grpc 1.35.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +168 -131
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security.h +16 -11
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +7 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +740 -3185
- data/src/core/ext/filters/client_channel/client_channel.h +488 -56
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +10 -2
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +18 -14
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +26 -23
- data/src/core/ext/filters/client_channel/lb_policy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +49 -48
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +22 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +318 -193
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +30 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +32 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +316 -171
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +3 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +59 -60
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +17 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +67 -74
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +33 -23
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +38 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +379 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +346 -178
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +10 -1
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +86 -162
- data/src/core/ext/filters/client_channel/subchannel.h +68 -99
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +501 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +47 -42
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -4
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +8 -8
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +5 -4
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +6 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +507 -196
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -3
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +64 -21
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +167 -122
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +13 -9
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +2179 -688
- data/src/core/ext/xds/xds_api.h +326 -124
- data/src/core/ext/xds/xds_bootstrap.cc +115 -142
- data/src/core/ext/xds/xds_bootstrap.h +24 -17
- data/src/core/ext/xds/xds_certificate_provider.cc +184 -78
- data/src/core/ext/xds/xds_certificate_provider.h +84 -45
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +462 -183
- data/src/core/ext/xds/xds_client.h +65 -22
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_client_stats.h +5 -4
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +444 -29
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +108 -5
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +26 -6
- data/src/core/lib/channel/channel_stack.cc +22 -9
- data/src/core/lib/channel/channel_stack.h +17 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +108 -12
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +9 -50
- data/src/core/lib/channel/handshaker.h +6 -23
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +29 -15
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +13 -9
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +218 -107
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +16 -13
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +22 -22
- data/src/core/lib/iomgr/ev_epollex_linux.cc +52 -49
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +12 -11
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +10 -6
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -3
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +12 -11
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +23 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +16 -18
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +41 -42
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +27 -25
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +8 -8
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +4 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +18 -14
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +17 -14
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +6 -5
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +9 -9
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -3
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +16 -15
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -8
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +130 -61
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +31 -8
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +88 -74
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +66 -37
- data/src/core/lib/security/transport/server_auth_filter.cc +24 -11
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/slice_intern.cc +5 -6
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +6 -5
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/lame_client.cc +43 -24
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +71 -58
- data/src/core/lib/surface/server.h +91 -28
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +64 -37
- data/src/core/lib/transport/metadata_batch.h +33 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -28
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +23 -27
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +11 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +32 -17
- data/src/core/tsi/ssl_transport_security.h +3 -7
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +742 -724
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +4 -11
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +40 -86
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +6 -17
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +121 -71
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +71 -41
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +737 -551
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +13 -40
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +239 -37
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +28 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +702 -219
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +141 -36
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +47 -15
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +159 -13
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +253 -58
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +90 -25
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +450 -104
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +232 -85
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +174 -95
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
#include <openssl/aead.h>
|
|
19
19
|
#include <openssl/base.h>
|
|
20
20
|
#include <openssl/curve25519.h>
|
|
21
|
+
#include <openssl/digest.h>
|
|
21
22
|
|
|
22
23
|
#if defined(__cplusplus)
|
|
23
24
|
extern "C" {
|
|
@@ -30,11 +31,14 @@ extern "C" {
|
|
|
30
31
|
// receiver with a public key. Optionally, the sender may authenticate its
|
|
31
32
|
// possession of a pre-shared key to the recipient.
|
|
32
33
|
//
|
|
33
|
-
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-
|
|
34
|
+
// See https://tools.ietf.org/html/draft-irtf-cfrg-hpke-07.
|
|
35
|
+
|
|
36
|
+
// EVP_HPKE_DHKEM_* are KEM identifiers.
|
|
37
|
+
#define EVP_HPKE_DHKEM_X25519_HKDF_SHA256 0x0020
|
|
34
38
|
|
|
35
39
|
// EVP_HPKE_AEAD_* are AEAD identifiers.
|
|
36
|
-
#define
|
|
37
|
-
#define
|
|
40
|
+
#define EVP_HPKE_AEAD_AES_128_GCM 0x0001
|
|
41
|
+
#define EVP_HPKE_AEAD_AES_256_GCM 0x0002
|
|
38
42
|
#define EVP_HPKE_AEAD_CHACHA20POLY1305 0x0003
|
|
39
43
|
|
|
40
44
|
// EVP_HPKE_HKDF_* are HKDF identifiers.
|
|
@@ -55,7 +59,7 @@ typedef struct evp_hpke_ctx_st {
|
|
|
55
59
|
EVP_AEAD_CTX aead_ctx;
|
|
56
60
|
uint16_t kdf_id;
|
|
57
61
|
uint16_t aead_id;
|
|
58
|
-
uint8_t
|
|
62
|
+
uint8_t base_nonce[EVP_AEAD_MAX_NONCE_LENGTH];
|
|
59
63
|
uint8_t exporter_secret[EVP_MAX_MD_SIZE];
|
|
60
64
|
uint64_t seq;
|
|
61
65
|
int is_sender;
|
|
@@ -77,40 +81,43 @@ OPENSSL_EXPORT void EVP_HPKE_CTX_cleanup(EVP_HPKE_CTX *ctx);
|
|
|
77
81
|
// In each of the following functions, |hpke| must have been initialized with
|
|
78
82
|
// |EVP_HPKE_CTX_init|. |kdf_id| selects the KDF for non-KEM HPKE operations and
|
|
79
83
|
// must be one of the |EVP_HPKE_HKDF_*| constants. |aead_id| selects the AEAD
|
|
80
|
-
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_
|
|
81
|
-
// constants.
|
|
84
|
+
// for the "open" and "seal" operations and must be one of the |EVP_HPKE_AEAD_*|
|
|
85
|
+
// constants.
|
|
82
86
|
|
|
83
87
|
// EVP_HPKE_CTX_setup_base_s_x25519 sets up |hpke| as a sender context that can
|
|
84
88
|
// encrypt for the private key corresponding to |peer_public_value| (the
|
|
85
89
|
// recipient's public key). It returns one on success, and zero otherwise. Note
|
|
86
90
|
// that this function will fail if |peer_public_value| is invalid.
|
|
87
91
|
//
|
|
88
|
-
// This function writes the encapsulated shared secret
|
|
92
|
+
// This function writes the encapsulated shared secret, a Diffie-Hellman public
|
|
93
|
+
// key, to |out_enc|. It will fail if the buffer's size in |out_enc_len| is not
|
|
94
|
+
// exactly |X25519_PUBLIC_VALUE_LEN|.
|
|
89
95
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519(
|
|
90
|
-
EVP_HPKE_CTX *hpke, uint8_t out_enc
|
|
91
|
-
uint16_t
|
|
92
|
-
const uint8_t
|
|
93
|
-
const uint8_t *info, size_t info_len);
|
|
96
|
+
EVP_HPKE_CTX *hpke, uint8_t *out_enc, size_t out_enc_len, uint16_t kdf_id,
|
|
97
|
+
uint16_t aead_id, const uint8_t *peer_public_value,
|
|
98
|
+
size_t peer_public_value_len, const uint8_t *info, size_t info_len);
|
|
94
99
|
|
|
95
100
|
// EVP_HPKE_CTX_setup_base_s_x25519_for_test behaves like
|
|
96
101
|
// |EVP_HPKE_CTX_setup_base_s_x25519|, but takes a pre-generated ephemeral
|
|
97
|
-
// sender key.
|
|
102
|
+
// sender key. The caller ensures that |ephemeral_public| and
|
|
103
|
+
// |ephemeral_private| are a valid keypair.
|
|
98
104
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_s_x25519_for_test(
|
|
99
105
|
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
100
|
-
const uint8_t peer_public_value
|
|
101
|
-
const uint8_t *info, size_t info_len,
|
|
102
|
-
const uint8_t
|
|
103
|
-
|
|
106
|
+
const uint8_t *peer_public_value, size_t peer_public_value_len,
|
|
107
|
+
const uint8_t *info, size_t info_len, const uint8_t *ephemeral_private,
|
|
108
|
+
size_t ephemeral_private_len, const uint8_t *ephemeral_public,
|
|
109
|
+
size_t ephemeral_public_len);
|
|
104
110
|
|
|
105
111
|
// EVP_HPKE_CTX_setup_base_r_x25519 sets up |hpke| as a recipient context that
|
|
106
|
-
// can decrypt messages.
|
|
107
|
-
//
|
|
108
|
-
//
|
|
112
|
+
// can decrypt messages. It returns one on success, and zero otherwise.
|
|
113
|
+
//
|
|
114
|
+
// The recipient's keypair is composed of |public_key| and |private_key|, and
|
|
115
|
+
// |enc| is the encapsulated shared secret from the sender. If |enc| is invalid,
|
|
116
|
+
// this function will fail.
|
|
109
117
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
110
|
-
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
111
|
-
const uint8_t
|
|
112
|
-
const uint8_t
|
|
113
|
-
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
118
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, const uint8_t *enc,
|
|
119
|
+
size_t enc_len, const uint8_t *public_key, size_t public_key_len,
|
|
120
|
+
const uint8_t *private_key, size_t private_key_len, const uint8_t *info,
|
|
114
121
|
size_t info_len);
|
|
115
122
|
|
|
116
123
|
// EVP_HPKE_CTX_setup_psk_s_x25519 sets up |hpke| as a sender context that can
|
|
@@ -123,39 +130,44 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_setup_base_r_x25519(
|
|
|
123
130
|
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
124
131
|
// function will fail.
|
|
125
132
|
//
|
|
126
|
-
// This function writes the encapsulated shared secret
|
|
133
|
+
// This function writes the encapsulated shared secret, a Diffie-Hellman public
|
|
134
|
+
// key, to |out_enc|. It will fail if the buffer's size in |out_enc_len| is not
|
|
135
|
+
// exactly |X25519_PUBLIC_VALUE_LEN|.
|
|
127
136
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519(
|
|
128
|
-
EVP_HPKE_CTX *hpke, uint8_t out_enc
|
|
129
|
-
uint16_t
|
|
130
|
-
const uint8_t
|
|
131
|
-
const uint8_t *
|
|
132
|
-
|
|
137
|
+
EVP_HPKE_CTX *hpke, uint8_t *out_enc, size_t out_enc_len, uint16_t kdf_id,
|
|
138
|
+
uint16_t aead_id, const uint8_t *peer_public_value,
|
|
139
|
+
size_t peer_public_value_len, const uint8_t *info, size_t info_len,
|
|
140
|
+
const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
|
|
141
|
+
size_t psk_id_len);
|
|
133
142
|
|
|
134
143
|
// EVP_HPKE_CTX_setup_psk_s_x25519_for_test behaves like
|
|
135
144
|
// |EVP_HPKE_CTX_setup_psk_s_x25519|, but takes a pre-generated ephemeral sender
|
|
136
|
-
// key.
|
|
145
|
+
// key. The caller ensures that |ephemeral_public| and |ephemeral_private| are a
|
|
146
|
+
// valid keypair.
|
|
137
147
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_s_x25519_for_test(
|
|
138
148
|
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
139
|
-
const uint8_t peer_public_value
|
|
149
|
+
const uint8_t *peer_public_value, size_t peer_public_value_len,
|
|
140
150
|
const uint8_t *info, size_t info_len, const uint8_t *psk, size_t psk_len,
|
|
141
|
-
const uint8_t *psk_id, size_t psk_id_len,
|
|
142
|
-
const uint8_t
|
|
143
|
-
|
|
151
|
+
const uint8_t *psk_id, size_t psk_id_len, const uint8_t *ephemeral_private,
|
|
152
|
+
size_t ephemeral_private_len, const uint8_t *ephemeral_public,
|
|
153
|
+
size_t ephemeral_public_len);
|
|
144
154
|
|
|
145
155
|
// EVP_HPKE_CTX_setup_psk_r_x25519 sets up |hpke| as a recipient context that
|
|
146
156
|
// can decrypt messages. Future open (decrypt) operations will fail if the
|
|
147
|
-
// sender does not possess the PSK indicated by |psk| and |psk_id|.
|
|
148
|
-
//
|
|
149
|
-
//
|
|
157
|
+
// sender does not possess the PSK indicated by |psk| and |psk_id|. It returns
|
|
158
|
+
// one on success, and zero otherwise.
|
|
159
|
+
//
|
|
160
|
+
// The recipient's keypair is composed of |public_key| and |private_key|, and
|
|
161
|
+
// |enc| is the encapsulated shared secret from the sender. If |enc| is invalid,
|
|
162
|
+
// this function will fail.
|
|
150
163
|
//
|
|
151
164
|
// The PSK and its ID must be provided in |psk| and |psk_id|, respectively. Both
|
|
152
165
|
// must be nonempty (|psk_len| and |psk_id_len| must be non-zero), or this
|
|
153
166
|
// function will fail.
|
|
154
167
|
OPENSSL_EXPORT int EVP_HPKE_CTX_setup_psk_r_x25519(
|
|
155
|
-
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id,
|
|
156
|
-
const uint8_t
|
|
157
|
-
const uint8_t
|
|
158
|
-
const uint8_t private_key[X25519_PRIVATE_KEY_LEN], const uint8_t *info,
|
|
168
|
+
EVP_HPKE_CTX *hpke, uint16_t kdf_id, uint16_t aead_id, const uint8_t *enc,
|
|
169
|
+
size_t enc_len, const uint8_t *public_key, size_t public_key_len,
|
|
170
|
+
const uint8_t *private_key, size_t private_key_len, const uint8_t *info,
|
|
159
171
|
size_t info_len, const uint8_t *psk, size_t psk_len, const uint8_t *psk_id,
|
|
160
172
|
size_t psk_id_len);
|
|
161
173
|
|
|
@@ -215,6 +227,24 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *hpke, uint8_t *out,
|
|
|
215
227
|
// set up as a sender.
|
|
216
228
|
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *hpke);
|
|
217
229
|
|
|
230
|
+
// EVP_HPKE_CTX_get_aead_id returns |hpke|'s configured AEAD. The returned value
|
|
231
|
+
// is one of the |EVP_HPKE_AEAD_*| constants, or zero if the context has not
|
|
232
|
+
// been set up.
|
|
233
|
+
OPENSSL_EXPORT uint16_t EVP_HPKE_CTX_get_aead_id(const EVP_HPKE_CTX *hpke);
|
|
234
|
+
|
|
235
|
+
// EVP_HPKE_CTX_get_aead_id returns |hpke|'s configured KDF. The returned value
|
|
236
|
+
// is one of the |EVP_HPKE_HKDF_*| constants, or zero if the context has not
|
|
237
|
+
// been set up.
|
|
238
|
+
OPENSSL_EXPORT uint16_t EVP_HPKE_CTX_get_kdf_id(const EVP_HPKE_CTX *hpke);
|
|
239
|
+
|
|
240
|
+
// EVP_HPKE_get_aead returns the AEAD corresponding to |aead_id|, or NULL if
|
|
241
|
+
// |aead_id| is not a known AEAD identifier.
|
|
242
|
+
OPENSSL_EXPORT const EVP_AEAD *EVP_HPKE_get_aead(uint16_t aead_id);
|
|
243
|
+
|
|
244
|
+
// EVP_HPKE_get_hkdf_md returns the hash function associated with |kdf_id|, or
|
|
245
|
+
// NULL if |kdf_id| is not a known KDF identifier that uses HKDF.
|
|
246
|
+
OPENSSL_EXPORT const EVP_MD *EVP_HPKE_get_hkdf_md(uint16_t kdf_id);
|
|
247
|
+
|
|
218
248
|
|
|
219
249
|
#if defined(__cplusplus)
|
|
220
250
|
} // extern C
|
|
@@ -109,6 +109,7 @@
|
|
|
109
109
|
#ifndef OPENSSL_HEADER_CRYPTO_INTERNAL_H
|
|
110
110
|
#define OPENSSL_HEADER_CRYPTO_INTERNAL_H
|
|
111
111
|
|
|
112
|
+
#include <openssl/crypto.h>
|
|
112
113
|
#include <openssl/ex_data.h>
|
|
113
114
|
#include <openssl/stack.h>
|
|
114
115
|
#include <openssl/thread.h>
|
|
@@ -470,6 +471,12 @@ OPENSSL_EXPORT void CRYPTO_once(CRYPTO_once_t *once, void (*init)(void));
|
|
|
470
471
|
|
|
471
472
|
// Reference counting.
|
|
472
473
|
|
|
474
|
+
// Automatically enable C11 atomics if implemented.
|
|
475
|
+
#if !defined(OPENSSL_C11_ATOMIC) && !defined(__STDC_NO_ATOMICS__) && \
|
|
476
|
+
defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
|
|
477
|
+
#define OPENSSL_C11_ATOMIC
|
|
478
|
+
#endif
|
|
479
|
+
|
|
473
480
|
// CRYPTO_REFCOUNT_MAX is the value at which the reference count saturates.
|
|
474
481
|
#define CRYPTO_REFCOUNT_MAX 0xffffffff
|
|
475
482
|
|
|
@@ -607,6 +614,7 @@ BSSL_NAMESPACE_END
|
|
|
607
614
|
typedef enum {
|
|
608
615
|
OPENSSL_THREAD_LOCAL_ERR = 0,
|
|
609
616
|
OPENSSL_THREAD_LOCAL_RAND,
|
|
617
|
+
OPENSSL_THREAD_LOCAL_FIPS_COUNTERS,
|
|
610
618
|
OPENSSL_THREAD_LOCAL_TEST,
|
|
611
619
|
NUM_OPENSSL_THREAD_LOCALS,
|
|
612
620
|
} thread_local_data_t;
|
|
@@ -811,6 +819,58 @@ static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
|
|
|
811
819
|
return memset(dst, c, n);
|
|
812
820
|
}
|
|
813
821
|
|
|
822
|
+
|
|
823
|
+
// Loads and stores.
|
|
824
|
+
//
|
|
825
|
+
// The following functions load and store sized integers with the specified
|
|
826
|
+
// endianness. They use |memcpy|, and so avoid alignment or strict aliasing
|
|
827
|
+
// requirements on the input and output pointers.
|
|
828
|
+
|
|
829
|
+
static inline uint32_t CRYPTO_load_u32_le(const void *in) {
|
|
830
|
+
uint32_t v;
|
|
831
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
|
832
|
+
return v;
|
|
833
|
+
}
|
|
834
|
+
|
|
835
|
+
static inline void CRYPTO_store_u32_le(void *out, uint32_t v) {
|
|
836
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
|
837
|
+
}
|
|
838
|
+
|
|
839
|
+
static inline uint32_t CRYPTO_load_u32_be(const void *in) {
|
|
840
|
+
uint32_t v;
|
|
841
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
|
842
|
+
return CRYPTO_bswap4(v);
|
|
843
|
+
}
|
|
844
|
+
|
|
845
|
+
static inline void CRYPTO_store_u32_be(void *out, uint32_t v) {
|
|
846
|
+
v = CRYPTO_bswap4(v);
|
|
847
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
|
848
|
+
}
|
|
849
|
+
|
|
850
|
+
static inline uint64_t CRYPTO_load_u64_be(const void *ptr) {
|
|
851
|
+
uint64_t ret;
|
|
852
|
+
OPENSSL_memcpy(&ret, ptr, sizeof(ret));
|
|
853
|
+
return CRYPTO_bswap8(ret);
|
|
854
|
+
}
|
|
855
|
+
|
|
856
|
+
static inline void CRYPTO_store_u64_be(void *out, uint64_t v) {
|
|
857
|
+
v = CRYPTO_bswap8(v);
|
|
858
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
|
859
|
+
}
|
|
860
|
+
|
|
861
|
+
static inline crypto_word_t CRYPTO_load_word_le(const void *in) {
|
|
862
|
+
crypto_word_t v;
|
|
863
|
+
OPENSSL_memcpy(&v, in, sizeof(v));
|
|
864
|
+
return v;
|
|
865
|
+
}
|
|
866
|
+
|
|
867
|
+
static inline void CRYPTO_store_word_le(void *out, crypto_word_t v) {
|
|
868
|
+
OPENSSL_memcpy(out, &v, sizeof(v));
|
|
869
|
+
}
|
|
870
|
+
|
|
871
|
+
|
|
872
|
+
// FIPS functions.
|
|
873
|
+
|
|
814
874
|
#if defined(BORINGSSL_FIPS)
|
|
815
875
|
// BORINGSSL_FIPS_abort is called when a FIPS power-on or continuous test
|
|
816
876
|
// fails. It prevents any further cryptographic operations by the current
|
|
@@ -826,6 +886,11 @@ void BORINGSSL_FIPS_abort(void) __attribute__((noreturn));
|
|
|
826
886
|
int boringssl_fips_self_test(const uint8_t *module_hash,
|
|
827
887
|
size_t module_hash_len);
|
|
828
888
|
|
|
889
|
+
#if defined(BORINGSSL_FIPS_COUNTERS)
|
|
890
|
+
void boringssl_fips_inc_counter(enum fips_counter_t counter);
|
|
891
|
+
#else
|
|
892
|
+
OPENSSL_INLINE void boringssl_fips_inc_counter(enum fips_counter_t counter) {}
|
|
893
|
+
#endif
|
|
829
894
|
|
|
830
895
|
#if defined(__cplusplus)
|
|
831
896
|
} // extern C
|
|
@@ -107,6 +107,20 @@ WEAK_SYMBOL_FUNC(void, sdallocx, (void *ptr, size_t size, int flags));
|
|
|
107
107
|
// allocation and freeing. If defined, it is the responsibility of
|
|
108
108
|
// |OPENSSL_memory_free| to zero out the memory before returning it to the
|
|
109
109
|
// system. |OPENSSL_memory_free| will not be passed NULL pointers.
|
|
110
|
+
//
|
|
111
|
+
// WARNING: These functions are called on every allocation and free in
|
|
112
|
+
// BoringSSL across the entire process. They may be called by any code in the
|
|
113
|
+
// process which calls BoringSSL, including in process initializers and thread
|
|
114
|
+
// destructors. When called, BoringSSL may hold pthreads locks. Any other code
|
|
115
|
+
// in the process which, directly or indirectly, calls BoringSSL may be on the
|
|
116
|
+
// call stack and may itself be using arbitrary synchronization primitives.
|
|
117
|
+
//
|
|
118
|
+
// As a result, these functions may not have the usual programming environment
|
|
119
|
+
// available to most C or C++ code. In particular, they may not call into
|
|
120
|
+
// BoringSSL, or any library which depends on BoringSSL. Any synchronization
|
|
121
|
+
// primitives used must tolerate every other synchronization primitive linked
|
|
122
|
+
// into the process, including pthreads locks. Failing to meet these constraints
|
|
123
|
+
// may result in deadlocks, crashes, or memory corruption.
|
|
110
124
|
WEAK_SYMBOL_FUNC(void*, OPENSSL_memory_alloc, (size_t size));
|
|
111
125
|
WEAK_SYMBOL_FUNC(void, OPENSSL_memory_free, (void *ptr));
|
|
112
126
|
WEAK_SYMBOL_FUNC(size_t, OPENSSL_memory_get_size, (void *ptr));
|
|
@@ -338,12 +338,12 @@ OPENSSL_EXPORT int OBJ_nid2cbb(CBB *out, int nid) {
|
|
|
338
338
|
return 1;
|
|
339
339
|
}
|
|
340
340
|
|
|
341
|
-
|
|
341
|
+
ASN1_OBJECT *OBJ_nid2obj(int nid) {
|
|
342
342
|
if (nid >= 0 && nid < NUM_NID) {
|
|
343
343
|
if (nid != NID_undef && kObjects[nid].nid == NID_undef) {
|
|
344
344
|
goto err;
|
|
345
345
|
}
|
|
346
|
-
return &kObjects[nid];
|
|
346
|
+
return (ASN1_OBJECT *)&kObjects[nid];
|
|
347
347
|
}
|
|
348
348
|
|
|
349
349
|
CRYPTO_STATIC_MUTEX_lock_read(&global_added_lock);
|
|
@@ -411,7 +411,7 @@ ASN1_OBJECT *OBJ_txt2obj(const char *s, int dont_search_names) {
|
|
|
411
411
|
}
|
|
412
412
|
|
|
413
413
|
if (nid != NID_undef) {
|
|
414
|
-
return
|
|
414
|
+
return OBJ_nid2obj(nid);
|
|
415
415
|
}
|
|
416
416
|
}
|
|
417
417
|
|
|
@@ -235,7 +235,7 @@ static PKCS7 *pkcs7_new(CBS *cbs) {
|
|
|
235
235
|
return NULL;
|
|
236
236
|
}
|
|
237
237
|
OPENSSL_memset(ret, 0, sizeof(PKCS7));
|
|
238
|
-
ret->type =
|
|
238
|
+
ret->type = OBJ_nid2obj(NID_pkcs7_signed);
|
|
239
239
|
ret->d.sign = OPENSSL_malloc(sizeof(PKCS7_SIGNED));
|
|
240
240
|
if (ret->d.sign == NULL) {
|
|
241
241
|
goto err;
|
|
@@ -943,11 +943,6 @@ int PKCS12_parse(const PKCS12 *p12, const char *password, EVP_PKEY **out_pkey,
|
|
|
943
943
|
|
|
944
944
|
// OpenSSL selects the last certificate which matches the private key as
|
|
945
945
|
// |out_cert|.
|
|
946
|
-
//
|
|
947
|
-
// TODO(davidben): OpenSSL additionally reverses the order of the
|
|
948
|
-
// certificates, which was likely originally a bug, but may be a feature by
|
|
949
|
-
// now. See https://crbug.com/boringssl/250 and
|
|
950
|
-
// https://github.com/openssl/openssl/issues/6698.
|
|
951
946
|
*out_cert = NULL;
|
|
952
947
|
size_t num_certs = sk_X509_num(ca_certs);
|
|
953
948
|
if (*out_pkey != NULL && num_certs > 0) {
|
|
@@ -1074,31 +1069,24 @@ static int add_cert_bag(CBB *cbb, X509 *cert, const char *name,
|
|
|
1074
1069
|
return 1;
|
|
1075
1070
|
}
|
|
1076
1071
|
|
|
1077
|
-
static int
|
|
1078
|
-
|
|
1079
|
-
|
|
1080
|
-
|
|
1081
|
-
|
|
1082
|
-
CBB cbb, safe_contents;
|
|
1083
|
-
if (!CBB_init(&cbb, 0) ||
|
|
1084
|
-
!CBB_add_asn1(&cbb, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
|
1072
|
+
static int add_cert_safe_contents(CBB *cbb, X509 *cert,
|
|
1073
|
+
const STACK_OF(X509) *chain, const char *name,
|
|
1074
|
+
const uint8_t *key_id, size_t key_id_len) {
|
|
1075
|
+
CBB safe_contents;
|
|
1076
|
+
if (!CBB_add_asn1(cbb, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
|
1085
1077
|
(cert != NULL &&
|
|
1086
1078
|
!add_cert_bag(&safe_contents, cert, name, key_id, key_id_len))) {
|
|
1087
|
-
|
|
1079
|
+
return 0;
|
|
1088
1080
|
}
|
|
1089
1081
|
|
|
1090
1082
|
for (size_t i = 0; i < sk_X509_num(chain); i++) {
|
|
1091
1083
|
// Only the leaf certificate gets attributes.
|
|
1092
1084
|
if (!add_cert_bag(&safe_contents, sk_X509_value(chain, i), NULL, NULL, 0)) {
|
|
1093
|
-
|
|
1085
|
+
return 0;
|
|
1094
1086
|
}
|
|
1095
1087
|
}
|
|
1096
1088
|
|
|
1097
|
-
|
|
1098
|
-
|
|
1099
|
-
err:
|
|
1100
|
-
CBB_cleanup(&cbb);
|
|
1101
|
-
return ret;
|
|
1089
|
+
return CBB_flush(cbb);
|
|
1102
1090
|
}
|
|
1103
1091
|
|
|
1104
1092
|
static int add_encrypted_data(CBB *out, int pbe_nid, const char *password,
|
|
@@ -1181,9 +1169,6 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
|
1181
1169
|
if (// In OpenSSL, this specifies a non-standard Microsoft key usage extension
|
|
1182
1170
|
// which we do not currently support.
|
|
1183
1171
|
key_type != 0 ||
|
|
1184
|
-
// In OpenSSL, -1 here means to use no encryption, which we do not
|
|
1185
|
-
// currently support.
|
|
1186
|
-
key_nid < 0 || cert_nid < 0 ||
|
|
1187
1172
|
// In OpenSSL, -1 here means to omit the MAC, which we do not
|
|
1188
1173
|
// currently support. Omitting it is also invalid for a password-based
|
|
1189
1174
|
// PKCS#12 file.
|
|
@@ -1194,6 +1179,36 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
|
1194
1179
|
return 0;
|
|
1195
1180
|
}
|
|
1196
1181
|
|
|
1182
|
+
// PKCS#12 is a very confusing recursive data format, built out of another
|
|
1183
|
+
// recursive data format. Section 5.1 of RFC7292 describes the encoding
|
|
1184
|
+
// algorithm, but there is no clear overview. A quick summary:
|
|
1185
|
+
//
|
|
1186
|
+
// PKCS#7 defines a ContentInfo structure, which is a overgeneralized typed
|
|
1187
|
+
// combinator structure for applying cryptography. We care about two types. A
|
|
1188
|
+
// data ContentInfo contains an OCTET STRING and is a leaf node of the
|
|
1189
|
+
// combinator tree. An encrypted-data ContentInfo contains encryption
|
|
1190
|
+
// parameters (key derivation and encryption) and wraps another ContentInfo,
|
|
1191
|
+
// usually data.
|
|
1192
|
+
//
|
|
1193
|
+
// A PKCS#12 file is a PFX structure (section 4), which contains a single data
|
|
1194
|
+
// ContentInfo and a MAC over it. This root ContentInfo is the
|
|
1195
|
+
// AuthenticatedSafe and its payload is a SEQUENCE of other ContentInfos, so
|
|
1196
|
+
// that different parts of the PKCS#12 file can by differently protected.
|
|
1197
|
+
//
|
|
1198
|
+
// Each ContentInfo in the AuthenticatedSafe, after undoing all the PKCS#7
|
|
1199
|
+
// combinators, has SafeContents payload. A SafeContents is a SEQUENCE of
|
|
1200
|
+
// SafeBag. SafeBag is PKCS#12's typed structure, with subtypes such as KeyBag
|
|
1201
|
+
// and CertBag. Confusingly, there is a SafeContents bag type which itself
|
|
1202
|
+
// recursively contains more SafeBags, but we do not implement this. Bags also
|
|
1203
|
+
// can have attributes.
|
|
1204
|
+
//
|
|
1205
|
+
// The grouping of SafeBags into intermediate ContentInfos does not appear to
|
|
1206
|
+
// be significant, except that all SafeBags sharing a ContentInfo have the
|
|
1207
|
+
// same level of protection. Additionally, while keys may be encrypted by
|
|
1208
|
+
// placing a KeyBag in an encrypted-data ContentInfo, PKCS#12 also defines a
|
|
1209
|
+
// key-specific encryption container, PKCS8ShroudedKeyBag, which is used
|
|
1210
|
+
// instead.
|
|
1211
|
+
|
|
1197
1212
|
// Note that |password| may be NULL to specify no password, rather than the
|
|
1198
1213
|
// empty string. They are encoded differently in PKCS#12. (One is the empty
|
|
1199
1214
|
// byte array and the other is NUL-terminated UCS-2.)
|
|
@@ -1236,24 +1251,43 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
|
1236
1251
|
// If there are any certificates, place them in CertBags wrapped in a single
|
|
1237
1252
|
// encrypted ContentInfo.
|
|
1238
1253
|
if (cert != NULL || sk_X509_num(chain) > 0) {
|
|
1239
|
-
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
|
|
1248
|
-
|
|
1249
|
-
|
|
1254
|
+
if (cert_nid < 0) {
|
|
1255
|
+
// Place the certificates in an unencrypted ContentInfo. This could be
|
|
1256
|
+
// more compactly-encoded by reusing the same ContentInfo as the key, but
|
|
1257
|
+
// OpenSSL does not do this. We keep them separate for consistency. (Keys,
|
|
1258
|
+
// even when encrypted, are always placed in unencrypted ContentInfos.
|
|
1259
|
+
// PKCS#12 defines bag-level encryption for keys.)
|
|
1260
|
+
CBB content_info, oid, wrapper, data;
|
|
1261
|
+
if (!CBB_add_asn1(&content_infos, &content_info, CBS_ASN1_SEQUENCE) ||
|
|
1262
|
+
!CBB_add_asn1(&content_info, &oid, CBS_ASN1_OBJECT) ||
|
|
1263
|
+
!CBB_add_bytes(&oid, kPKCS7Data, sizeof(kPKCS7Data)) ||
|
|
1264
|
+
!CBB_add_asn1(&content_info, &wrapper,
|
|
1265
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
|
1266
|
+
!CBB_add_asn1(&wrapper, &data, CBS_ASN1_OCTETSTRING) ||
|
|
1267
|
+
!add_cert_safe_contents(&data, cert, chain, name, key_id,
|
|
1268
|
+
key_id_len) ||
|
|
1269
|
+
!CBB_flush(&content_infos)) {
|
|
1270
|
+
goto err;
|
|
1271
|
+
}
|
|
1272
|
+
} else {
|
|
1273
|
+
CBB plaintext_cbb;
|
|
1274
|
+
int ok = CBB_init(&plaintext_cbb, 0) &&
|
|
1275
|
+
add_cert_safe_contents(&plaintext_cbb, cert, chain, name, key_id,
|
|
1276
|
+
key_id_len) &&
|
|
1277
|
+
add_encrypted_data(
|
|
1278
|
+
&content_infos, cert_nid, password, password_len, iterations,
|
|
1279
|
+
CBB_data(&plaintext_cbb), CBB_len(&plaintext_cbb));
|
|
1280
|
+
CBB_cleanup(&plaintext_cbb);
|
|
1281
|
+
if (!ok) {
|
|
1282
|
+
goto err;
|
|
1283
|
+
}
|
|
1250
1284
|
}
|
|
1251
1285
|
}
|
|
1252
1286
|
|
|
1253
|
-
// If there is a key, place it in a single
|
|
1254
|
-
// unencrypted ContentInfo. (One could also place it in a KeyBag
|
|
1255
|
-
// encrypted ContentInfo, but OpenSSL does not do this and some
|
|
1256
|
-
// consumers do not support KeyBags.)
|
|
1287
|
+
// If there is a key, place it in a single KeyBag or PKCS8ShroudedKeyBag
|
|
1288
|
+
// wrapped in an unencrypted ContentInfo. (One could also place it in a KeyBag
|
|
1289
|
+
// inside an encrypted ContentInfo, but OpenSSL does not do this and some
|
|
1290
|
+
// PKCS#12 consumers do not support KeyBags.)
|
|
1257
1291
|
if (pkey != NULL) {
|
|
1258
1292
|
CBB content_info, oid, wrapper, data, safe_contents, bag, bag_oid,
|
|
1259
1293
|
bag_contents;
|
|
@@ -1267,16 +1301,29 @@ PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
|
1267
1301
|
!CBB_add_asn1(&data, &safe_contents, CBS_ASN1_SEQUENCE) ||
|
|
1268
1302
|
// Add a SafeBag containing a PKCS8ShroudedKeyBag.
|
|
1269
1303
|
!CBB_add_asn1(&safe_contents, &bag, CBS_ASN1_SEQUENCE) ||
|
|
1270
|
-
!CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT)
|
|
1271
|
-
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1275
|
-
|
|
1276
|
-
|
|
1277
|
-
|
|
1278
|
-
|
|
1279
|
-
|
|
1304
|
+
!CBB_add_asn1(&bag, &bag_oid, CBS_ASN1_OBJECT)) {
|
|
1305
|
+
goto err;
|
|
1306
|
+
}
|
|
1307
|
+
if (key_nid < 0) {
|
|
1308
|
+
if (!CBB_add_bytes(&bag_oid, kKeyBag, sizeof(kKeyBag)) ||
|
|
1309
|
+
!CBB_add_asn1(&bag, &bag_contents,
|
|
1310
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
|
1311
|
+
!EVP_marshal_private_key(&bag_contents, pkey)) {
|
|
1312
|
+
goto err;
|
|
1313
|
+
}
|
|
1314
|
+
} else {
|
|
1315
|
+
if (!CBB_add_bytes(&bag_oid, kPKCS8ShroudedKeyBag,
|
|
1316
|
+
sizeof(kPKCS8ShroudedKeyBag)) ||
|
|
1317
|
+
!CBB_add_asn1(&bag, &bag_contents,
|
|
1318
|
+
CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0) ||
|
|
1319
|
+
!PKCS8_marshal_encrypted_private_key(
|
|
1320
|
+
&bag_contents, key_nid, NULL, password, password_len,
|
|
1321
|
+
NULL /* generate a random salt */,
|
|
1322
|
+
0 /* use default salt length */, iterations, pkey)) {
|
|
1323
|
+
goto err;
|
|
1324
|
+
}
|
|
1325
|
+
}
|
|
1326
|
+
if (!add_bag_attributes(&bag, name, key_id, key_id_len) ||
|
|
1280
1327
|
!CBB_flush(&content_infos)) {
|
|
1281
1328
|
goto err;
|
|
1282
1329
|
}
|