grpc 1.35.0 → 1.38.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +168 -131
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/channel_args.h +28 -0
- data/include/grpc/event_engine/event_engine.h +336 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/event_engine/slice_allocator.h +81 -0
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/grpc_security.h +16 -11
- data/include/grpc/grpc_security_constants.h +14 -0
- data/include/grpc/impl/codegen/grpc_types.h +11 -0
- data/include/grpc/impl/codegen/port_platform.h +7 -0
- data/include/grpc/module.modulemap +14 -14
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +740 -3185
- data/src/core/ext/filters/client_channel/client_channel.h +488 -56
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
- data/src/core/ext/filters/client_channel/config_selector.h +10 -2
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +18 -14
- data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
- data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +26 -23
- data/src/core/ext/filters/client_channel/lb_policy.cc +4 -1
- data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +49 -48
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +22 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +318 -193
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +30 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +32 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +316 -171
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver.h +3 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +59 -60
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +17 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +67 -74
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +33 -23
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +38 -43
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +379 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +346 -178
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
- data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
- data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
- data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
- data/src/core/ext/filters/client_channel/server_address.cc +10 -1
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/service_config.cc +15 -14
- data/src/core/ext/filters/client_channel/service_config.h +7 -6
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
- data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +86 -162
- data/src/core/ext/filters/client_channel/subchannel.h +68 -99
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
- data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +501 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
- data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
- data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
- data/src/core/ext/filters/max_age/max_age_filter.cc +47 -42
- data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -4
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +8 -8
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +5 -4
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +6 -5
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +507 -196
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -4
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -3
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +64 -21
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +167 -122
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
- data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +13 -9
- data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
- data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
- data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
- data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
- data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_store.h +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
- data/src/core/ext/xds/xds_api.cc +2179 -688
- data/src/core/ext/xds/xds_api.h +326 -124
- data/src/core/ext/xds/xds_bootstrap.cc +115 -142
- data/src/core/ext/xds/xds_bootstrap.h +24 -17
- data/src/core/ext/xds/xds_certificate_provider.cc +184 -78
- data/src/core/ext/xds/xds_certificate_provider.h +84 -45
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_client.cc +462 -183
- data/src/core/ext/xds/xds_client.h +65 -22
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_client_stats.h +5 -4
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +444 -29
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +108 -5
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +26 -6
- data/src/core/lib/channel/channel_stack.cc +22 -9
- data/src/core/lib/channel/channel_stack.h +17 -9
- data/src/core/lib/channel/channel_stack_builder.cc +2 -2
- data/src/core/lib/channel/channel_stack_builder.h +1 -1
- data/src/core/lib/channel/channelz.cc +108 -12
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/connected_channel.cc +4 -4
- data/src/core/lib/channel/handshaker.cc +9 -50
- data/src/core/lib/channel/handshaker.h +6 -23
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/event_engine/slice_allocator.cc +59 -0
- data/src/core/lib/event_engine/sockaddr.cc +38 -0
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +29 -15
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/status_helper.cc +407 -0
- data/src/core/lib/gprpp/status_helper.h +180 -0
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli.cc +11 -11
- data/src/core/lib/http/httpcli_security_connector.cc +13 -9
- data/src/core/lib/http/parser.cc +16 -16
- data/src/core/lib/http/parser.h +4 -4
- data/src/core/lib/iomgr/buffer_list.cc +7 -9
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +15 -12
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +7 -6
- data/src/core/lib/iomgr/combiner.cc +14 -12
- data/src/core/lib/iomgr/combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint.cc +1 -1
- data/src/core/lib/iomgr/endpoint.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/error.cc +167 -61
- data/src/core/lib/iomgr/error.h +218 -107
- data/src/core/lib/iomgr/error_cfstream.cc +3 -2
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +5 -1
- data/src/core/lib/iomgr/ev_apple.cc +16 -13
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +22 -22
- data/src/core/lib/iomgr/ev_epollex_linux.cc +52 -49
- data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
- data/src/core/lib/iomgr/ev_posix.cc +12 -11
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/exec_ctx.cc +10 -6
- data/src/core/lib/iomgr/exec_ctx.h +1 -1
- data/src/core/lib/iomgr/executor.cc +8 -8
- data/src/core/lib/iomgr/executor.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr.h +1 -1
- data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
- data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
- data/src/core/lib/iomgr/iomgr_internal.h +3 -3
- data/src/core/lib/iomgr/iomgr_posix.cc +1 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -3
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
- data/src/core/lib/iomgr/load_file.cc +4 -4
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +5 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_custom.cc +5 -5
- data/src/core/lib/iomgr/pollset_windows.cc +5 -5
- data/src/core/lib/iomgr/port.h +1 -1
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +3 -3
- data/src/core/lib/iomgr/resolve_address.h +6 -6
- data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
- data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
- data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
- data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
- data/src/core/lib/iomgr/resource_quota.cc +12 -11
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +23 -20
- data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
- data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
- data/src/core/lib/iomgr/tcp_client_posix.cc +16 -18
- data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
- data/src/core/lib/iomgr/tcp_custom.cc +14 -16
- data/src/core/lib/iomgr/tcp_custom.h +13 -12
- data/src/core/lib/iomgr/tcp_posix.cc +41 -42
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +12 -11
- data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
- data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
- data/src/core/lib/iomgr/tcp_uv.cc +27 -25
- data/src/core/lib/iomgr/tcp_windows.cc +13 -13
- data/src/core/lib/iomgr/tcp_windows.h +2 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -1
- data/src/core/lib/iomgr/timer_custom.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +8 -8
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/udp_server.cc +21 -20
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.h +17 -1
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +4 -4
- data/src/core/lib/matchers/matchers.cc +339 -0
- data/src/core/lib/matchers/matchers.h +160 -0
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
- data/src/core/lib/security/credentials/credentials.h +4 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +18 -14
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +17 -14
- data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +6 -5
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +9 -9
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -3
- data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +16 -15
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
- data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +2 -5
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -8
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +130 -61
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
- data/src/core/lib/security/security_connector/security_connector.h +9 -4
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +31 -8
- data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +88 -74
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
- data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
- data/src/core/lib/security/transport/security_handshaker.cc +66 -37
- data/src/core/lib/security/transport/server_auth_filter.cc +24 -11
- data/src/core/lib/security/transport/tsi_error.cc +2 -1
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +2 -2
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/slice/slice_intern.cc +5 -6
- data/src/core/lib/surface/call.cc +46 -45
- data/src/core/lib/surface/call.h +2 -2
- data/src/core/lib/surface/channel.cc +6 -6
- data/src/core/lib/surface/channel.h +6 -5
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/completion_queue.cc +46 -47
- data/src/core/lib/surface/completion_queue.h +2 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/lame_client.cc +43 -24
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +71 -58
- data/src/core/lib/surface/server.h +91 -28
- data/src/core/lib/surface/validate_metadata.cc +7 -7
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +4 -2
- data/src/core/lib/transport/byte_stream.cc +5 -5
- data/src/core/lib/transport/byte_stream.h +8 -8
- data/src/core/lib/transport/connectivity_state.cc +1 -1
- data/src/core/lib/transport/error_utils.cc +19 -8
- data/src/core/lib/transport/error_utils.h +11 -5
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/lib/transport/metadata_batch.cc +64 -37
- data/src/core/lib/transport/metadata_batch.h +33 -18
- data/src/core/lib/transport/transport.cc +4 -3
- data/src/core/lib/transport/transport.h +4 -4
- data/src/core/lib/transport/transport_op_string.cc +5 -5
- data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
- data/src/core/tsi/alts/crypt/gsec.h +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -28
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +23 -27
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +11 -2
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +32 -17
- data/src/core/tsi/ssl_transport_security.h +3 -7
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
- data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +37 -9
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
- data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
- data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +29 -22
- data/third_party/abseil-cpp/absl/status/status.h +81 -20
- data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
- data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
- data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
- data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
- data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +26 -24
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/boringssl-with-bazel/err_data.c +742 -724
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +4 -11
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +35 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +40 -86
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +6 -17
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +121 -71
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +71 -41
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +737 -551
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +13 -40
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +239 -37
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +28 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +702 -219
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +141 -36
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +47 -15
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +159 -13
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +253 -58
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +90 -25
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +450 -104
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +232 -85
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +174 -95
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
|
@@ -466,17 +466,6 @@ typedef struct x509_purpose_st {
|
|
|
466
466
|
#define X509_PURPOSE_MIN 1
|
|
467
467
|
#define X509_PURPOSE_MAX 9
|
|
468
468
|
|
|
469
|
-
// Flags for X509V3_add1_i2d
|
|
470
|
-
|
|
471
|
-
#define X509V3_ADD_OP_MASK 0xfL
|
|
472
|
-
#define X509V3_ADD_DEFAULT 0L
|
|
473
|
-
#define X509V3_ADD_APPEND 1L
|
|
474
|
-
#define X509V3_ADD_REPLACE 2L
|
|
475
|
-
#define X509V3_ADD_REPLACE_EXISTING 3L
|
|
476
|
-
#define X509V3_ADD_KEEP_EXISTING 4L
|
|
477
|
-
#define X509V3_ADD_DELETE 5L
|
|
478
|
-
#define X509V3_ADD_SILENT 0x10
|
|
479
|
-
|
|
480
469
|
DEFINE_STACK_OF(X509_PURPOSE)
|
|
481
470
|
|
|
482
471
|
DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
|
|
@@ -485,7 +474,12 @@ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
|
|
|
485
474
|
|
|
486
475
|
DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
|
|
487
476
|
OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
|
|
488
|
-
|
|
477
|
+
|
|
478
|
+
// GENERAL_NAME_cmp returns zero if |a| and |b| are equal and a non-zero
|
|
479
|
+
// value otherwise. Note this function does not provide a comparison suitable
|
|
480
|
+
// for sorting.
|
|
481
|
+
OPENSSL_EXPORT int GENERAL_NAME_cmp(const GENERAL_NAME *a,
|
|
482
|
+
const GENERAL_NAME *b);
|
|
489
483
|
|
|
490
484
|
|
|
491
485
|
|
|
@@ -525,7 +519,7 @@ OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
|
|
|
525
519
|
OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
|
|
526
520
|
const ASN1_OCTET_STRING *ia5);
|
|
527
521
|
OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(
|
|
528
|
-
X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
|
|
522
|
+
X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
|
|
529
523
|
|
|
530
524
|
DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
|
|
531
525
|
OPENSSL_EXPORT int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
|
|
@@ -565,7 +559,7 @@ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
|
|
|
565
559
|
OPENSSL_EXPORT GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
|
|
566
560
|
const X509V3_EXT_METHOD *method,
|
|
567
561
|
X509V3_CTX *ctx, int gen_type,
|
|
568
|
-
char *value, int is_nc);
|
|
562
|
+
const char *value, int is_nc);
|
|
569
563
|
|
|
570
564
|
OPENSSL_EXPORT GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
|
|
571
565
|
X509V3_CTX *ctx, CONF_VALUE *cnf);
|
|
@@ -579,32 +573,36 @@ OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
|
|
|
579
573
|
// this function so we cannot, yet, replace the type with a dummy struct.
|
|
580
574
|
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
|
|
581
575
|
X509V3_CTX *ctx, int ext_nid,
|
|
582
|
-
char *value);
|
|
576
|
+
const char *value);
|
|
583
577
|
|
|
584
578
|
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx,
|
|
585
|
-
int ext_nid,
|
|
579
|
+
int ext_nid,
|
|
580
|
+
const char *value);
|
|
586
581
|
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx,
|
|
587
|
-
char *name,
|
|
582
|
+
const char *name,
|
|
583
|
+
const char *value);
|
|
588
584
|
OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx,
|
|
589
|
-
char *section,
|
|
585
|
+
const char *section,
|
|
590
586
|
STACK_OF(X509_EXTENSION) **sk);
|
|
591
587
|
OPENSSL_EXPORT int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx,
|
|
592
|
-
char *section, X509 *cert);
|
|
588
|
+
const char *section, X509 *cert);
|
|
593
589
|
OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx,
|
|
594
|
-
char *section, X509_REQ *req);
|
|
590
|
+
const char *section, X509_REQ *req);
|
|
595
591
|
OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx,
|
|
596
|
-
char *section, X509_CRL *crl);
|
|
592
|
+
const char *section, X509_CRL *crl);
|
|
597
593
|
|
|
598
|
-
OPENSSL_EXPORT int X509V3_add_value_bool_nf(char *name, int asn1_bool,
|
|
594
|
+
OPENSSL_EXPORT int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
|
|
599
595
|
STACK_OF(CONF_VALUE) **extlist);
|
|
600
|
-
OPENSSL_EXPORT int X509V3_get_value_bool(CONF_VALUE *value,
|
|
601
|
-
|
|
596
|
+
OPENSSL_EXPORT int X509V3_get_value_bool(const CONF_VALUE *value,
|
|
597
|
+
int *asn1_bool);
|
|
598
|
+
OPENSSL_EXPORT int X509V3_get_value_int(const CONF_VALUE *value,
|
|
599
|
+
ASN1_INTEGER **aint);
|
|
602
600
|
OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
|
|
603
601
|
|
|
604
|
-
OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, char *name,
|
|
605
|
-
char *section);
|
|
602
|
+
OPENSSL_EXPORT char *X509V3_get_string(X509V3_CTX *ctx, const char *name,
|
|
603
|
+
const char *section);
|
|
606
604
|
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx,
|
|
607
|
-
char *section);
|
|
605
|
+
const char *section);
|
|
608
606
|
OPENSSL_EXPORT void X509V3_string_free(X509V3_CTX *ctx, char *str);
|
|
609
607
|
OPENSSL_EXPORT void X509V3_section_free(X509V3_CTX *ctx,
|
|
610
608
|
STACK_OF(CONF_VALUE) *section);
|
|
@@ -621,30 +619,135 @@ OPENSSL_EXPORT int X509V3_add_value_bool(const char *name, int asn1_bool,
|
|
|
621
619
|
OPENSSL_EXPORT int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
|
|
622
620
|
STACK_OF(CONF_VALUE) **extlist);
|
|
623
621
|
OPENSSL_EXPORT char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
|
|
624
|
-
ASN1_INTEGER *aint);
|
|
622
|
+
const ASN1_INTEGER *aint);
|
|
625
623
|
OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth,
|
|
626
|
-
char *value);
|
|
624
|
+
const char *value);
|
|
627
625
|
OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth,
|
|
628
|
-
ASN1_ENUMERATED *aint);
|
|
626
|
+
const ASN1_ENUMERATED *aint);
|
|
629
627
|
OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
|
|
630
|
-
ASN1_ENUMERATED *aint);
|
|
628
|
+
const ASN1_ENUMERATED *aint);
|
|
631
629
|
OPENSSL_EXPORT int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
|
|
632
630
|
OPENSSL_EXPORT int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
|
|
633
631
|
OPENSSL_EXPORT int X509V3_EXT_add_alias(int nid_to, int nid_from);
|
|
634
632
|
OPENSSL_EXPORT void X509V3_EXT_cleanup(void);
|
|
635
633
|
|
|
636
|
-
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(
|
|
634
|
+
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(
|
|
635
|
+
const X509_EXTENSION *ext);
|
|
637
636
|
OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
|
|
638
637
|
OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
|
|
639
638
|
OPENSSL_EXPORT STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
|
|
640
|
-
OPENSSL_EXPORT void *X509V3_EXT_d2i(X509_EXTENSION *ext);
|
|
641
|
-
OPENSSL_EXPORT void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid,
|
|
642
|
-
int *crit, int *idx);
|
|
643
|
-
OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
|
|
644
639
|
|
|
640
|
+
// X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated
|
|
641
|
+
// structure, with type dependent on the type of the extension. It returns NULL
|
|
642
|
+
// if |ext| is an unsupported extension or if there was a syntax error in the
|
|
643
|
+
// extension. The caller should cast the return value to the expected type and
|
|
644
|
+
// free the structure when done.
|
|
645
|
+
//
|
|
646
|
+
// WARNING: Casting the return value to the wrong type is a potentially
|
|
647
|
+
// exploitable memory error, so callers must not use this function before
|
|
648
|
+
// checking |ext| is of a known type.
|
|
649
|
+
OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext);
|
|
650
|
+
|
|
651
|
+
// X509V3_get_d2i finds and decodes the extension in |extensions| of type |nid|.
|
|
652
|
+
// If found, it decodes it and returns a newly-allocated structure, with type
|
|
653
|
+
// dependent on |nid|. If the extension is not found or on error, it returns
|
|
654
|
+
// NULL. The caller may distinguish these cases using the |out_critical| value.
|
|
655
|
+
//
|
|
656
|
+
// If |out_critical| is not NULL, this function sets |*out_critical| to one if
|
|
657
|
+
// the extension is found and critical, zero if it is found and not critical, -1
|
|
658
|
+
// if it is not found, and -2 if there is an invalid duplicate extension. Note
|
|
659
|
+
// this function may set |*out_critical| to one or zero and still return NULL if
|
|
660
|
+
// the extension is found but has a syntax error.
|
|
661
|
+
//
|
|
662
|
+
// If |out_idx| is not NULL, this function looks for the first occurrence of the
|
|
663
|
+
// extension after |*out_idx|. It then sets |*out_idx| to the index of the
|
|
664
|
+
// extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions
|
|
665
|
+
// are not treated as an error. Callers, however, should not rely on this
|
|
666
|
+
// behavior as it may be removed in the future. Duplicate extensions are
|
|
667
|
+
// forbidden in RFC5280.
|
|
668
|
+
//
|
|
669
|
+
// WARNING: This function is difficult to use correctly. Callers should pass a
|
|
670
|
+
// non-NULL |out_critical| and check both the return value and |*out_critical|
|
|
671
|
+
// to handle errors. If the return value is NULL and |*out_critical| is not -1,
|
|
672
|
+
// there was an error. Otherwise, the function succeeded and but may return NULL
|
|
673
|
+
// for a missing extension. Callers should pass NULL to |out_idx| so that
|
|
674
|
+
// duplicate extensions are handled correctly.
|
|
675
|
+
//
|
|
676
|
+
// Additionally, casting the return value to the wrong type is a potentially
|
|
677
|
+
// exploitable memory error, so callers must ensure the cast and |nid| match.
|
|
678
|
+
OPENSSL_EXPORT void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions,
|
|
679
|
+
int nid, int *out_critical, int *out_idx);
|
|
680
|
+
|
|
681
|
+
// X509V3_EXT_free casts |ext_data| into the type that corresponds to |nid| and
|
|
682
|
+
// releases memory associated with it. It returns one on success and zero if
|
|
683
|
+
// |nid| is not a known extension.
|
|
684
|
+
//
|
|
685
|
+
// WARNING: Casting |ext_data| to the wrong type is a potentially exploitable
|
|
686
|
+
// memory error, so callers must ensure |ext_data|'s type matches |nid|.
|
|
687
|
+
//
|
|
688
|
+
// TODO(davidben): OpenSSL upstream no longer exposes this function. Remove it?
|
|
689
|
+
OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
|
|
645
690
|
|
|
691
|
+
// X509V3_EXT_i2d casts |ext_struc| into the type that corresponds to
|
|
692
|
+
// |ext_nid|, serializes it, and returns a newly-allocated |X509_EXTENSION|
|
|
693
|
+
// object containing the serialization, or NULL on error. The |X509_EXTENSION|
|
|
694
|
+
// has OID |ext_nid| and is critical if |crit| is one.
|
|
695
|
+
//
|
|
696
|
+
// WARNING: Casting |ext_struc| to the wrong type is a potentially exploitable
|
|
697
|
+
// memory error, so callers must ensure |ext_struct|'s type matches |ext_nid|.
|
|
646
698
|
OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit,
|
|
647
699
|
void *ext_struc);
|
|
700
|
+
|
|
701
|
+
// The following constants control the behavior of |X509V3_add1_i2d| and related
|
|
702
|
+
// functions.
|
|
703
|
+
|
|
704
|
+
// X509V3_ADD_OP_MASK can be ANDed with the flags to determine how duplicate
|
|
705
|
+
// extensions are processed.
|
|
706
|
+
#define X509V3_ADD_OP_MASK 0xfL
|
|
707
|
+
|
|
708
|
+
// X509V3_ADD_DEFAULT causes the function to fail if the extension was already
|
|
709
|
+
// present.
|
|
710
|
+
#define X509V3_ADD_DEFAULT 0L
|
|
711
|
+
|
|
712
|
+
// X509V3_ADD_APPEND causes the function to unconditionally appended the new
|
|
713
|
+
// extension to to the extensions list, even if there is a duplicate.
|
|
714
|
+
#define X509V3_ADD_APPEND 1L
|
|
715
|
+
|
|
716
|
+
// X509V3_ADD_REPLACE causes the function to replace the existing extension, or
|
|
717
|
+
// append if it is not present.
|
|
718
|
+
#define X509V3_ADD_REPLACE 2L
|
|
719
|
+
|
|
720
|
+
// X509V3_ADD_REPLACE causes the function to replace the existing extension and
|
|
721
|
+
// fail if it is not present.
|
|
722
|
+
#define X509V3_ADD_REPLACE_EXISTING 3L
|
|
723
|
+
|
|
724
|
+
// X509V3_ADD_KEEP_EXISTING causes the function to succeed without replacing the
|
|
725
|
+
// extension if already present.
|
|
726
|
+
#define X509V3_ADD_KEEP_EXISTING 4L
|
|
727
|
+
|
|
728
|
+
// X509V3_ADD_DELETE causes the function to remove the matching extension. No
|
|
729
|
+
// new extension is added. If there is no matching extension, the function
|
|
730
|
+
// fails. The |value| parameter is ignored in this mode.
|
|
731
|
+
#define X509V3_ADD_DELETE 5L
|
|
732
|
+
|
|
733
|
+
// X509V3_ADD_SILENT may be ORed into one of the values above to indicate the
|
|
734
|
+
// function should not add to the error queue on duplicate or missing extension.
|
|
735
|
+
// The function will continue to return zero in those cases, and it will
|
|
736
|
+
// continue to return -1 and add to the error queue on other errors.
|
|
737
|
+
#define X509V3_ADD_SILENT 0x10
|
|
738
|
+
|
|
739
|
+
// X509V3_add1_i2d casts |value| to the type that corresponds to |nid|,
|
|
740
|
+
// serializes it, and appends it to the extension list in |*x|. If |*x| is NULL,
|
|
741
|
+
// it will set |*x| to a newly-allocated |STACK_OF(X509_EXTENSION)| as needed.
|
|
742
|
+
// The |crit| parameter determines whether the new extension is critical.
|
|
743
|
+
// |flags| may be some combination of the |X509V3_ADD_*| constants to control
|
|
744
|
+
// the function's behavior on duplicate extension.
|
|
745
|
+
//
|
|
746
|
+
// This function returns one on success, zero if the operation failed due to a
|
|
747
|
+
// missing or duplicate extension, and -1 on other errors.
|
|
748
|
+
//
|
|
749
|
+
// WARNING: Casting |value| to the wrong type is a potentially exploitable
|
|
750
|
+
// memory error, so callers must ensure |value|'s type matches |nid|.
|
|
648
751
|
OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid,
|
|
649
752
|
void *value, int crit, unsigned long flags);
|
|
650
753
|
|
|
@@ -807,6 +910,8 @@ BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
|
|
|
807
910
|
BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)
|
|
808
911
|
BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free)
|
|
809
912
|
BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)
|
|
913
|
+
BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free)
|
|
914
|
+
BORINGSSL_MAKE_DELETER(POLICY_MAPPING, POLICY_MAPPING_free)
|
|
810
915
|
BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free)
|
|
811
916
|
|
|
812
917
|
BSSL_NAMESPACE_END
|
|
@@ -0,0 +1,444 @@
|
|
|
1
|
+
/* Copyright (c) 2021, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#include <openssl/bytestring.h>
|
|
16
|
+
#include <openssl/curve25519.h>
|
|
17
|
+
#include <openssl/err.h>
|
|
18
|
+
#include <openssl/hkdf.h>
|
|
19
|
+
#include <openssl/ssl.h>
|
|
20
|
+
|
|
21
|
+
#include "internal.h"
|
|
22
|
+
|
|
23
|
+
|
|
24
|
+
#if defined(OPENSSL_MSAN)
|
|
25
|
+
#define NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
|
|
26
|
+
#else
|
|
27
|
+
#define NO_SANITIZE_MEMORY
|
|
28
|
+
#endif
|
|
29
|
+
|
|
30
|
+
BSSL_NAMESPACE_BEGIN
|
|
31
|
+
|
|
32
|
+
// ssl_client_hello_write_without_extensions serializes |client_hello| into
|
|
33
|
+
// |out|, omitting the length-prefixed extensions. It serializes individual
|
|
34
|
+
// fields, starting with |client_hello->version|, and ignores the
|
|
35
|
+
// |client_hello->client_hello| field. It returns true on success and false on
|
|
36
|
+
// failure.
|
|
37
|
+
static bool ssl_client_hello_write_without_extensions(
|
|
38
|
+
const SSL_CLIENT_HELLO *client_hello, CBB *out) {
|
|
39
|
+
CBB cbb;
|
|
40
|
+
if (!CBB_add_u16(out, client_hello->version) ||
|
|
41
|
+
!CBB_add_bytes(out, client_hello->random, client_hello->random_len) ||
|
|
42
|
+
!CBB_add_u8_length_prefixed(out, &cbb) ||
|
|
43
|
+
!CBB_add_bytes(&cbb, client_hello->session_id,
|
|
44
|
+
client_hello->session_id_len) ||
|
|
45
|
+
!CBB_add_u16_length_prefixed(out, &cbb) ||
|
|
46
|
+
!CBB_add_bytes(&cbb, client_hello->cipher_suites,
|
|
47
|
+
client_hello->cipher_suites_len) ||
|
|
48
|
+
!CBB_add_u8_length_prefixed(out, &cbb) ||
|
|
49
|
+
!CBB_add_bytes(&cbb, client_hello->compression_methods,
|
|
50
|
+
client_hello->compression_methods_len) ||
|
|
51
|
+
!CBB_flush(out)) {
|
|
52
|
+
return false;
|
|
53
|
+
}
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
bool ssl_decode_client_hello_inner(
|
|
58
|
+
SSL *ssl, uint8_t *out_alert, Array<uint8_t> *out_client_hello_inner,
|
|
59
|
+
Span<const uint8_t> encoded_client_hello_inner,
|
|
60
|
+
const SSL_CLIENT_HELLO *client_hello_outer) {
|
|
61
|
+
SSL_CLIENT_HELLO client_hello_inner;
|
|
62
|
+
if (!ssl_client_hello_init(ssl, &client_hello_inner,
|
|
63
|
+
encoded_client_hello_inner)) {
|
|
64
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
65
|
+
return false;
|
|
66
|
+
}
|
|
67
|
+
// TLS 1.3 ClientHellos must have extensions, and EncodedClientHelloInners use
|
|
68
|
+
// ClientHelloOuter's session_id.
|
|
69
|
+
if (client_hello_inner.extensions_len == 0 ||
|
|
70
|
+
client_hello_inner.session_id_len != 0) {
|
|
71
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
72
|
+
return false;
|
|
73
|
+
}
|
|
74
|
+
client_hello_inner.session_id = client_hello_outer->session_id;
|
|
75
|
+
client_hello_inner.session_id_len = client_hello_outer->session_id_len;
|
|
76
|
+
|
|
77
|
+
// Begin serializing a message containing the ClientHelloInner in |cbb|.
|
|
78
|
+
ScopedCBB cbb;
|
|
79
|
+
CBB body, extensions;
|
|
80
|
+
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO) ||
|
|
81
|
+
!ssl_client_hello_write_without_extensions(&client_hello_inner, &body) ||
|
|
82
|
+
!CBB_add_u16_length_prefixed(&body, &extensions)) {
|
|
83
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
84
|
+
return false;
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
// Sort the extensions in ClientHelloOuter, so ech_outer_extensions may be
|
|
88
|
+
// processed in O(n*log(n)) time, rather than O(n^2).
|
|
89
|
+
struct Extension {
|
|
90
|
+
uint16_t extension = 0;
|
|
91
|
+
Span<const uint8_t> body;
|
|
92
|
+
bool copied = false;
|
|
93
|
+
};
|
|
94
|
+
|
|
95
|
+
// MSan's libc interceptors do not handle |bsearch|. See b/182583130.
|
|
96
|
+
auto compare_extension = [](const void *a, const void *b)
|
|
97
|
+
NO_SANITIZE_MEMORY -> int {
|
|
98
|
+
const Extension *extension_a = reinterpret_cast<const Extension *>(a);
|
|
99
|
+
const Extension *extension_b = reinterpret_cast<const Extension *>(b);
|
|
100
|
+
if (extension_a->extension < extension_b->extension) {
|
|
101
|
+
return -1;
|
|
102
|
+
} else if (extension_a->extension > extension_b->extension) {
|
|
103
|
+
return 1;
|
|
104
|
+
}
|
|
105
|
+
return 0;
|
|
106
|
+
};
|
|
107
|
+
GrowableArray<Extension> sorted_extensions;
|
|
108
|
+
CBS unsorted_extensions(MakeConstSpan(client_hello_outer->extensions,
|
|
109
|
+
client_hello_outer->extensions_len));
|
|
110
|
+
while (CBS_len(&unsorted_extensions) > 0) {
|
|
111
|
+
Extension extension;
|
|
112
|
+
CBS extension_body;
|
|
113
|
+
if (!CBS_get_u16(&unsorted_extensions, &extension.extension) ||
|
|
114
|
+
!CBS_get_u16_length_prefixed(&unsorted_extensions, &extension_body)) {
|
|
115
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
116
|
+
return false;
|
|
117
|
+
}
|
|
118
|
+
extension.body = extension_body;
|
|
119
|
+
if (!sorted_extensions.Push(extension)) {
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
qsort(sorted_extensions.data(), sorted_extensions.size(), sizeof(Extension),
|
|
124
|
+
compare_extension);
|
|
125
|
+
|
|
126
|
+
// Copy extensions from |client_hello_inner|, expanding ech_outer_extensions.
|
|
127
|
+
CBS inner_extensions(MakeConstSpan(client_hello_inner.extensions,
|
|
128
|
+
client_hello_inner.extensions_len));
|
|
129
|
+
while (CBS_len(&inner_extensions) > 0) {
|
|
130
|
+
uint16_t extension_id;
|
|
131
|
+
CBS extension_body;
|
|
132
|
+
if (!CBS_get_u16(&inner_extensions, &extension_id) ||
|
|
133
|
+
!CBS_get_u16_length_prefixed(&inner_extensions, &extension_body)) {
|
|
134
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
135
|
+
return false;
|
|
136
|
+
}
|
|
137
|
+
if (extension_id != TLSEXT_TYPE_ech_outer_extensions) {
|
|
138
|
+
if (!CBB_add_u16(&extensions, extension_id) ||
|
|
139
|
+
!CBB_add_u16(&extensions, CBS_len(&extension_body)) ||
|
|
140
|
+
!CBB_add_bytes(&extensions, CBS_data(&extension_body),
|
|
141
|
+
CBS_len(&extension_body))) {
|
|
142
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
143
|
+
return false;
|
|
144
|
+
}
|
|
145
|
+
continue;
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
// Replace ech_outer_extensions with the corresponding outer extensions.
|
|
149
|
+
CBS outer_extensions;
|
|
150
|
+
if (!CBS_get_u8_length_prefixed(&extension_body, &outer_extensions) ||
|
|
151
|
+
CBS_len(&extension_body) != 0) {
|
|
152
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
153
|
+
return false;
|
|
154
|
+
}
|
|
155
|
+
while (CBS_len(&outer_extensions) > 0) {
|
|
156
|
+
uint16_t extension_needed;
|
|
157
|
+
if (!CBS_get_u16(&outer_extensions, &extension_needed)) {
|
|
158
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
159
|
+
return false;
|
|
160
|
+
}
|
|
161
|
+
if (extension_needed == TLSEXT_TYPE_encrypted_client_hello) {
|
|
162
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
163
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
164
|
+
return false;
|
|
165
|
+
}
|
|
166
|
+
// Find the referenced extension.
|
|
167
|
+
Extension key;
|
|
168
|
+
key.extension = extension_needed;
|
|
169
|
+
Extension *result = reinterpret_cast<Extension *>(
|
|
170
|
+
bsearch(&key, sorted_extensions.data(), sorted_extensions.size(),
|
|
171
|
+
sizeof(Extension), compare_extension));
|
|
172
|
+
if (result == nullptr) {
|
|
173
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
174
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
175
|
+
return false;
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
// Extensions may be referenced at most once, to bound the result size.
|
|
179
|
+
if (result->copied) {
|
|
180
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
181
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_EXTENSION);
|
|
182
|
+
return false;
|
|
183
|
+
}
|
|
184
|
+
result->copied = true;
|
|
185
|
+
|
|
186
|
+
if (!CBB_add_u16(&extensions, extension_needed) ||
|
|
187
|
+
!CBB_add_u16(&extensions, result->body.size()) ||
|
|
188
|
+
!CBB_add_bytes(&extensions, result->body.data(),
|
|
189
|
+
result->body.size())) {
|
|
190
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
191
|
+
return false;
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
if (!CBB_flush(&body)) {
|
|
196
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
197
|
+
return false;
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
// See https://github.com/tlswg/draft-ietf-tls-esni/pull/411
|
|
201
|
+
CBS extension;
|
|
202
|
+
if (!ssl_client_hello_init(ssl, &client_hello_inner,
|
|
203
|
+
MakeConstSpan(CBB_data(&body), CBB_len(&body))) ||
|
|
204
|
+
!ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
205
|
+
TLSEXT_TYPE_ech_is_inner) ||
|
|
206
|
+
CBS_len(&extension) != 0 ||
|
|
207
|
+
ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
208
|
+
TLSEXT_TYPE_encrypted_client_hello) ||
|
|
209
|
+
!ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
210
|
+
TLSEXT_TYPE_supported_versions)) {
|
|
211
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
212
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
213
|
+
return false;
|
|
214
|
+
}
|
|
215
|
+
// Parse supported_versions and reject TLS versions prior to TLS 1.3. Older
|
|
216
|
+
// versions are incompatible with ECH.
|
|
217
|
+
CBS versions;
|
|
218
|
+
if (!CBS_get_u8_length_prefixed(&extension, &versions) ||
|
|
219
|
+
CBS_len(&extension) != 0 || //
|
|
220
|
+
CBS_len(&versions) == 0) {
|
|
221
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
222
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
223
|
+
return false;
|
|
224
|
+
}
|
|
225
|
+
while (CBS_len(&versions) != 0) {
|
|
226
|
+
uint16_t version;
|
|
227
|
+
if (!CBS_get_u16(&versions, &version)) {
|
|
228
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
229
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
230
|
+
return false;
|
|
231
|
+
}
|
|
232
|
+
if (version == SSL3_VERSION || version == TLS1_VERSION ||
|
|
233
|
+
version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
|
|
234
|
+
version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
|
|
235
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
236
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
237
|
+
return false;
|
|
238
|
+
}
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
if (!ssl->method->finish_message(ssl, cbb.get(), out_client_hello_inner)) {
|
|
242
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
243
|
+
return false;
|
|
244
|
+
}
|
|
245
|
+
return true;
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
bool ssl_client_hello_decrypt(
|
|
249
|
+
EVP_HPKE_CTX *hpke_ctx, Array<uint8_t> *out_encoded_client_hello_inner,
|
|
250
|
+
bool *out_is_decrypt_error, const SSL_CLIENT_HELLO *client_hello_outer,
|
|
251
|
+
uint16_t kdf_id, uint16_t aead_id, Span<const uint8_t> config_id,
|
|
252
|
+
Span<const uint8_t> enc, Span<const uint8_t> payload) {
|
|
253
|
+
*out_is_decrypt_error = false;
|
|
254
|
+
|
|
255
|
+
// Compute the ClientHello portion of the ClientHelloOuterAAD value. See
|
|
256
|
+
// draft-ietf-tls-esni-09, section 5.2.
|
|
257
|
+
ScopedCBB ch_outer_aad_cbb;
|
|
258
|
+
CBB config_id_cbb, enc_cbb, outer_hello_cbb, extensions_cbb;
|
|
259
|
+
if (!CBB_init(ch_outer_aad_cbb.get(), 0) ||
|
|
260
|
+
!CBB_add_u16(ch_outer_aad_cbb.get(), kdf_id) ||
|
|
261
|
+
!CBB_add_u16(ch_outer_aad_cbb.get(), aead_id) ||
|
|
262
|
+
!CBB_add_u8_length_prefixed(ch_outer_aad_cbb.get(), &config_id_cbb) ||
|
|
263
|
+
!CBB_add_bytes(&config_id_cbb, config_id.data(), config_id.size()) ||
|
|
264
|
+
!CBB_add_u16_length_prefixed(ch_outer_aad_cbb.get(), &enc_cbb) ||
|
|
265
|
+
!CBB_add_bytes(&enc_cbb, enc.data(), enc.size()) ||
|
|
266
|
+
!CBB_add_u24_length_prefixed(ch_outer_aad_cbb.get(), &outer_hello_cbb) ||
|
|
267
|
+
!ssl_client_hello_write_without_extensions(client_hello_outer,
|
|
268
|
+
&outer_hello_cbb) ||
|
|
269
|
+
!CBB_add_u16_length_prefixed(&outer_hello_cbb, &extensions_cbb)) {
|
|
270
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
271
|
+
return false;
|
|
272
|
+
}
|
|
273
|
+
|
|
274
|
+
CBS extensions(MakeConstSpan(client_hello_outer->extensions,
|
|
275
|
+
client_hello_outer->extensions_len));
|
|
276
|
+
while (CBS_len(&extensions) > 0) {
|
|
277
|
+
uint16_t extension_id;
|
|
278
|
+
CBS extension_body;
|
|
279
|
+
if (!CBS_get_u16(&extensions, &extension_id) ||
|
|
280
|
+
!CBS_get_u16_length_prefixed(&extensions, &extension_body)) {
|
|
281
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
282
|
+
return false;
|
|
283
|
+
}
|
|
284
|
+
if (extension_id == TLSEXT_TYPE_encrypted_client_hello) {
|
|
285
|
+
continue;
|
|
286
|
+
}
|
|
287
|
+
if (!CBB_add_u16(&extensions_cbb, extension_id) ||
|
|
288
|
+
!CBB_add_u16(&extensions_cbb, CBS_len(&extension_body)) ||
|
|
289
|
+
!CBB_add_bytes(&extensions_cbb, CBS_data(&extension_body),
|
|
290
|
+
CBS_len(&extension_body))) {
|
|
291
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
292
|
+
return false;
|
|
293
|
+
}
|
|
294
|
+
}
|
|
295
|
+
if (!CBB_flush(ch_outer_aad_cbb.get())) {
|
|
296
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
297
|
+
return false;
|
|
298
|
+
}
|
|
299
|
+
|
|
300
|
+
// Attempt to decrypt into |out_encoded_client_hello_inner|.
|
|
301
|
+
if (!out_encoded_client_hello_inner->Init(payload.size())) {
|
|
302
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
303
|
+
return false;
|
|
304
|
+
}
|
|
305
|
+
size_t encoded_client_hello_inner_len;
|
|
306
|
+
if (!EVP_HPKE_CTX_open(hpke_ctx, out_encoded_client_hello_inner->data(),
|
|
307
|
+
&encoded_client_hello_inner_len,
|
|
308
|
+
out_encoded_client_hello_inner->size(), payload.data(),
|
|
309
|
+
payload.size(), CBB_data(ch_outer_aad_cbb.get()),
|
|
310
|
+
CBB_len(ch_outer_aad_cbb.get()))) {
|
|
311
|
+
*out_is_decrypt_error = true;
|
|
312
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
|
|
313
|
+
return false;
|
|
314
|
+
}
|
|
315
|
+
out_encoded_client_hello_inner->Shrink(encoded_client_hello_inner_len);
|
|
316
|
+
return true;
|
|
317
|
+
}
|
|
318
|
+
|
|
319
|
+
|
|
320
|
+
bool ECHServerConfig::Init(Span<const uint8_t> raw,
|
|
321
|
+
Span<const uint8_t> private_key,
|
|
322
|
+
bool is_retry_config) {
|
|
323
|
+
assert(!initialized_);
|
|
324
|
+
is_retry_config_ = is_retry_config;
|
|
325
|
+
|
|
326
|
+
if (!raw_.CopyFrom(raw)) {
|
|
327
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
328
|
+
return false;
|
|
329
|
+
}
|
|
330
|
+
// Read from |raw_| so we can save Spans with the same lifetime as |this|.
|
|
331
|
+
CBS reader(raw_);
|
|
332
|
+
|
|
333
|
+
uint16_t version;
|
|
334
|
+
if (!CBS_get_u16(&reader, &version)) {
|
|
335
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
336
|
+
return false;
|
|
337
|
+
}
|
|
338
|
+
// Parse the ECHConfig, rejecting all unsupported parameters and extensions.
|
|
339
|
+
// Unlike most server options, ECH's server configuration is serialized and
|
|
340
|
+
// configured in both the server and DNS. If the caller configures an
|
|
341
|
+
// unsupported parameter, this is a deployment error. To catch these errors,
|
|
342
|
+
// we fail early.
|
|
343
|
+
if (version != TLSEXT_TYPE_encrypted_client_hello) {
|
|
344
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_ECH_SERVER_CONFIG);
|
|
345
|
+
return false;
|
|
346
|
+
}
|
|
347
|
+
|
|
348
|
+
CBS ech_config_contents, public_name, public_key, cipher_suites, extensions;
|
|
349
|
+
uint16_t kem_id, max_name_len;
|
|
350
|
+
if (!CBS_get_u16_length_prefixed(&reader, &ech_config_contents) ||
|
|
351
|
+
!CBS_get_u16_length_prefixed(&ech_config_contents, &public_name) ||
|
|
352
|
+
CBS_len(&public_name) == 0 ||
|
|
353
|
+
!CBS_get_u16_length_prefixed(&ech_config_contents, &public_key) ||
|
|
354
|
+
CBS_len(&public_key) == 0 ||
|
|
355
|
+
!CBS_get_u16(&ech_config_contents, &kem_id) ||
|
|
356
|
+
!CBS_get_u16_length_prefixed(&ech_config_contents, &cipher_suites) ||
|
|
357
|
+
CBS_len(&cipher_suites) == 0 ||
|
|
358
|
+
!CBS_get_u16(&ech_config_contents, &max_name_len) ||
|
|
359
|
+
!CBS_get_u16_length_prefixed(&ech_config_contents, &extensions) ||
|
|
360
|
+
CBS_len(&ech_config_contents) != 0 || //
|
|
361
|
+
CBS_len(&reader) != 0) {
|
|
362
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
363
|
+
return false;
|
|
364
|
+
}
|
|
365
|
+
// We only support one KEM, and the KEM decides the length of |public_key|.
|
|
366
|
+
if (CBS_len(&public_key) != X25519_PUBLIC_VALUE_LEN ||
|
|
367
|
+
kem_id != EVP_HPKE_DHKEM_X25519_HKDF_SHA256) {
|
|
368
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_ECH_SERVER_CONFIG);
|
|
369
|
+
return false;
|
|
370
|
+
}
|
|
371
|
+
public_key_ = public_key;
|
|
372
|
+
|
|
373
|
+
// We do not support any ECHConfig extensions, so |extensions| must be empty.
|
|
374
|
+
if (CBS_len(&extensions) != 0) {
|
|
375
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ECH_SERVER_CONFIG_UNSUPPORTED_EXTENSION);
|
|
376
|
+
return false;
|
|
377
|
+
}
|
|
378
|
+
|
|
379
|
+
cipher_suites_ = cipher_suites;
|
|
380
|
+
while (CBS_len(&cipher_suites) > 0) {
|
|
381
|
+
uint16_t kdf_id, aead_id;
|
|
382
|
+
if (!CBS_get_u16(&cipher_suites, &kdf_id) ||
|
|
383
|
+
!CBS_get_u16(&cipher_suites, &aead_id)) {
|
|
384
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
385
|
+
return false;
|
|
386
|
+
}
|
|
387
|
+
// This parser fails when it encounters any bytes it does not understand. If
|
|
388
|
+
// the config lists any unsupported cipher suites, that is a parse error.
|
|
389
|
+
if (kdf_id != EVP_HPKE_HKDF_SHA256 ||
|
|
390
|
+
(aead_id != EVP_HPKE_AEAD_AES_128_GCM &&
|
|
391
|
+
aead_id != EVP_HPKE_AEAD_AES_256_GCM &&
|
|
392
|
+
aead_id != EVP_HPKE_AEAD_CHACHA20POLY1305)) {
|
|
393
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNSUPPORTED_ECH_SERVER_CONFIG);
|
|
394
|
+
return false;
|
|
395
|
+
}
|
|
396
|
+
}
|
|
397
|
+
|
|
398
|
+
// Precompute the config_id.
|
|
399
|
+
uint8_t key[EVP_MAX_KEY_LENGTH];
|
|
400
|
+
size_t key_len;
|
|
401
|
+
static const uint8_t kInfo[] = "tls ech config id";
|
|
402
|
+
if (!HKDF_extract(key, &key_len, EVP_sha256(), raw_.data(), raw_.size(),
|
|
403
|
+
nullptr, 0) ||
|
|
404
|
+
!HKDF_expand(config_id_sha256_, sizeof(config_id_sha256_), EVP_sha256(),
|
|
405
|
+
key, key_len, kInfo, OPENSSL_ARRAY_SIZE(kInfo) - 1)) {
|
|
406
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
407
|
+
return false;
|
|
408
|
+
}
|
|
409
|
+
|
|
410
|
+
if (private_key.size() != X25519_PRIVATE_KEY_LEN) {
|
|
411
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
412
|
+
return false;
|
|
413
|
+
}
|
|
414
|
+
uint8_t expected_public_key[X25519_PUBLIC_VALUE_LEN];
|
|
415
|
+
X25519_public_from_private(expected_public_key, private_key.data());
|
|
416
|
+
if (public_key_ != expected_public_key) {
|
|
417
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ECH_SERVER_CONFIG_AND_PRIVATE_KEY_MISMATCH);
|
|
418
|
+
return false;
|
|
419
|
+
}
|
|
420
|
+
assert(sizeof(private_key_) == private_key.size());
|
|
421
|
+
OPENSSL_memcpy(private_key_, private_key.data(), private_key.size());
|
|
422
|
+
|
|
423
|
+
initialized_ = true;
|
|
424
|
+
return true;
|
|
425
|
+
}
|
|
426
|
+
|
|
427
|
+
bool ECHServerConfig::SupportsCipherSuite(uint16_t kdf_id,
|
|
428
|
+
uint16_t aead_id) const {
|
|
429
|
+
assert(initialized_);
|
|
430
|
+
CBS cbs(cipher_suites_);
|
|
431
|
+
while (CBS_len(&cbs) != 0) {
|
|
432
|
+
uint16_t supported_kdf_id, supported_aead_id;
|
|
433
|
+
if (!CBS_get_u16(&cbs, &supported_kdf_id) ||
|
|
434
|
+
!CBS_get_u16(&cbs, &supported_aead_id)) {
|
|
435
|
+
return false;
|
|
436
|
+
}
|
|
437
|
+
if (kdf_id == supported_kdf_id && aead_id == supported_aead_id) {
|
|
438
|
+
return true;
|
|
439
|
+
}
|
|
440
|
+
}
|
|
441
|
+
return false;
|
|
442
|
+
}
|
|
443
|
+
|
|
444
|
+
BSSL_NAMESPACE_END
|