the handshake transcript for the
|
|
1824
|
+
// ClientHelloInner handshake. It is moved to |transcript| if the server
|
|
1825
|
+
// accepts ECH.
|
|
1826
|
+
SSLTranscript inner_transcript;
|
|
1827
|
+
|
|
1828
|
+
// inner_client_random is the ClientHello random value used with
|
|
1829
|
+
// ClientHelloInner.
|
|
1830
|
+
uint8_t inner_client_random[SSL3_RANDOM_SIZE] = {0};
|
|
1831
|
+
|
|
1638
1832
|
// cookie is the value of the cookie received from the server, if any.
|
|
1639
1833
|
Array<uint8_t> cookie;
|
|
1640
1834
|
|
|
1641
|
-
//
|
|
1642
|
-
// the
|
|
1835
|
+
// ech_client_outer contains the outer ECH extension to send in the
|
|
1836
|
+
// ClientHello, excluding the header and type byte.
|
|
1837
|
+
Array<uint8_t> ech_client_outer;
|
|
1838
|
+
|
|
1839
|
+
// ech_retry_configs, on the client, contains the retry configs from the
|
|
1840
|
+
// server as a serialized ECHConfigList.
|
|
1841
|
+
Array<uint8_t> ech_retry_configs;
|
|
1842
|
+
|
|
1843
|
+
// ech_client_hello_buf, on the server, contains the bytes of the
|
|
1844
|
+
// reconstructed ClientHelloInner message.
|
|
1845
|
+
Array<uint8_t> ech_client_hello_buf;
|
|
1846
|
+
|
|
1847
|
+
// key_share_bytes is the key_share extension that the client should send.
|
|
1643
1848
|
Array<uint8_t> key_share_bytes;
|
|
1644
1849
|
|
|
1645
1850
|
// ecdh_public_key, for servers, is the key share to be sent to the client in
|
|
@@ -1663,17 +1868,21 @@ struct SSL_HANDSHAKE {
|
|
|
1663
1868
|
// peer_key is the peer's ECDH key for a TLS 1.2 client.
|
|
1664
1869
|
Array<uint8_t> peer_key;
|
|
1665
1870
|
|
|
1666
|
-
//
|
|
1667
|
-
//
|
|
1668
|
-
//
|
|
1669
|
-
|
|
1670
|
-
uint16_t negotiated_token_binding_version;
|
|
1871
|
+
// extension_permutation is the permutation to apply to ClientHello
|
|
1872
|
+
// extensions. It maps indices into the |kExtensions| table into other
|
|
1873
|
+
// indices.
|
|
1874
|
+
Array<uint8_t> extension_permutation;
|
|
1671
1875
|
|
|
1672
1876
|
// cert_compression_alg_id, for a server, contains the negotiated certificate
|
|
1673
1877
|
// compression algorithm for this client. It is only valid if
|
|
1674
1878
|
// |cert_compression_negotiated| is true.
|
|
1675
1879
|
uint16_t cert_compression_alg_id;
|
|
1676
1880
|
|
|
1881
|
+
// ech_hpke_ctx is the HPKE context used in ECH. On the server, it is
|
|
1882
|
+
// initialized if |ech_status| is |ssl_ech_accepted|. On the client, it is
|
|
1883
|
+
// initialized if |selected_ech_config| is not nullptr.
|
|
1884
|
+
ScopedEVP_HPKE_CTX ech_hpke_ctx;
|
|
1885
|
+
|
|
1677
1886
|
// server_params, in a TLS 1.2 server, stores the ServerKeyExchange
|
|
1678
1887
|
// parameters. It has client and server randoms prepended for signing
|
|
1679
1888
|
// convenience.
|
|
@@ -1710,19 +1919,40 @@ struct SSL_HANDSHAKE {
|
|
|
1710
1919
|
// the client if |in_early_data| is true.
|
|
1711
1920
|
UniquePtr<SSL_SESSION> early_session;
|
|
1712
1921
|
|
|
1922
|
+
// ssl_ech_keys, for servers, is the set of ECH keys to use with this
|
|
1923
|
+
// handshake. This is copied from |SSL_CTX| to ensure consistent behavior as
|
|
1924
|
+
// |SSL_CTX| rotates keys.
|
|
1925
|
+
UniquePtr<SSL_ECH_KEYS> ech_keys;
|
|
1926
|
+
|
|
1927
|
+
// selected_ech_config, for clients, is the ECHConfig the client uses to offer
|
|
1928
|
+
// ECH, or nullptr if ECH is not being offered. If non-NULL, |ech_hpke_ctx|
|
|
1929
|
+
// will be initialized.
|
|
1930
|
+
UniquePtr<ECHConfig> selected_ech_config;
|
|
1931
|
+
|
|
1713
1932
|
// new_cipher is the cipher being negotiated in this handshake.
|
|
1714
1933
|
const SSL_CIPHER *new_cipher = nullptr;
|
|
1715
1934
|
|
|
1716
1935
|
// key_block is the record-layer key block for TLS 1.2 and earlier.
|
|
1717
1936
|
Array<uint8_t> key_block;
|
|
1718
1937
|
|
|
1938
|
+
// hints contains the handshake hints for this connection. If
|
|
1939
|
+
// |hints_requested| is true, this field is non-null and contains the pending
|
|
1940
|
+
// hints to filled as the predicted handshake progresses. Otherwise, this
|
|
1941
|
+
// field, if non-null, contains hints configured by the caller and will
|
|
1942
|
+
// influence the handshake on match.
|
|
1943
|
+
UniquePtr<SSL_HANDSHAKE_HINTS> hints;
|
|
1944
|
+
|
|
1945
|
+
// ech_is_inner, on the server, indicates whether the ClientHello contained an
|
|
1946
|
+
// inner ECH extension.
|
|
1947
|
+
bool ech_is_inner : 1;
|
|
1948
|
+
|
|
1949
|
+
// ech_authenticated_reject, on the client, indicates whether an ECH rejection
|
|
1950
|
+
// handshake has been authenticated.
|
|
1951
|
+
bool ech_authenticated_reject : 1;
|
|
1952
|
+
|
|
1719
1953
|
// scts_requested is true if the SCT extension is in the ClientHello.
|
|
1720
1954
|
bool scts_requested : 1;
|
|
1721
1955
|
|
|
1722
|
-
// needs_psk_binder is true if the ClientHello has a placeholder PSK binder to
|
|
1723
|
-
// be filled in.
|
|
1724
|
-
bool needs_psk_binder : 1;
|
|
1725
|
-
|
|
1726
1956
|
// handshake_finalized is true once the handshake has completed, at which
|
|
1727
1957
|
// point accessors should use the established state.
|
|
1728
1958
|
bool handshake_finalized : 1;
|
|
@@ -1784,15 +2014,17 @@ struct SSL_HANDSHAKE {
|
|
|
1784
2014
|
// in progress.
|
|
1785
2015
|
bool pending_private_key_op : 1;
|
|
1786
2016
|
|
|
1787
|
-
// grease_seeded is true if |grease_seed| has been initialized.
|
|
1788
|
-
bool grease_seeded : 1;
|
|
1789
|
-
|
|
1790
2017
|
// handback indicates that a server should pause the handshake after
|
|
1791
2018
|
// finishing operations that require private key material, in such a way that
|
|
1792
2019
|
// |SSL_get_error| returns |SSL_ERROR_HANDBACK|. It is set by
|
|
1793
2020
|
// |SSL_apply_handoff|.
|
|
1794
2021
|
bool handback : 1;
|
|
1795
2022
|
|
|
2023
|
+
// hints_requested indicates the caller has requested handshake hints. Only
|
|
2024
|
+
// the first round-trip of the handshake will complete, after which the
|
|
2025
|
+
// |hints| structure can be serialized.
|
|
2026
|
+
bool hints_requested : 1;
|
|
2027
|
+
|
|
1796
2028
|
// cert_compression_negotiated is true iff |cert_compression_alg_id| is valid.
|
|
1797
2029
|
bool cert_compression_negotiated : 1;
|
|
1798
2030
|
|
|
@@ -1800,6 +2032,14 @@ struct SSL_HANDSHAKE {
|
|
|
1800
2032
|
// which implemented TLS 1.3 incorrectly.
|
|
1801
2033
|
bool apply_jdk11_workaround : 1;
|
|
1802
2034
|
|
|
2035
|
+
// can_release_private_key is true if the private key will no longer be used
|
|
2036
|
+
// in this handshake.
|
|
2037
|
+
bool can_release_private_key : 1;
|
|
2038
|
+
|
|
2039
|
+
// channel_id_negotiated is true if Channel ID should be used in this
|
|
2040
|
+
// handshake.
|
|
2041
|
+
bool channel_id_negotiated : 1;
|
|
2042
|
+
|
|
1803
2043
|
// client_version is the value sent or received in the ClientHello version.
|
|
1804
2044
|
uint16_t client_version = 0;
|
|
1805
2045
|
|
|
@@ -1811,12 +2051,14 @@ struct SSL_HANDSHAKE {
|
|
|
1811
2051
|
// record layer.
|
|
1812
2052
|
uint16_t early_data_written = 0;
|
|
1813
2053
|
|
|
2054
|
+
// ech_config_id is the ECH config sent by the client.
|
|
2055
|
+
uint8_t ech_config_id = 0;
|
|
2056
|
+
|
|
1814
2057
|
// session_id is the session ID in the ClientHello.
|
|
1815
2058
|
uint8_t session_id[SSL_MAX_SSL_SESSION_ID_LENGTH] = {0};
|
|
1816
2059
|
uint8_t session_id_len = 0;
|
|
1817
2060
|
|
|
1818
|
-
// grease_seed is the entropy for GREASE values.
|
|
1819
|
-
// |grease_seeded| is true.
|
|
2061
|
+
// grease_seed is the entropy for GREASE values.
|
|
1820
2062
|
uint8_t grease_seed[ssl_grease_last_index + 1] = {0};
|
|
1821
2063
|
};
|
|
1822
2064
|
|
|
@@ -1876,12 +2118,23 @@ bool tls13_process_new_session_ticket(SSL *ssl, const SSLMessage &msg);
|
|
|
1876
2118
|
bssl::UniquePtr<SSL_SESSION> tls13_create_session_with_ticket(SSL *ssl,
|
|
1877
2119
|
CBS *body);
|
|
1878
2120
|
|
|
2121
|
+
// ssl_setup_extension_permutation computes a ClientHello extension permutation
|
|
2122
|
+
// for |hs|, if applicable. It returns true on success and false on error.
|
|
2123
|
+
bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs);
|
|
2124
|
+
|
|
2125
|
+
// ssl_setup_key_shares computes client key shares and saves them in |hs|. It
|
|
2126
|
+
// returns true on success and false on failure. If |override_group_id| is zero,
|
|
2127
|
+
// it offers the default groups, including GREASE. If it is non-zero, it offers
|
|
2128
|
+
// a single key share of the specified group.
|
|
2129
|
+
bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id);
|
|
2130
|
+
|
|
1879
2131
|
bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
1880
2132
|
Array<uint8_t> *out_secret,
|
|
1881
2133
|
uint8_t *out_alert, CBS *contents);
|
|
1882
2134
|
bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
1883
|
-
|
|
1884
|
-
uint8_t *out_alert,
|
|
2135
|
+
Span<const uint8_t> *out_peer_key,
|
|
2136
|
+
uint8_t *out_alert,
|
|
2137
|
+
const SSL_CLIENT_HELLO *client_hello);
|
|
1885
2138
|
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
|
|
1886
2139
|
|
|
1887
2140
|
bool ssl_ext_pre_shared_key_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
@@ -1897,7 +2150,33 @@ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out);
|
|
|
1897
2150
|
// returns whether it's valid.
|
|
1898
2151
|
bool ssl_is_sct_list_valid(const CBS *contents);
|
|
1899
2152
|
|
|
1900
|
-
|
|
2153
|
+
// ssl_write_client_hello_without_extensions writes a ClientHello to |out|,
|
|
2154
|
+
// up to the extensions field. |type| determines the type of ClientHello to
|
|
2155
|
+
// write. If |omit_session_id| is true, the session ID is empty.
|
|
2156
|
+
bool ssl_write_client_hello_without_extensions(const SSL_HANDSHAKE *hs,
|
|
2157
|
+
CBB *cbb,
|
|
2158
|
+
ssl_client_hello_type_t type,
|
|
2159
|
+
bool empty_session_id);
|
|
2160
|
+
|
|
2161
|
+
// ssl_add_client_hello constructs a ClientHello and adds it to the outgoing
|
|
2162
|
+
// flight. It returns true on success and false on error.
|
|
2163
|
+
bool ssl_add_client_hello(SSL_HANDSHAKE *hs);
|
|
2164
|
+
|
|
2165
|
+
struct ParsedServerHello {
|
|
2166
|
+
CBS raw;
|
|
2167
|
+
uint16_t legacy_version = 0;
|
|
2168
|
+
CBS random;
|
|
2169
|
+
CBS session_id;
|
|
2170
|
+
uint16_t cipher_suite = 0;
|
|
2171
|
+
uint8_t compression_method = 0;
|
|
2172
|
+
CBS extensions;
|
|
2173
|
+
};
|
|
2174
|
+
|
|
2175
|
+
// ssl_parse_server_hello parses |msg| as a ServerHello. On success, it writes
|
|
2176
|
+
// the result to |*out| and returns true. Otherwise, it returns false and sets
|
|
2177
|
+
// |*out_alert| to an alert to send to the peer.
|
|
2178
|
+
bool ssl_parse_server_hello(ParsedServerHello *out, uint8_t *out_alert,
|
|
2179
|
+
const SSLMessage &msg);
|
|
1901
2180
|
|
|
1902
2181
|
enum ssl_cert_verify_context_t {
|
|
1903
2182
|
ssl_cert_verify_server,
|
|
@@ -1913,6 +2192,9 @@ bool tls13_get_cert_verify_signature_input(
|
|
|
1913
2192
|
SSL_HANDSHAKE *hs, Array<uint8_t> *out,
|
|
1914
2193
|
enum ssl_cert_verify_context_t cert_verify_context);
|
|
1915
2194
|
|
|
2195
|
+
// ssl_is_valid_alpn_list returns whether |in| is a valid ALPN protocol list.
|
|
2196
|
+
bool ssl_is_valid_alpn_list(Span<const uint8_t> in);
|
|
2197
|
+
|
|
1916
2198
|
// ssl_is_alpn_protocol_allowed returns whether |protocol| is a valid server
|
|
1917
2199
|
// selection for |hs->ssl|'s client preferences.
|
|
1918
2200
|
bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
|
|
@@ -1924,25 +2206,38 @@ bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
|
|
|
1924
2206
|
bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1925
2207
|
const SSL_CLIENT_HELLO *client_hello);
|
|
1926
2208
|
|
|
2209
|
+
// ssl_get_local_application_settings looks up the configured ALPS value for
|
|
2210
|
+
// |protocol|. If found, it sets |*out_settings| to the value and returns true.
|
|
2211
|
+
// Otherwise, it returns false.
|
|
2212
|
+
bool ssl_get_local_application_settings(const SSL_HANDSHAKE *hs,
|
|
2213
|
+
Span<const uint8_t> *out_settings,
|
|
2214
|
+
Span<const uint8_t> protocol);
|
|
2215
|
+
|
|
1927
2216
|
// ssl_negotiate_alps negotiates the ALPS extension, if applicable. It returns
|
|
1928
2217
|
// true on successful negotiation or if nothing was negotiated. It returns false
|
|
1929
2218
|
// and sets |*out_alert| to an alert on error.
|
|
1930
2219
|
bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1931
2220
|
const SSL_CLIENT_HELLO *client_hello);
|
|
1932
2221
|
|
|
1933
|
-
struct
|
|
2222
|
+
struct SSLExtension {
|
|
2223
|
+
SSLExtension(uint16_t type_arg, bool allowed_arg = true)
|
|
2224
|
+
: type(type_arg), allowed(allowed_arg), present(false) {
|
|
2225
|
+
CBS_init(&data, nullptr, 0);
|
|
2226
|
+
}
|
|
2227
|
+
|
|
1934
2228
|
uint16_t type;
|
|
1935
|
-
bool
|
|
1936
|
-
|
|
2229
|
+
bool allowed;
|
|
2230
|
+
bool present;
|
|
2231
|
+
CBS data;
|
|
1937
2232
|
};
|
|
1938
2233
|
|
|
1939
2234
|
// ssl_parse_extensions parses a TLS extensions block out of |cbs| and advances
|
|
1940
|
-
// it. It writes the parsed extensions to pointers
|
|
1941
|
-
//
|
|
1942
|
-
//
|
|
1943
|
-
//
|
|
2235
|
+
// it. It writes the parsed extensions to pointers in |extensions|. On success,
|
|
2236
|
+
// it fills in the |present| and |data| fields and returns true. Otherwise, it
|
|
2237
|
+
// sets |*out_alert| to an alert to send and returns false. Unknown extensions
|
|
2238
|
+
// are rejected unless |ignore_unknown| is true.
|
|
1944
2239
|
bool ssl_parse_extensions(const CBS *cbs, uint8_t *out_alert,
|
|
1945
|
-
|
|
2240
|
+
std::initializer_list<SSLExtension *> extensions,
|
|
1946
2241
|
bool ignore_unknown);
|
|
1947
2242
|
|
|
1948
2243
|
// ssl_verify_peer_cert verifies the peer certificate for |hs|.
|
|
@@ -1960,6 +2255,10 @@ bool ssl_output_cert_chain(SSL_HANDSHAKE *hs);
|
|
|
1960
2255
|
// handshake. Note, in TLS 1.2 resumptions, this session is immutable.
|
|
1961
2256
|
const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs);
|
|
1962
2257
|
|
|
2258
|
+
// ssl_done_writing_client_hello is called after the last ClientHello is written
|
|
2259
|
+
// by |hs|. It releases some memory that is no longer needed.
|
|
2260
|
+
void ssl_done_writing_client_hello(SSL_HANDSHAKE *hs);
|
|
2261
|
+
|
|
1963
2262
|
|
|
1964
2263
|
// SSLKEYLOGFILE functions.
|
|
1965
2264
|
|
|
@@ -1971,8 +2270,14 @@ bool ssl_log_secret(const SSL *ssl, const char *label,
|
|
|
1971
2270
|
|
|
1972
2271
|
// ClientHello functions.
|
|
1973
2272
|
|
|
1974
|
-
|
|
1975
|
-
|
|
2273
|
+
// ssl_client_hello_init parses |body| as a ClientHello message, excluding the
|
|
2274
|
+
// message header, and writes the result to |*out|. It returns true on success
|
|
2275
|
+
// and false on error. This function is exported for testing.
|
|
2276
|
+
OPENSSL_EXPORT bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
|
2277
|
+
Span<const uint8_t> body);
|
|
2278
|
+
|
|
2279
|
+
bool ssl_parse_client_hello_with_trailing_data(const SSL *ssl, CBS *cbs,
|
|
2280
|
+
SSL_CLIENT_HELLO *out);
|
|
1976
2281
|
|
|
1977
2282
|
bool ssl_client_hello_get_extension(const SSL_CLIENT_HELLO *client_hello,
|
|
1978
2283
|
CBS *out, uint16_t extension_type);
|
|
@@ -1987,7 +2292,8 @@ bool ssl_client_cipher_list_contains_cipher(
|
|
|
1987
2292
|
// connection, the values for each index will be deterministic. This allows the
|
|
1988
2293
|
// same ClientHello be sent twice for a HelloRetryRequest or the same group be
|
|
1989
2294
|
// advertised in both supported_groups and key_shares.
|
|
1990
|
-
uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs,
|
|
2295
|
+
uint16_t ssl_get_grease_value(const SSL_HANDSHAKE *hs,
|
|
2296
|
+
enum ssl_grease_index_t index);
|
|
1991
2297
|
|
|
1992
2298
|
|
|
1993
2299
|
// Signature algorithms.
|
|
@@ -2033,7 +2339,7 @@ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
2033
2339
|
|
|
2034
2340
|
#define TLSEXT_CHANNEL_ID_SIZE 128
|
|
2035
2341
|
|
|
2036
|
-
// From
|
|
2342
|
+
// From RFC 4492, used in encoding the curve type in ECParameters
|
|
2037
2343
|
#define NAMED_CURVE_TYPE 3
|
|
2038
2344
|
|
|
2039
2345
|
struct CERT {
|
|
@@ -2147,10 +2453,11 @@ struct SSL_PROTOCOL_METHOD {
|
|
|
2147
2453
|
// init_message begins a new handshake message of type |type|. |cbb| is the
|
|
2148
2454
|
// root CBB to be passed into |finish_message|. |*body| is set to a child CBB
|
|
2149
2455
|
// the caller should write to. It returns true on success and false on error.
|
|
2150
|
-
bool (*init_message)(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2456
|
+
bool (*init_message)(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2151
2457
|
// finish_message finishes a handshake message. It sets |*out_msg| to the
|
|
2152
2458
|
// serialized message. It returns true on success and false on error.
|
|
2153
|
-
bool (*finish_message)(SSL *ssl, CBB *cbb,
|
|
2459
|
+
bool (*finish_message)(const SSL *ssl, CBB *cbb,
|
|
2460
|
+
bssl::Array<uint8_t> *out_msg);
|
|
2154
2461
|
// add_message adds a handshake message to the pending flight. It returns
|
|
2155
2462
|
// true on success and false on error.
|
|
2156
2463
|
bool (*add_message)(SSL *ssl, bssl::Array<uint8_t> msg);
|
|
@@ -2299,6 +2606,16 @@ enum ssl_shutdown_t {
|
|
|
2299
2606
|
ssl_shutdown_error = 2,
|
|
2300
2607
|
};
|
|
2301
2608
|
|
|
2609
|
+
enum ssl_ech_status_t {
|
|
2610
|
+
// ssl_ech_none indicates ECH was not offered, or we have not gotten far
|
|
2611
|
+
// enough in the handshake to determine the status.
|
|
2612
|
+
ssl_ech_none,
|
|
2613
|
+
// ssl_ech_accepted indicates the server accepted ECH.
|
|
2614
|
+
ssl_ech_accepted,
|
|
2615
|
+
// ssl_ech_rejected indicates the server was offered ECH but rejected it.
|
|
2616
|
+
ssl_ech_rejected,
|
|
2617
|
+
};
|
|
2618
|
+
|
|
2302
2619
|
struct SSL3_STATE {
|
|
2303
2620
|
static constexpr bool kAllowUniquePtr = true;
|
|
2304
2621
|
|
|
@@ -2361,9 +2678,8 @@ struct SSL3_STATE {
|
|
|
2361
2678
|
// key_update_count is the number of consecutive KeyUpdates received.
|
|
2362
2679
|
uint8_t key_update_count = 0;
|
|
2363
2680
|
|
|
2364
|
-
//
|
|
2365
|
-
|
|
2366
|
-
uint8_t negotiated_token_binding_param = 0;
|
|
2681
|
+
// ech_status indicates whether ECH was accepted by the server.
|
|
2682
|
+
ssl_ech_status_t ech_status = ssl_ech_none;
|
|
2367
2683
|
|
|
2368
2684
|
// skip_early_data instructs the record layer to skip unexpected early data
|
|
2369
2685
|
// messages when 0RTT is rejected.
|
|
@@ -2398,9 +2714,8 @@ struct SSL3_STATE {
|
|
|
2398
2714
|
|
|
2399
2715
|
bool send_connection_binding : 1;
|
|
2400
2716
|
|
|
2401
|
-
//
|
|
2402
|
-
// Channel ID
|
|
2403
|
-
// Channel IDs and that |channel_id| will be valid after the handshake.
|
|
2717
|
+
// channel_id_valid is true if, on the server, the client has negotiated a
|
|
2718
|
+
// Channel ID and the |channel_id| field is filled in.
|
|
2404
2719
|
bool channel_id_valid : 1;
|
|
2405
2720
|
|
|
2406
2721
|
// key_update_pending is true if we have a KeyUpdate acknowledgment
|
|
@@ -2413,12 +2728,6 @@ struct SSL3_STATE {
|
|
|
2413
2728
|
// early_data_accepted is true if early data was accepted by the server.
|
|
2414
2729
|
bool early_data_accepted : 1;
|
|
2415
2730
|
|
|
2416
|
-
// tls13_downgrade is whether the TLS 1.3 anti-downgrade logic fired.
|
|
2417
|
-
bool tls13_downgrade : 1;
|
|
2418
|
-
|
|
2419
|
-
// token_binding_negotiated is set if Token Binding was negotiated.
|
|
2420
|
-
bool token_binding_negotiated : 1;
|
|
2421
|
-
|
|
2422
2731
|
// alert_dispatch is true there is an alert in |send_alert| to be sent.
|
|
2423
2732
|
bool alert_dispatch : 1;
|
|
2424
2733
|
|
|
@@ -2701,7 +3010,8 @@ struct SSL_CONFIG {
|
|
|
2701
3010
|
|
|
2702
3011
|
Array<uint16_t> supported_group_list; // our list
|
|
2703
3012
|
|
|
2704
|
-
//
|
|
3013
|
+
// channel_id_private is the client's Channel ID private key, or null if
|
|
3014
|
+
// Channel ID should not be offered on this connection.
|
|
2705
3015
|
UniquePtr<EVP_PKEY> channel_id_private;
|
|
2706
3016
|
|
|
2707
3017
|
// For a client, this contains the list of supported protocols in wire
|
|
@@ -2712,9 +3022,6 @@ struct SSL_CONFIG {
|
|
|
2712
3022
|
// along with their corresponding ALPS values.
|
|
2713
3023
|
GrowableArray<ALPSConfig> alps_configs;
|
|
2714
3024
|
|
|
2715
|
-
// Contains a list of supported Token Binding key parameters.
|
|
2716
|
-
Array<uint8_t> token_binding_params;
|
|
2717
|
-
|
|
2718
3025
|
// Contains the QUIC transport params that this endpoint will send.
|
|
2719
3026
|
Array<uint8_t> quic_transport_params;
|
|
2720
3027
|
|
|
@@ -2729,9 +3036,17 @@ struct SSL_CONFIG {
|
|
|
2729
3036
|
// DTLS-SRTP.
|
|
2730
3037
|
UniquePtr<STACK_OF(SRTP_PROTECTION_PROFILE)> srtp_profiles;
|
|
2731
3038
|
|
|
3039
|
+
// client_ech_config_list, if not empty, is a serialized ECHConfigList
|
|
3040
|
+
// structure for the client to use when negotiating ECH.
|
|
3041
|
+
Array<uint8_t> client_ech_config_list;
|
|
3042
|
+
|
|
2732
3043
|
// verify_mode is a bitmask of |SSL_VERIFY_*| values.
|
|
2733
3044
|
uint8_t verify_mode = SSL_VERIFY_NONE;
|
|
2734
3045
|
|
|
3046
|
+
// ech_grease_enabled controls whether ECH GREASE may be sent in the
|
|
3047
|
+
// ClientHello.
|
|
3048
|
+
bool ech_grease_enabled : 1;
|
|
3049
|
+
|
|
2735
3050
|
// Enable signed certificate time stamps. Currently client only.
|
|
2736
3051
|
bool signed_cert_timestamps_enabled : 1;
|
|
2737
3052
|
|
|
@@ -2739,9 +3054,8 @@ struct SSL_CONFIG {
|
|
|
2739
3054
|
// whether OCSP stapling will be requested.
|
|
2740
3055
|
bool ocsp_stapling_enabled : 1;
|
|
2741
3056
|
|
|
2742
|
-
// channel_id_enabled is copied from the |SSL_CTX|. For a server, means
|
|
2743
|
-
// we'll accept Channel IDs from clients.
|
|
2744
|
-
// advertise support.
|
|
3057
|
+
// channel_id_enabled is copied from the |SSL_CTX|. For a server, it means
|
|
3058
|
+
// that we'll accept Channel IDs from clients. It is ignored on the client.
|
|
2745
3059
|
bool channel_id_enabled : 1;
|
|
2746
3060
|
|
|
2747
3061
|
// If enforce_rsa_key_usage is true, the handshake will fail if the
|
|
@@ -2764,13 +3078,16 @@ struct SSL_CONFIG {
|
|
|
2764
3078
|
// should be freed after the handshake completes.
|
|
2765
3079
|
bool shed_handshake_config : 1;
|
|
2766
3080
|
|
|
2767
|
-
// ignore_tls13_downgrade is whether the connection should continue when the
|
|
2768
|
-
// server random signals a downgrade.
|
|
2769
|
-
bool ignore_tls13_downgrade : 1;
|
|
2770
|
-
|
|
2771
3081
|
// jdk11_workaround is whether to disable TLS 1.3 for JDK 11 clients, as a
|
|
2772
3082
|
// workaround for https://bugs.openjdk.java.net/browse/JDK-8211806.
|
|
2773
3083
|
bool jdk11_workaround : 1;
|
|
3084
|
+
|
|
3085
|
+
// QUIC drafts up to and including 32 used a different TLS extension
|
|
3086
|
+
// codepoint to convey QUIC's transport parameters.
|
|
3087
|
+
bool quic_use_legacy_codepoint : 1;
|
|
3088
|
+
|
|
3089
|
+
// permute_extensions is whether to permute extensions when sending messages.
|
|
3090
|
+
bool permute_extensions : 1;
|
|
2774
3091
|
};
|
|
2775
3092
|
|
|
2776
3093
|
// From RFC 8446, used in determining PSK modes.
|
|
@@ -2791,7 +3108,7 @@ bool ssl_is_key_type_supported(int key_type);
|
|
|
2791
3108
|
bool ssl_compare_public_and_private_key(const EVP_PKEY *pubkey,
|
|
2792
3109
|
const EVP_PKEY *privkey);
|
|
2793
3110
|
bool ssl_cert_check_private_key(const CERT *cert, const EVP_PKEY *privkey);
|
|
2794
|
-
|
|
3111
|
+
bool ssl_get_new_session(SSL_HANDSHAKE *hs);
|
|
2795
3112
|
int ssl_encrypt_ticket(SSL_HANDSHAKE *hs, CBB *out, const SSL_SESSION *session);
|
|
2796
3113
|
int ssl_ctx_rotate_ticket_encryption_key(SSL_CTX *ctx);
|
|
2797
3114
|
|
|
@@ -2872,7 +3189,7 @@ void ssl_session_rebase_time(SSL *ssl, SSL_SESSION *session);
|
|
|
2872
3189
|
void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session,
|
|
2873
3190
|
uint32_t timeout);
|
|
2874
3191
|
|
|
2875
|
-
void ssl_update_cache(
|
|
3192
|
+
void ssl_update_cache(SSL *ssl);
|
|
2876
3193
|
|
|
2877
3194
|
void ssl_send_alert(SSL *ssl, int level, int desc);
|
|
2878
3195
|
int ssl_send_alert_impl(SSL *ssl, int level, int desc);
|
|
@@ -2894,14 +3211,14 @@ int tls_write_app_data(SSL *ssl, bool *out_needs_handshake, const uint8_t *buf,
|
|
|
2894
3211
|
bool tls_new(SSL *ssl);
|
|
2895
3212
|
void tls_free(SSL *ssl);
|
|
2896
3213
|
|
|
2897
|
-
bool tls_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2898
|
-
bool tls_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
3214
|
+
bool tls_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
3215
|
+
bool tls_finish_message(const SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
2899
3216
|
bool tls_add_message(SSL *ssl, Array<uint8_t> msg);
|
|
2900
3217
|
bool tls_add_change_cipher_spec(SSL *ssl);
|
|
2901
3218
|
int tls_flush_flight(SSL *ssl);
|
|
2902
3219
|
|
|
2903
|
-
bool dtls1_init_message(SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
2904
|
-
bool dtls1_finish_message(SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
3220
|
+
bool dtls1_init_message(const SSL *ssl, CBB *cbb, CBB *body, uint8_t type);
|
|
3221
|
+
bool dtls1_finish_message(const SSL *ssl, CBB *cbb, Array<uint8_t> *out_msg);
|
|
2905
3222
|
bool dtls1_add_message(SSL *ssl, Array<uint8_t> msg);
|
|
2906
3223
|
bool dtls1_add_change_cipher_spec(SSL *ssl);
|
|
2907
3224
|
int dtls1_flush_flight(SSL *ssl);
|
|
@@ -2986,16 +3303,28 @@ bool tls1_set_curves(Array<uint16_t> *out_group_ids, Span<const int> curves);
|
|
|
2986
3303
|
// false.
|
|
2987
3304
|
bool tls1_set_curves_list(Array<uint16_t> *out_group_ids, const char *curves);
|
|
2988
3305
|
|
|
2989
|
-
// ssl_add_clienthello_tlsext writes ClientHello extensions to |out
|
|
2990
|
-
// true on success and false on failure. The |header_len| argument is
|
|
2991
|
-
// of the ClientHello written so far and is used to compute the
|
|
2992
|
-
// (It does not include the record header.)
|
|
2993
|
-
|
|
3306
|
+
// ssl_add_clienthello_tlsext writes ClientHello extensions to |out| for |type|.
|
|
3307
|
+
// It returns true on success and false on failure. The |header_len| argument is
|
|
3308
|
+
// the length of the ClientHello written so far and is used to compute the
|
|
3309
|
+
// padding length. (It does not include the record header or handshake headers.)
|
|
3310
|
+
//
|
|
3311
|
+
// If |type| is |ssl_client_hello_inner|, this function also writes the
|
|
3312
|
+
// compressed extensions to |out_encoded|. Otherwise, |out_encoded| should be
|
|
3313
|
+
// nullptr.
|
|
3314
|
+
//
|
|
3315
|
+
// On success, the function sets |*out_needs_psk_binder| to whether the last
|
|
3316
|
+
// ClientHello extension was the pre_shared_key extension and needs a PSK binder
|
|
3317
|
+
// filled in. The caller should then update |out| and, if applicable,
|
|
3318
|
+
// |out_encoded| with the binder after completing the whole message.
|
|
3319
|
+
bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
|
|
3320
|
+
bool *out_needs_psk_binder,
|
|
3321
|
+
ssl_client_hello_type_t type,
|
|
3322
|
+
size_t header_len);
|
|
2994
3323
|
|
|
2995
3324
|
bool ssl_add_serverhello_tlsext(SSL_HANDSHAKE *hs, CBB *out);
|
|
2996
3325
|
bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
|
2997
3326
|
const SSL_CLIENT_HELLO *client_hello);
|
|
2998
|
-
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *
|
|
3327
|
+
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *extensions);
|
|
2999
3328
|
|
|
3000
3329
|
#define tlsext_tick_md EVP_sha256
|
|
3001
3330
|
|
|
@@ -3033,12 +3362,6 @@ bool tls1_channel_id_hash(SSL_HANDSHAKE *hs, uint8_t *out, size_t *out_len);
|
|
|
3033
3362
|
// data.
|
|
3034
3363
|
bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs);
|
|
3035
3364
|
|
|
3036
|
-
// ssl_do_channel_id_callback checks runs |hs->ssl->ctx->channel_id_cb| if
|
|
3037
|
-
// necessary. It returns true on success and false on fatal error. Note that, on
|
|
3038
|
-
// success, |hs->ssl->channel_id_private| may be unset, in which case the
|
|
3039
|
-
// operation should be retried later.
|
|
3040
|
-
bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs);
|
|
3041
|
-
|
|
3042
3365
|
// ssl_can_write returns whether |ssl| is allowed to write.
|
|
3043
3366
|
bool ssl_can_write(const SSL *ssl);
|
|
3044
3367
|
|
|
@@ -3162,9 +3485,6 @@ struct ssl_ctx_st {
|
|
|
3162
3485
|
int (*client_cert_cb)(SSL *ssl, X509 **out_x509,
|
|
3163
3486
|
EVP_PKEY **out_pkey) = nullptr;
|
|
3164
3487
|
|
|
3165
|
-
// get channel id callback
|
|
3166
|
-
void (*channel_id_cb)(SSL *ssl, EVP_PKEY **out_pkey) = nullptr;
|
|
3167
|
-
|
|
3168
3488
|
CRYPTO_EX_DATA ex_data;
|
|
3169
3489
|
|
|
3170
3490
|
// Default values used when no per-SSL value is defined follow
|
|
@@ -3292,9 +3612,15 @@ struct ssl_ctx_st {
|
|
|
3292
3612
|
// Supported group values inherited by SSL structure
|
|
3293
3613
|
bssl::Array<uint16_t> supported_group_list;
|
|
3294
3614
|
|
|
3295
|
-
//
|
|
3615
|
+
// channel_id_private is the client's Channel ID private key, or null if
|
|
3616
|
+
// Channel ID should not be offered on this connection.
|
|
3296
3617
|
bssl::UniquePtr<EVP_PKEY> channel_id_private;
|
|
3297
3618
|
|
|
3619
|
+
// ech_keys contains the server's list of ECHConfig values and associated
|
|
3620
|
+
// private keys. This list may be swapped out at any time, so all access must
|
|
3621
|
+
// be synchronized through |lock|.
|
|
3622
|
+
bssl::UniquePtr<SSL_ECH_KEYS> ech_keys;
|
|
3623
|
+
|
|
3298
3624
|
// keylog_callback, if not NULL, is the key logging callback. See
|
|
3299
3625
|
// |SSL_CTX_set_keylog_callback|.
|
|
3300
3626
|
void (*keylog_callback)(const SSL *ssl, const char *line) = nullptr;
|
|
@@ -3342,9 +3668,12 @@ struct ssl_ctx_st {
|
|
|
3342
3668
|
// advertise support.
|
|
3343
3669
|
bool channel_id_enabled : 1;
|
|
3344
3670
|
|
|
3345
|
-
// grease_enabled is whether
|
|
3671
|
+
// grease_enabled is whether GREASE (RFC 8701) is enabled.
|
|
3346
3672
|
bool grease_enabled : 1;
|
|
3347
3673
|
|
|
3674
|
+
// permute_extensions is whether to permute extensions when sending messages.
|
|
3675
|
+
bool permute_extensions : 1;
|
|
3676
|
+
|
|
3348
3677
|
// allow_unknown_alpn_protos is whether the client allows unsolicited ALPN
|
|
3349
3678
|
// protocols from the peer.
|
|
3350
3679
|
bool allow_unknown_alpn_protos : 1;
|
|
@@ -3353,10 +3682,6 @@ struct ssl_ctx_st {
|
|
|
3353
3682
|
// |SSL_MODE_ENABLE_FALSE_START| is enabled) is allowed without ALPN.
|
|
3354
3683
|
bool false_start_allowed_without_alpn : 1;
|
|
3355
3684
|
|
|
3356
|
-
// ignore_tls13_downgrade is whether a connection should continue when the
|
|
3357
|
-
// server random signals a downgrade.
|
|
3358
|
-
bool ignore_tls13_downgrade:1;
|
|
3359
|
-
|
|
3360
3685
|
// handoff indicates that a server should stop after receiving the
|
|
3361
3686
|
// ClientHello and pause the handshake in such a way that |SSL_get_error|
|
|
3362
3687
|
// returns |SSL_ERROR_HANDOFF|.
|
|
@@ -3477,10 +3802,12 @@ struct ssl_session_st {
|
|
|
3477
3802
|
// the peer, or zero if not applicable or unknown.
|
|
3478
3803
|
uint16_t peer_signature_algorithm = 0;
|
|
3479
3804
|
|
|
3480
|
-
//
|
|
3481
|
-
// session. In TLS 1.3 and up, it is the resumption
|
|
3482
|
-
|
|
3483
|
-
|
|
3805
|
+
// secret, in TLS 1.2 and below, is the master secret associated with the
|
|
3806
|
+
// session. In TLS 1.3 and up, it is the resumption PSK for sessions handed to
|
|
3807
|
+
// the caller, but it stores the resumption secret when stored on |SSL|
|
|
3808
|
+
// objects.
|
|
3809
|
+
int secret_length = 0;
|
|
3810
|
+
uint8_t secret[SSL_MAX_MASTER_KEY_LENGTH] = {0};
|
|
3484
3811
|
|
|
3485
3812
|
// session_id - valid?
|
|
3486
3813
|
unsigned session_id_length = 0;
|
|
@@ -3610,5 +3937,17 @@ struct ssl_session_st {
|
|
|
3610
3937
|
friend void SSL_SESSION_free(SSL_SESSION *);
|
|
3611
3938
|
};
|
|
3612
3939
|
|
|
3940
|
+
struct ssl_ech_keys_st {
|
|
3941
|
+
ssl_ech_keys_st() = default;
|
|
3942
|
+
ssl_ech_keys_st(const ssl_ech_keys_st &) = delete;
|
|
3943
|
+
ssl_ech_keys_st &operator=(const ssl_ech_keys_st &) = delete;
|
|
3944
|
+
|
|
3945
|
+
bssl::GrowableArray<bssl::UniquePtr<bssl::ECHServerConfig>> configs;
|
|
3946
|
+
CRYPTO_refcount_t references = 1;
|
|
3947
|
+
|
|
3948
|
+
private:
|
|
3949
|
+
~ssl_ech_keys_st() = default;
|
|
3950
|
+
friend void SSL_ECH_KEYS_free(SSL_ECH_KEYS *);
|
|
3951
|
+
};
|
|
3613
3952
|
|
|
3614
3953
|
#endif // OPENSSL_HEADER_SSL_INTERNAL_H
|