grpc 1.35.0 → 1.38.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (885) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +168 -131
  3. data/include/grpc/event_engine/README.md +38 -0
  4. data/include/grpc/event_engine/channel_args.h +28 -0
  5. data/include/grpc/event_engine/event_engine.h +336 -0
  6. data/include/grpc/event_engine/port.h +39 -0
  7. data/include/grpc/event_engine/slice_allocator.h +81 -0
  8. data/include/grpc/grpc.h +15 -1
  9. data/include/grpc/grpc_security.h +16 -11
  10. data/include/grpc/grpc_security_constants.h +14 -0
  11. data/include/grpc/impl/codegen/grpc_types.h +11 -0
  12. data/include/grpc/impl/codegen/port_platform.h +7 -0
  13. data/include/grpc/module.modulemap +14 -14
  14. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  15. data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
  16. data/src/core/ext/filters/client_channel/client_channel.cc +740 -3185
  17. data/src/core/ext/filters/client_channel/client_channel.h +488 -56
  18. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  19. data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
  20. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
  21. data/src/core/ext/filters/client_channel/config_selector.h +10 -2
  22. data/src/core/ext/filters/client_channel/connector.h +1 -1
  23. data/src/core/ext/filters/client_channel/dynamic_filters.cc +18 -14
  24. data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
  25. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
  26. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
  27. data/src/core/ext/filters/client_channel/health/health_check_client.cc +26 -27
  28. data/src/core/ext/filters/client_channel/health/health_check_client.h +27 -26
  29. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +26 -23
  30. data/src/core/ext/filters/client_channel/lb_policy.cc +4 -1
  31. data/src/core/ext/filters/client_channel/lb_policy.h +4 -4
  32. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
  33. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +49 -48
  34. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  35. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +2 -3
  36. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
  37. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +5 -5
  38. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +22 -18
  39. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
  40. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
  41. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +4 -4
  42. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
  43. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +15 -15
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +318 -193
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
  46. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +30 -47
  47. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +32 -47
  48. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +316 -171
  49. data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
  50. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
  51. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  52. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
  53. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
  54. data/src/core/ext/filters/client_channel/resolver.cc +5 -5
  55. data/src/core/ext/filters/client_channel/resolver.h +3 -14
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +59 -60
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
  59. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
  60. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +17 -15
  61. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +67 -74
  62. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  63. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  64. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  65. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +33 -23
  66. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +38 -43
  67. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
  68. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +379 -0
  69. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +5 -5
  70. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +346 -178
  71. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
  72. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
  73. data/src/core/ext/filters/client_channel/retry_filter.cc +2188 -0
  74. data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
  75. data/src/core/ext/filters/client_channel/retry_service_config.cc +287 -0
  76. data/src/core/ext/filters/client_channel/retry_service_config.h +90 -0
  77. data/src/core/ext/filters/client_channel/server_address.cc +10 -1
  78. data/src/core/ext/filters/client_channel/server_address.h +31 -0
  79. data/src/core/ext/filters/client_channel/service_config.cc +15 -14
  80. data/src/core/ext/filters/client_channel/service_config.h +7 -6
  81. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
  82. data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
  83. data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
  84. data/src/core/ext/filters/client_channel/subchannel.cc +86 -162
  85. data/src/core/ext/filters/client_channel/subchannel.h +68 -99
  86. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
  87. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
  88. data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
  89. data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
  90. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +501 -0
  91. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
  92. data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
  93. data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
  94. data/src/core/ext/filters/http/client/http_client_filter.cc +28 -21
  95. data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
  96. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
  97. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
  98. data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
  99. data/src/core/ext/filters/max_age/max_age_filter.cc +47 -42
  100. data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
  101. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  102. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +5 -4
  103. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +8 -8
  104. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
  105. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +5 -4
  106. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -2
  107. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +6 -5
  108. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +507 -196
  109. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  110. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +13 -4
  111. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -3
  112. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +64 -21
  113. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +167 -122
  114. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
  115. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
  116. data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
  117. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  118. data/src/core/ext/transport/chttp2/transport/flow_control.h +8 -8
  119. data/src/core/ext/transport/chttp2/transport/frame_data.cc +13 -9
  120. data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
  121. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -8
  122. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
  123. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
  124. data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
  125. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
  126. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
  127. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -5
  128. data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
  129. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
  130. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
  131. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
  132. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +237 -208
  133. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +10 -10
  134. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
  135. data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
  136. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  137. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
  138. data/src/core/ext/transport/chttp2/transport/internal.h +32 -27
  139. data/src/core/ext/transport/chttp2/transport/parsing.cc +63 -56
  140. data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
  141. data/src/core/ext/transport/inproc/inproc_transport.cc +30 -29
  142. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
  143. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
  144. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
  145. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
  146. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
  147. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
  148. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
  149. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
  150. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
  151. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
  152. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
  153. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
  154. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
  155. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
  156. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
  157. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
  158. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
  159. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
  160. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
  161. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
  162. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
  163. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
  164. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
  165. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
  166. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
  167. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
  168. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
  169. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
  170. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
  171. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
  172. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
  173. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
  174. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +57 -16
  175. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +150 -0
  176. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
  177. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  178. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  179. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
  180. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
  181. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
  182. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
  183. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
  184. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
  185. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +19 -21
  186. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +64 -51
  187. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
  188. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
  189. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
  190. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
  191. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
  192. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
  193. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
  194. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
  195. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
  196. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
  197. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
  198. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
  199. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
  200. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
  201. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
  202. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
  203. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
  204. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
  205. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
  206. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
  207. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
  208. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
  209. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
  210. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
  211. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  212. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  213. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  214. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  215. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  216. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
  217. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  218. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  219. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  220. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  221. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  222. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
  223. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
  224. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
  225. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
  226. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
  227. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
  228. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
  229. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
  230. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
  231. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  232. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
  233. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
  234. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
  235. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
  236. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
  237. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
  238. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
  239. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
  240. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
  241. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
  242. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
  243. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  244. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
  245. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
  246. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
  247. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +753 -724
  248. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +10 -0
  249. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
  250. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  251. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  252. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
  253. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  254. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
  255. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  256. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
  257. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
  258. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +371 -377
  259. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
  260. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
  261. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
  262. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
  263. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
  264. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  265. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
  266. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
  267. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
  268. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
  269. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
  270. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
  271. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
  272. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  273. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
  274. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
  275. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  276. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
  277. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
  278. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
  279. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  280. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  281. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  282. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  283. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  284. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  285. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  286. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  287. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  288. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  289. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  290. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  291. data/src/core/ext/xds/certificate_provider_factory.h +1 -1
  292. data/src/core/ext/xds/certificate_provider_store.h +3 -3
  293. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
  294. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
  295. data/src/core/ext/xds/xds_api.cc +2179 -688
  296. data/src/core/ext/xds/xds_api.h +326 -124
  297. data/src/core/ext/xds/xds_bootstrap.cc +115 -142
  298. data/src/core/ext/xds/xds_bootstrap.h +24 -17
  299. data/src/core/ext/xds/xds_certificate_provider.cc +184 -78
  300. data/src/core/ext/xds/xds_certificate_provider.h +84 -45
  301. data/src/core/ext/xds/xds_channel_args.h +5 -2
  302. data/src/core/ext/xds/xds_client.cc +462 -183
  303. data/src/core/ext/xds/xds_client.h +65 -22
  304. data/src/core/ext/xds/xds_client_stats.cc +2 -1
  305. data/src/core/ext/xds/xds_client_stats.h +5 -4
  306. data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
  307. data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
  308. data/src/core/ext/xds/xds_http_filters.cc +114 -0
  309. data/src/core/ext/xds/xds_http_filters.h +130 -0
  310. data/src/core/ext/xds/xds_server_config_fetcher.cc +444 -29
  311. data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
  312. data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
  313. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +108 -5
  314. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +26 -6
  315. data/src/core/lib/channel/channel_stack.cc +22 -9
  316. data/src/core/lib/channel/channel_stack.h +17 -9
  317. data/src/core/lib/channel/channel_stack_builder.cc +2 -2
  318. data/src/core/lib/channel/channel_stack_builder.h +1 -1
  319. data/src/core/lib/channel/channelz.cc +108 -12
  320. data/src/core/lib/channel/channelz.h +30 -1
  321. data/src/core/lib/channel/channelz_registry.cc +14 -0
  322. data/src/core/lib/channel/connected_channel.cc +4 -4
  323. data/src/core/lib/channel/handshaker.cc +9 -50
  324. data/src/core/lib/channel/handshaker.h +6 -23
  325. data/src/core/lib/channel/status_util.cc +12 -2
  326. data/src/core/lib/channel/status_util.h +5 -0
  327. data/src/core/lib/event_engine/slice_allocator.cc +59 -0
  328. data/src/core/lib/event_engine/sockaddr.cc +38 -0
  329. data/src/core/lib/gpr/log.cc +6 -1
  330. data/src/core/lib/gpr/sync_abseil.cc +3 -6
  331. data/src/core/lib/gpr/sync_windows.cc +2 -2
  332. data/src/core/lib/gprpp/atomic.h +3 -3
  333. data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
  334. data/src/core/lib/gprpp/mpscq.cc +2 -2
  335. data/src/core/lib/gprpp/ref_counted.h +29 -15
  336. data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
  337. data/src/core/lib/gprpp/status_helper.cc +407 -0
  338. data/src/core/lib/gprpp/status_helper.h +180 -0
  339. data/src/core/lib/gprpp/sync.h +129 -40
  340. data/src/core/lib/gprpp/thd.h +1 -1
  341. data/src/core/lib/gprpp/time_util.cc +77 -0
  342. data/src/core/lib/gprpp/time_util.h +42 -0
  343. data/src/core/lib/http/httpcli.cc +11 -11
  344. data/src/core/lib/http/httpcli_security_connector.cc +13 -9
  345. data/src/core/lib/http/parser.cc +16 -16
  346. data/src/core/lib/http/parser.h +4 -4
  347. data/src/core/lib/iomgr/buffer_list.cc +7 -9
  348. data/src/core/lib/iomgr/buffer_list.h +5 -6
  349. data/src/core/lib/iomgr/call_combiner.cc +15 -12
  350. data/src/core/lib/iomgr/call_combiner.h +12 -14
  351. data/src/core/lib/iomgr/cfstream_handle.cc +5 -5
  352. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  353. data/src/core/lib/iomgr/closure.h +7 -6
  354. data/src/core/lib/iomgr/combiner.cc +14 -12
  355. data/src/core/lib/iomgr/combiner.h +2 -2
  356. data/src/core/lib/iomgr/endpoint.cc +1 -1
  357. data/src/core/lib/iomgr/endpoint.h +2 -2
  358. data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
  359. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  360. data/src/core/lib/iomgr/error.cc +167 -61
  361. data/src/core/lib/iomgr/error.h +218 -107
  362. data/src/core/lib/iomgr/error_cfstream.cc +3 -2
  363. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  364. data/src/core/lib/iomgr/error_internal.h +5 -1
  365. data/src/core/lib/iomgr/ev_apple.cc +16 -13
  366. data/src/core/lib/iomgr/ev_epoll1_linux.cc +22 -22
  367. data/src/core/lib/iomgr/ev_epollex_linux.cc +52 -49
  368. data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
  369. data/src/core/lib/iomgr/ev_posix.cc +12 -11
  370. data/src/core/lib/iomgr/ev_posix.h +9 -9
  371. data/src/core/lib/iomgr/exec_ctx.cc +10 -6
  372. data/src/core/lib/iomgr/exec_ctx.h +1 -1
  373. data/src/core/lib/iomgr/executor.cc +8 -8
  374. data/src/core/lib/iomgr/executor.h +2 -2
  375. data/src/core/lib/iomgr/iomgr.cc +1 -1
  376. data/src/core/lib/iomgr/iomgr.h +1 -1
  377. data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
  378. data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
  379. data/src/core/lib/iomgr/iomgr_internal.h +3 -3
  380. data/src/core/lib/iomgr/iomgr_posix.cc +1 -2
  381. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -3
  382. data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
  383. data/src/core/lib/iomgr/load_file.cc +4 -4
  384. data/src/core/lib/iomgr/load_file.h +2 -2
  385. data/src/core/lib/iomgr/lockfree_event.cc +5 -5
  386. data/src/core/lib/iomgr/lockfree_event.h +1 -1
  387. data/src/core/lib/iomgr/pollset.cc +5 -5
  388. data/src/core/lib/iomgr/pollset.h +9 -9
  389. data/src/core/lib/iomgr/pollset_custom.cc +5 -5
  390. data/src/core/lib/iomgr/pollset_windows.cc +5 -5
  391. data/src/core/lib/iomgr/port.h +1 -1
  392. data/src/core/lib/iomgr/python_util.h +1 -1
  393. data/src/core/lib/iomgr/resolve_address.cc +3 -3
  394. data/src/core/lib/iomgr/resolve_address.h +6 -6
  395. data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
  396. data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
  397. data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
  398. data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
  399. data/src/core/lib/iomgr/resource_quota.cc +12 -11
  400. data/src/core/lib/iomgr/socket_utils_common_posix.cc +23 -20
  401. data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
  402. data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
  403. data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
  404. data/src/core/lib/iomgr/tcp_client_posix.cc +16 -18
  405. data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
  406. data/src/core/lib/iomgr/tcp_client_windows.cc +5 -5
  407. data/src/core/lib/iomgr/tcp_custom.cc +14 -16
  408. data/src/core/lib/iomgr/tcp_custom.h +13 -12
  409. data/src/core/lib/iomgr/tcp_posix.cc +41 -42
  410. data/src/core/lib/iomgr/tcp_server.cc +6 -6
  411. data/src/core/lib/iomgr/tcp_server.h +12 -11
  412. data/src/core/lib/iomgr/tcp_server_custom.cc +23 -21
  413. data/src/core/lib/iomgr/tcp_server_posix.cc +22 -21
  414. data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
  415. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +19 -17
  416. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
  417. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  418. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
  419. data/src/core/lib/iomgr/tcp_uv.cc +27 -25
  420. data/src/core/lib/iomgr/tcp_windows.cc +13 -13
  421. data/src/core/lib/iomgr/tcp_windows.h +2 -2
  422. data/src/core/lib/iomgr/timer_custom.cc +2 -1
  423. data/src/core/lib/iomgr/timer_custom.h +1 -1
  424. data/src/core/lib/iomgr/timer_generic.cc +8 -8
  425. data/src/core/lib/iomgr/timer_manager.cc +1 -1
  426. data/src/core/lib/iomgr/udp_server.cc +21 -20
  427. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
  428. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
  429. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
  430. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  431. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
  432. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
  433. data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
  434. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  435. data/src/core/lib/iomgr/work_serializer.h +17 -1
  436. data/src/core/lib/json/json.h +1 -1
  437. data/src/core/lib/json/json_reader.cc +4 -4
  438. data/src/core/lib/matchers/matchers.cc +339 -0
  439. data/src/core/lib/matchers/matchers.h +160 -0
  440. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  441. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  442. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
  443. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  444. data/src/core/lib/security/credentials/credentials.h +4 -3
  445. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +18 -14
  446. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
  447. data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
  448. data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
  449. data/src/core/lib/security/credentials/external/external_account_credentials.cc +17 -14
  450. data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
  451. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +6 -5
  452. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
  453. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +9 -9
  454. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
  455. data/src/core/lib/security/credentials/fake/fake_credentials.cc +3 -3
  456. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  457. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +16 -15
  458. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
  459. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  460. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
  461. data/src/core/lib/security/credentials/jwt/json_token.cc +2 -5
  462. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
  463. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  464. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -8
  465. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  466. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  467. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
  468. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
  469. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
  470. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  471. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
  472. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  473. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
  474. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
  475. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +19 -13
  476. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
  477. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
  478. data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
  479. data/src/core/lib/security/credentials/xds/xds_credentials.cc +130 -61
  480. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  481. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
  482. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
  483. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
  484. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
  485. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
  486. data/src/core/lib/security/security_connector/local/local_security_connector.cc +14 -4
  487. data/src/core/lib/security/security_connector/security_connector.h +9 -4
  488. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
  489. data/src/core/lib/security/security_connector/ssl_utils.cc +31 -8
  490. data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
  491. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +88 -74
  492. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
  493. data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
  494. data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
  495. data/src/core/lib/security/transport/security_handshaker.cc +66 -37
  496. data/src/core/lib/security/transport/server_auth_filter.cc +24 -11
  497. data/src/core/lib/security/transport/tsi_error.cc +2 -1
  498. data/src/core/lib/security/transport/tsi_error.h +2 -1
  499. data/src/core/lib/security/util/json_util.cc +2 -2
  500. data/src/core/lib/security/util/json_util.h +1 -1
  501. data/src/core/lib/slice/slice_intern.cc +5 -6
  502. data/src/core/lib/surface/call.cc +46 -45
  503. data/src/core/lib/surface/call.h +2 -2
  504. data/src/core/lib/surface/channel.cc +6 -6
  505. data/src/core/lib/surface/channel.h +6 -5
  506. data/src/core/lib/surface/channel_ping.cc +1 -1
  507. data/src/core/lib/surface/completion_queue.cc +46 -47
  508. data/src/core/lib/surface/completion_queue.h +2 -1
  509. data/src/core/lib/surface/init.cc +13 -15
  510. data/src/core/lib/surface/lame_client.cc +43 -24
  511. data/src/core/lib/surface/lame_client.h +4 -3
  512. data/src/core/lib/surface/server.cc +71 -58
  513. data/src/core/lib/surface/server.h +91 -28
  514. data/src/core/lib/surface/validate_metadata.cc +7 -7
  515. data/src/core/lib/surface/validate_metadata.h +3 -2
  516. data/src/core/lib/surface/version.cc +4 -2
  517. data/src/core/lib/transport/byte_stream.cc +5 -5
  518. data/src/core/lib/transport/byte_stream.h +8 -8
  519. data/src/core/lib/transport/connectivity_state.cc +1 -1
  520. data/src/core/lib/transport/error_utils.cc +19 -8
  521. data/src/core/lib/transport/error_utils.h +11 -5
  522. data/src/core/lib/transport/metadata.cc +6 -2
  523. data/src/core/lib/transport/metadata_batch.cc +64 -37
  524. data/src/core/lib/transport/metadata_batch.h +33 -18
  525. data/src/core/lib/transport/transport.cc +4 -3
  526. data/src/core/lib/transport/transport.h +4 -4
  527. data/src/core/lib/transport/transport_op_string.cc +5 -5
  528. data/src/core/plugin_registry/grpc_plugin_registry.cc +12 -0
  529. data/src/core/tsi/alts/crypt/gsec.h +4 -0
  530. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -28
  531. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +23 -27
  532. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
  533. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  534. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
  535. data/src/core/tsi/fake_transport_security.cc +11 -2
  536. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
  537. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  538. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
  539. data/src/core/tsi/ssl_transport_security.cc +32 -17
  540. data/src/core/tsi/ssl_transport_security.h +3 -7
  541. data/src/ruby/bin/math_services_pb.rb +1 -1
  542. data/src/ruby/ext/grpc/extconf.rb +9 -1
  543. data/src/ruby/ext/grpc/rb_channel.c +10 -1
  544. data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
  545. data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
  546. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  547. data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
  548. data/src/ruby/ext/grpc/rb_grpc.c +4 -0
  549. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
  550. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
  551. data/src/ruby/ext/grpc/rb_server.c +13 -1
  552. data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
  553. data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
  554. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
  555. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
  556. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
  557. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
  558. data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
  559. data/src/ruby/lib/grpc/version.rb +1 -1
  560. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
  561. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
  562. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
  563. data/src/ruby/spec/call_spec.rb +1 -1
  564. data/src/ruby/spec/channel_credentials_spec.rb +32 -0
  565. data/src/ruby/spec/channel_spec.rb +17 -6
  566. data/src/ruby/spec/client_auth_spec.rb +27 -1
  567. data/src/ruby/spec/errors_spec.rb +1 -1
  568. data/src/ruby/spec/generic/active_call_spec.rb +2 -2
  569. data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
  570. data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
  571. data/src/ruby/spec/server_credentials_spec.rb +25 -0
  572. data/src/ruby/spec/server_spec.rb +22 -0
  573. data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
  574. data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
  575. data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
  576. data/third_party/abseil-cpp/absl/base/config.h +37 -9
  577. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
  578. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
  579. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  580. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
  581. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
  582. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
  583. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
  584. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
  585. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  586. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
  587. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  588. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
  589. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  590. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
  591. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
  592. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
  593. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  594. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  595. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
  596. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  597. data/third_party/abseil-cpp/absl/base/macros.h +11 -0
  598. data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
  599. data/third_party/abseil-cpp/absl/base/options.h +1 -1
  600. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  601. data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
  602. data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
  603. data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
  604. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
  605. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
  606. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
  607. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
  608. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
  609. data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
  610. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
  611. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
  612. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
  613. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
  614. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
  615. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
  616. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
  617. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
  618. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
  619. data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
  620. data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
  621. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
  622. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
  623. data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
  624. data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
  625. data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
  626. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  627. data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
  628. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  629. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  630. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
  631. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
  632. data/third_party/abseil-cpp/absl/status/status.cc +29 -22
  633. data/third_party/abseil-cpp/absl/status/status.h +81 -20
  634. data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
  635. data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
  636. data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
  637. data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
  638. data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
  639. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
  640. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
  641. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
  642. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  643. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
  644. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
  645. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
  646. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
  647. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
  648. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
  649. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
  650. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
  651. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
  652. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
  653. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
  654. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
  655. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
  656. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  657. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  658. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  659. data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
  660. data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
  661. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  662. data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
  663. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  664. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
  665. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
  666. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
  667. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
  668. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
  669. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
  670. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
  671. data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
  672. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  673. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  674. data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
  675. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
  676. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
  677. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
  678. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  679. data/third_party/abseil-cpp/absl/time/time.h +26 -24
  680. data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
  681. data/third_party/abseil-cpp/absl/types/variant.h +9 -4
  682. data/third_party/boringssl-with-bazel/err_data.c +742 -724
  683. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  684. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
  685. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  686. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  687. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +4 -11
  688. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  689. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +22 -10
  690. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  691. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +16 -16
  692. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +35 -0
  693. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  694. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +40 -86
  695. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +6 -17
  696. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  697. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  698. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  699. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  700. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  701. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  702. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  703. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  704. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  705. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  706. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +101 -3
  707. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
  708. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  709. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
  710. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
  711. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  712. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  713. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  714. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  715. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  716. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +4 -1
  717. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  718. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  719. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +10 -2
  720. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +32 -16
  721. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
  722. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  723. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  724. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  725. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +4 -43
  726. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +16 -0
  727. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -2
  728. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
  729. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
  730. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  731. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +43 -46
  732. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +43 -46
  733. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  734. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  735. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  737. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  738. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  739. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
  740. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +135 -43
  741. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -14
  742. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
  743. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  744. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +161 -9
  745. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +45 -48
  746. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +38 -43
  747. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +37 -45
  748. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +121 -71
  749. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +71 -41
  750. data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
  751. data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
  752. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
  753. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +1 -1
  754. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
  755. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  756. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  757. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  758. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/is_fips.c → rand_extra/passive.c} +16 -11
  759. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +5 -1
  760. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  761. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  762. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +19 -0
  763. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  764. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  765. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
  766. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +4 -31
  767. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
  768. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +39 -89
  769. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +17 -24
  770. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
  771. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -1
  772. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
  773. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
  774. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +21 -34
  775. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +6 -2
  776. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  777. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
  778. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  779. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -4
  780. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  781. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  782. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
  783. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  784. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
  785. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +4 -6
  786. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  787. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  788. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  789. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  790. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  791. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
  792. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +7 -6
  793. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  794. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +0 -3
  795. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
  796. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +737 -551
  797. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  798. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -5
  799. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  800. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  801. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -4
  802. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
  803. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
  804. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  805. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  806. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +20 -2
  807. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +19 -0
  808. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  809. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +13 -40
  810. data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
  811. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
  812. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +2 -0
  813. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
  814. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -2
  815. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  816. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +239 -37
  817. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +28 -8
  818. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +702 -219
  819. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +141 -36
  820. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +5 -0
  821. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +444 -0
  822. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +244 -1
  823. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +47 -15
  824. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
  825. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +159 -13
  826. data/third_party/boringssl-with-bazel/src/ssl/internal.h +253 -58
  827. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +7 -1
  828. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  829. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
  830. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
  831. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
  832. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +90 -25
  833. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
  834. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  835. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  836. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +450 -104
  837. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +34 -4
  838. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
  839. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
  840. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +232 -85
  841. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  842. data/third_party/xxhash/xxhash.h +5443 -0
  843. metadata +174 -95
  844. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
  845. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  846. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
  847. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  848. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
  849. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
  850. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  851. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
  852. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  853. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
  854. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
  855. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
  856. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
  857. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
  858. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
  859. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
  860. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
  861. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
  862. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
  863. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
  864. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
  865. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
  866. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
  867. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
  868. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  869. data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
  870. data/src/core/lib/security/authorization/authorization_engine.h +0 -84
  871. data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
  872. data/src/core/lib/security/authorization/evaluate_args.h +0 -59
  873. data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
  874. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
  875. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
  876. data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -97
  877. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
  878. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
  879. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
  880. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
  881. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
  882. data/third_party/upb/upb/json_decode.c +0 -1443
  883. data/third_party/upb/upb/json_decode.h +0 -23
  884. data/third_party/upb/upb/json_encode.c +0 -713
  885. data/third_party/upb/upb/json_encode.h +0 -36
data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc CHANGED
@@ -580,10 +580,40 @@ enum ssl_private_key_result_t tls13_add_certificate_verify(SSL_HANDSHAKE *hs) {
580
580
  return ssl_private_key_failure;
581
581
  }
582
582
 
583
- enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
584
- hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);
585
- if (sign_result != ssl_private_key_success) {
586
- return sign_result;
583
+ SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
584
+ Array<uint8_t> spki;
585
+ if (hints) {
586
+ ScopedCBB spki_cbb;
587
+ if (!CBB_init(spki_cbb.get(), 64) ||
588
+ !EVP_marshal_public_key(spki_cbb.get(), hs->local_pubkey.get()) ||
589
+ !CBBFinishArray(spki_cbb.get(), &spki)) {
590
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
591
+ return ssl_private_key_failure;
592
+ }
593
+ }
594
+
595
+ if (hints && !hs->hints_requested &&
596
+ signature_algorithm == hints->signature_algorithm &&
597
+ MakeConstSpan(msg) == hints->signature_input &&
598
+ MakeConstSpan(spki) == hints->signature_spki &&
599
+ !hints->signature.empty() && hints->signature.size() <= max_sig_len) {
600
+ // Signature algorithm and input both match. Reuse the signature from hints.
601
+ sig_len = hints->signature.size();
602
+ OPENSSL_memcpy(sig, hints->signature.data(), sig_len);
603
+ } else {
604
+ enum ssl_private_key_result_t sign_result = ssl_private_key_sign(
605
+ hs, sig, &sig_len, max_sig_len, signature_algorithm, msg);
606
+ if (sign_result != ssl_private_key_success) {
607
+ return sign_result;
608
+ }
609
+ if (hints && hs->hints_requested) {
610
+ hints->signature_algorithm = signature_algorithm;
611
+ hints->signature_input = std::move(msg);
612
+ hints->signature_spki = std::move(spki);
613
+ if (!hints->signature.CopyFrom(MakeSpan(sig, sig_len))) {
614
+ return ssl_private_key_failure;
615
+ }
616
+ }
587
617
  }
588
618
 
589
619
  if (!CBB_did_write(&child, sig_len) ||
data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc CHANGED
@@ -414,8 +414,8 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
414
414
  // Set up the key schedule and incorporate the PSK into the running secret.
415
415
  if (ssl->s3->session_reused) {
416
416
  if (!tls13_init_key_schedule(
417
- hs, MakeConstSpan(hs->new_session->master_key,
418
- hs->new_session->master_key_length))) {
417
+ hs, MakeConstSpan(hs->new_session->secret,
418
+ hs->new_session->secret_length))) {
419
419
  return ssl_hs_error;
420
420
  }
421
421
  } else if (!tls13_init_key_schedule(hs, MakeConstSpan(kZeroes, hash_len))) {
data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc CHANGED
@@ -303,10 +303,9 @@ bool tls13_derive_resumption_secret(SSL_HANDSHAKE *hs) {
303
303
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
304
304
  return false;
305
305
  }
306
- hs->new_session->master_key_length = hs->transcript.DigestLen();
306
+ hs->new_session->secret_length = hs->transcript.DigestLen();
307
307
  return derive_secret(
308
- hs,
309
- MakeSpan(hs->new_session->master_key, hs->new_session->master_key_length),
308
+ hs, MakeSpan(hs->new_session->secret, hs->new_session->secret_length),
310
309
  label_to_span(kTLS13LabelResumption));
311
310
  }
312
311
 
@@ -354,8 +353,8 @@ bool tls13_derive_session_psk(SSL_SESSION *session, Span<const uint8_t> nonce) {
354
353
  const EVP_MD *digest = ssl_session_get_digest(session);
355
354
  // The session initially stores the resumption_master_secret, which we
356
355
  // override with the PSK.
357
- auto session_key = MakeSpan(session->master_key, session->master_key_length);
358
- return hkdf_expand_label(session_key, digest, session_key,
356
+ auto session_secret = MakeSpan(session->secret, session->secret_length);
357
+ return hkdf_expand_label(session_secret, digest, session_secret,
359
358
  label_to_span(kTLS13LabelResumptionPSK), nonce);
360
359
  }
361
360
 
@@ -460,11 +459,10 @@ bool tls13_write_psk_binder(SSL_HANDSHAKE *hs, Span<uint8_t> msg) {
460
459
  if (!hash_transcript_and_truncated_client_hello(
461
460
  hs, context, &context_len, digest, msg,
462
461
  1 /* length prefix */ + hash_len) ||
463
- !tls13_psk_binder(verify_data, &verify_data_len,
464
- ssl->session->ssl_version, digest,
465
- MakeConstSpan(ssl->session->master_key,
466
- ssl->session->master_key_length),
467
- MakeConstSpan(context, context_len)) ||
462
+ !tls13_psk_binder(
463
+ verify_data, &verify_data_len, ssl->session->ssl_version, digest,
464
+ MakeConstSpan(ssl->session->secret, ssl->session->secret_length),
465
+ MakeConstSpan(context, context_len)) ||
468
466
  verify_data_len != hash_len) {
469
467
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
470
468
  return false;
@@ -485,11 +483,10 @@ bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
485
483
  if (!hash_transcript_and_truncated_client_hello(hs, context, &context_len,
486
484
  hs->transcript.Digest(),
487
485
  msg.raw, CBS_len(binders)) ||
488
- !tls13_psk_binder(
489
- verify_data, &verify_data_len, hs->ssl->version,
490
- hs->transcript.Digest(),
491
- MakeConstSpan(session->master_key, session->master_key_length),
492
- MakeConstSpan(context, context_len)) ||
486
+ !tls13_psk_binder(verify_data, &verify_data_len, hs->ssl->version,
487
+ hs->transcript.Digest(),
488
+ MakeConstSpan(session->secret, session->secret_length),
489
+ MakeConstSpan(context, context_len)) ||
493
490
  // We only consider the first PSK, so compare against the first binder.
494
491
  !CBS_get_u8_length_prefixed(binders, &binder)) {
495
492
  OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
@@ -510,4 +507,40 @@ bool tls13_verify_psk_binder(SSL_HANDSHAKE *hs, SSL_SESSION *session,
510
507
  return true;
511
508
  }
512
509
 
510
+ bool tls13_ech_accept_confirmation(
511
+ SSL_HANDSHAKE *hs, bssl::Span<uint8_t> out,
512
+ bssl::Span<const uint8_t> server_hello_ech_conf) {
513
+ // Compute the hash of the transcript concatenated with
514
+ // |server_hello_ech_conf| without modifying |hs->transcript|.
515
+ uint8_t context_hash[EVP_MAX_MD_SIZE];
516
+ unsigned context_hash_len;
517
+ ScopedEVP_MD_CTX ctx;
518
+ if (!hs->transcript.CopyToHashContext(ctx.get(), hs->transcript.Digest()) ||
519
+ !EVP_DigestUpdate(ctx.get(), server_hello_ech_conf.data(),
520
+ server_hello_ech_conf.size()) ||
521
+ !EVP_DigestFinal_ex(ctx.get(), context_hash, &context_hash_len)) {
522
+ return false;
523
+ }
524
+
525
+ // Per draft-ietf-tls-esni-09, accept_confirmation is computed with
526
+ // Derive-Secret, which derives a secret of size Hash.length. That value is
527
+ // then truncated to the first 8 bytes. Note this differs from deriving an
528
+ // 8-byte secret because the target length is included in the derivation.
529
+ uint8_t accept_confirmation_buf[EVP_MAX_MD_SIZE];
530
+ bssl::Span<uint8_t> accept_confirmation =
531
+ MakeSpan(accept_confirmation_buf, hs->transcript.DigestLen());
532
+ if (!hkdf_expand_label(accept_confirmation, hs->transcript.Digest(),
533
+ hs->secret(), label_to_span("ech accept confirmation"),
534
+ MakeConstSpan(context_hash, context_hash_len))) {
535
+ return false;
536
+ }
537
+
538
+ if (out.size() > accept_confirmation.size()) {
539
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
540
+ return false;
541
+ }
542
+ OPENSSL_memcpy(out.data(), accept_confirmation.data(), out.size());
543
+ return true;
544
+ }
545
+
513
546
  BSSL_NAMESPACE_END
data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc CHANGED
@@ -28,6 +28,7 @@
28
28
  #include <openssl/stack.h>
29
29
 
30
30
  #include "../crypto/internal.h"
31
+ #include "../crypto/hpke/internal.h"
31
32
  #include "internal.h"
32
33
 
33
34
 
@@ -41,35 +42,57 @@ static const uint8_t kZeroes[EVP_MAX_MD_SIZE] = {0};
41
42
  // See RFC 8446, section 8.3.
42
43
  static const int32_t kMaxTicketAgeSkewSeconds = 60;
43
44
 
44
- static int resolve_ecdhe_secret(SSL_HANDSHAKE *hs, bool *out_need_retry,
45
- SSL_CLIENT_HELLO *client_hello) {
45
+ static bool resolve_ecdhe_secret(SSL_HANDSHAKE *hs,
46
+ const SSL_CLIENT_HELLO *client_hello) {
46
47
  SSL *const ssl = hs->ssl;
47
- *out_need_retry = false;
48
-
49
- // We only support connections that include an ECDHE key exchange.
50
- CBS key_share;
51
- if (!ssl_client_hello_get_extension(client_hello, &key_share,
52
- TLSEXT_TYPE_key_share)) {
53
- OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
54
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
55
- return 0;
56
- }
48
+ const uint16_t group_id = hs->new_session->group_id;
57
49
 
58
50
  bool found_key_share;
59
- Array<uint8_t> dhe_secret;
51
+ Span<const uint8_t> peer_key;
60
52
  uint8_t alert = SSL_AD_DECODE_ERROR;
61
- if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &dhe_secret,
62
- &alert, &key_share)) {
53
+ if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share, &peer_key,
54
+ &alert, client_hello)) {
63
55
  ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
64
- return 0;
56
+ return false;
65
57
  }
66
58
 
67
59
  if (!found_key_share) {
68
- *out_need_retry = true;
69
- return 0;
60
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
61
+ OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
62
+ return false;
70
63
  }
71
64
 
72
- return tls13_advance_key_schedule(hs, dhe_secret);
65
+ Array<uint8_t> secret;
66
+ SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
67
+ if (hints && !hs->hints_requested && hints->key_share_group_id == group_id &&
68
+ !hints->key_share_secret.empty()) {
69
+ // Copy DH secret from hints.
70
+ if (!hs->ecdh_public_key.CopyFrom(hints->key_share_public_key) ||
71
+ !secret.CopyFrom(hints->key_share_secret)) {
72
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
73
+ return false;
74
+ }
75
+ } else {
76
+ ScopedCBB public_key;
77
+ UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
78
+ if (!key_share || //
79
+ !CBB_init(public_key.get(), 32) ||
80
+ !key_share->Accept(public_key.get(), &secret, &alert, peer_key) ||
81
+ !CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
82
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
83
+ return false;
84
+ }
85
+ if (hints && hs->hints_requested) {
86
+ hints->key_share_group_id = group_id;
87
+ if (!hints->key_share_public_key.CopyFrom(hs->ecdh_public_key) ||
88
+ !hints->key_share_secret.CopyFrom(secret)) {
89
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
90
+ return false;
91
+ }
92
+ }
93
+ }
94
+
95
+ return tls13_advance_key_schedule(hs, secret);
73
96
  }
74
97
 
75
98
  static int ssl_ext_supported_versions_add_serverhello(SSL_HANDSHAKE *hs,
@@ -186,13 +209,8 @@ static enum ssl_hs_wait_t do_select_parameters(SSL_HANDSHAKE *hs) {
186
209
  // the common handshake logic. Resolve the remaining non-PSK parameters.
187
210
  SSL *const ssl = hs->ssl;
188
211
  SSLMessage msg;
189
- if (!ssl->method->get_message(ssl, &msg)) {
190
- return ssl_hs_read_message;
191
- }
192
212
  SSL_CLIENT_HELLO client_hello;
193
- if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
194
- OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
195
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
213
+ if (!hs->GetClientHello(&msg, &client_hello)) {
196
214
  return ssl_hs_error;
197
215
  }
198
216
 
@@ -252,6 +270,16 @@ static enum ssl_ticket_aead_result_t select_session(
252
270
  return ssl_ticket_aead_ignore_ticket;
253
271
  }
254
272
 
273
+ // Per RFC8446, section 4.2.9, servers MUST abort the handshake if the client
274
+ // sends pre_shared_key without psk_key_exchange_modes.
275
+ CBS unused;
276
+ if (!ssl_client_hello_get_extension(client_hello, &unused,
277
+ TLSEXT_TYPE_psk_key_exchange_modes)) {
278
+ *out_alert = SSL_AD_MISSING_EXTENSION;
279
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
280
+ return ssl_ticket_aead_error;
281
+ }
282
+
255
283
  CBS ticket, binders;
256
284
  uint32_t client_ticket_age;
257
285
  if (!ssl_ext_pre_shared_key_parse_clienthello(
@@ -337,13 +365,8 @@ static bool quic_ticket_compatible(const SSL_SESSION *session,
337
365
  static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
338
366
  SSL *const ssl = hs->ssl;
339
367
  SSLMessage msg;
340
- if (!ssl->method->get_message(ssl, &msg)) {
341
- return ssl_hs_read_message;
342
- }
343
368
  SSL_CLIENT_HELLO client_hello;
344
- if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
345
- OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
346
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
369
+ if (!hs->GetClientHello(&msg, &client_hello)) {
347
370
  return ssl_hs_error;
348
371
  }
349
372
 
@@ -393,6 +416,23 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
393
416
  return ssl_hs_error;
394
417
  }
395
418
 
419
+ // Record connection properties in the new session.
420
+ hs->new_session->cipher = hs->new_cipher;
421
+ if (!tls1_get_shared_group(hs, &hs->new_session->group_id)) {
422
+ OPENSSL_PUT_ERROR(SSL, SSL_R_NO_SHARED_GROUP);
423
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
424
+ return ssl_hs_error;
425
+ }
426
+
427
+ // Determine if we need HelloRetryRequest.
428
+ bool found_key_share;
429
+ if (!ssl_ext_key_share_parse_clienthello(hs, &found_key_share,
430
+ /*out_key_share=*/nullptr, &alert,
431
+ &client_hello)) {
432
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
433
+ return ssl_hs_error;
434
+ }
435
+
396
436
  // Determine if we're negotiating 0-RTT.
397
437
  if (!ssl->enable_early_data) {
398
438
  ssl->s3->early_data_reason = ssl_early_data_disabled;
@@ -423,6 +463,8 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
423
463
  ssl->s3->early_data_reason = ssl_early_data_ticket_age_skew;
424
464
  } else if (!quic_ticket_compatible(session.get(), hs->config)) {
425
465
  ssl->s3->early_data_reason = ssl_early_data_quic_parameter_mismatch;
466
+ } else if (!found_key_share) {
467
+ ssl->s3->early_data_reason = ssl_early_data_hello_retry_request;
426
468
  } else {
427
469
  // |ssl_session_is_resumable| forbids cross-cipher resumptions even if the
428
470
  // PRF hashes match.
@@ -432,9 +474,6 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
432
474
  ssl->s3->early_data_accepted = true;
433
475
  }
434
476
 
435
- // Record connection properties in the new session.
436
- hs->new_session->cipher = hs->new_cipher;
437
-
438
477
  // Store the ALPN and ALPS values in the session for 0-RTT. Note the peer
439
478
  // applications settings are not generally known until client
440
479
  // EncryptedExtensions.
@@ -477,8 +516,8 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
477
516
  // Set up the key schedule and incorporate the PSK into the running secret.
478
517
  if (ssl->s3->session_reused) {
479
518
  if (!tls13_init_key_schedule(
480
- hs, MakeConstSpan(hs->new_session->master_key,
481
- hs->new_session->master_key_length))) {
519
+ hs, MakeConstSpan(hs->new_session->secret,
520
+ hs->new_session->secret_length))) {
482
521
  return ssl_hs_error;
483
522
  }
484
523
  } else if (!tls13_init_key_schedule(hs, MakeConstSpan(kZeroes, hash_len))) {
@@ -497,33 +536,30 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
497
536
  ssl->s3->skip_early_data = true;
498
537
  }
499
538
 
500
- // Resolve ECDHE and incorporate it into the secret.
501
- bool need_retry;
502
- if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
503
- if (need_retry) {
504
- if (ssl->s3->early_data_accepted) {
505
- ssl->s3->early_data_reason = ssl_early_data_hello_retry_request;
506
- ssl->s3->early_data_accepted = false;
507
- }
508
- ssl->s3->skip_early_data = true;
509
- ssl->method->next_message(ssl);
510
- if (!hs->transcript.UpdateForHelloRetryRequest()) {
511
- return ssl_hs_error;
512
- }
513
- hs->tls13_state = state13_send_hello_retry_request;
514
- return ssl_hs_ok;
539
+ if (!found_key_share) {
540
+ ssl->method->next_message(ssl);
541
+ if (!hs->transcript.UpdateForHelloRetryRequest()) {
542
+ return ssl_hs_error;
515
543
  }
544
+ hs->tls13_state = state13_send_hello_retry_request;
545
+ return ssl_hs_ok;
546
+ }
547
+
548
+ if (!resolve_ecdhe_secret(hs, &client_hello)) {
516
549
  return ssl_hs_error;
517
550
  }
518
551
 
519
552
  ssl->method->next_message(ssl);
553
+ hs->ech_client_hello_buf.Reset();
520
554
  hs->tls13_state = state13_send_server_hello;
521
555
  return ssl_hs_ok;
522
556
  }
523
557
 
524
558
  static enum ssl_hs_wait_t do_send_hello_retry_request(SSL_HANDSHAKE *hs) {
525
559
  SSL *const ssl = hs->ssl;
526
-
560
+ if (hs->hints_requested) {
561
+ return ssl_hs_hints_ready;
562
+ }
527
563
 
528
564
  ScopedCBB cbb;
529
565
  CBB body, session_id, extensions;
@@ -566,12 +602,78 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
566
602
  return ssl_hs_error;
567
603
  }
568
604
  SSL_CLIENT_HELLO client_hello;
569
- if (!ssl_client_hello_init(ssl, &client_hello, msg)) {
605
+ if (!ssl_client_hello_init(ssl, &client_hello, msg.body)) {
570
606
  OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
571
607
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
572
608
  return ssl_hs_error;
573
609
  }
574
610
 
611
+ if (hs->ech_accept) {
612
+ // If we previously accepted the ClientHelloInner, check that the second
613
+ // ClientHello contains an encrypted_client_hello extension.
614
+ CBS ech_body;
615
+ if (!ssl_client_hello_get_extension(&client_hello, &ech_body,
616
+ TLSEXT_TYPE_encrypted_client_hello)) {
617
+ OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_EXTENSION);
618
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_MISSING_EXTENSION);
619
+ return ssl_hs_error;
620
+ }
621
+
622
+ // Parse a ClientECH out of the extension body.
623
+ uint16_t kdf_id, aead_id;
624
+ CBS config_id, enc, payload;
625
+ if (!CBS_get_u16(&ech_body, &kdf_id) || //
626
+ !CBS_get_u16(&ech_body, &aead_id) ||
627
+ !CBS_get_u8_length_prefixed(&ech_body, &config_id) ||
628
+ !CBS_get_u16_length_prefixed(&ech_body, &enc) ||
629
+ !CBS_get_u16_length_prefixed(&ech_body, &payload) ||
630
+ CBS_len(&ech_body) != 0) {
631
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
632
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
633
+ return ssl_hs_error;
634
+ }
635
+
636
+ // Check that ClientECH.cipher_suite is unchanged and that
637
+ // ClientECH.config_id and ClientECH.enc are empty.
638
+ if (kdf_id != EVP_HPKE_CTX_get_kdf_id(hs->ech_hpke_ctx.get()) ||
639
+ aead_id != EVP_HPKE_CTX_get_aead_id(hs->ech_hpke_ctx.get()) ||
640
+ CBS_len(&config_id) > 0 || CBS_len(&enc) > 0) {
641
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
642
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
643
+ return ssl_hs_error;
644
+ }
645
+
646
+ // Decrypt the payload with the HPKE context from the first ClientHello.
647
+ Array<uint8_t> encoded_client_hello_inner;
648
+ bool unused;
649
+ if (!ssl_client_hello_decrypt(
650
+ hs->ech_hpke_ctx.get(), &encoded_client_hello_inner, &unused,
651
+ &client_hello, kdf_id, aead_id, config_id, enc, payload)) {
652
+ // Decryption failure is fatal in the second ClientHello.
653
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
654
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
655
+ return ssl_hs_error;
656
+ }
657
+
658
+ // Recover the ClientHelloInner from the EncodedClientHelloInner.
659
+ uint8_t alert = SSL_AD_DECODE_ERROR;
660
+ bssl::Array<uint8_t> client_hello_inner;
661
+ if (!ssl_decode_client_hello_inner(ssl, &alert, &client_hello_inner,
662
+ encoded_client_hello_inner,
663
+ &client_hello)) {
664
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
665
+ ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
666
+ return ssl_hs_error;
667
+ }
668
+ hs->ech_client_hello_buf = std::move(client_hello_inner);
669
+
670
+ // Reparse |client_hello| from the buffer owned by |hs|.
671
+ if (!hs->GetClientHello(&msg, &client_hello)) {
672
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
673
+ return ssl_hs_error;
674
+ }
675
+ }
676
+
575
677
  // We perform all our negotiation based on the first ClientHello (for
576
678
  // consistency with what |select_certificate_cb| observed), which is in the
577
679
  // transcript, so we can ignore most of this second one.
@@ -607,13 +709,7 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
607
709
  }
608
710
  }
609
711
 
610
- bool need_retry;
611
- if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
612
- if (need_retry) {
613
- // Only send one HelloRetryRequest.
614
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
615
- OPENSSL_PUT_ERROR(SSL, SSL_R_WRONG_CURVE);
616
- }
712
+ if (!resolve_ecdhe_secret(hs, &client_hello)) {
617
713
  return ssl_hs_error;
618
714
  }
619
715
 
@@ -629,20 +725,19 @@ static enum ssl_hs_wait_t do_read_second_client_hello(SSL_HANDSHAKE *hs) {
629
725
  }
630
726
 
631
727
  ssl->method->next_message(ssl);
728
+ hs->ech_client_hello_buf.Reset();
632
729
  hs->tls13_state = state13_send_server_hello;
633
730
  return ssl_hs_ok;
634
731
  }
635
732
 
636
- static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
733
+ static bool make_server_hello(SSL_HANDSHAKE *hs, Array<uint8_t> *out) {
637
734
  SSL *const ssl = hs->ssl;
638
-
639
- // Send a ServerHello.
640
735
  ScopedCBB cbb;
641
736
  CBB body, extensions, session_id;
642
737
  if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_SERVER_HELLO) ||
643
738
  !CBB_add_u16(&body, TLS1_2_VERSION) ||
644
- !RAND_bytes(ssl->s3->server_random, sizeof(ssl->s3->server_random)) ||
645
- !CBB_add_bytes(&body, ssl->s3->server_random, SSL3_RANDOM_SIZE) ||
739
+ !CBB_add_bytes(&body, ssl->s3->server_random,
740
+ sizeof(ssl->s3->server_random)) ||
646
741
  !CBB_add_u8_length_prefixed(&body, &session_id) ||
647
742
  !CBB_add_bytes(&session_id, hs->session_id, hs->session_id_len) ||
648
743
  !CBB_add_u16(&body, SSL_CIPHER_get_protocol_id(hs->new_cipher)) ||
@@ -651,10 +746,52 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
651
746
  !ssl_ext_pre_shared_key_add_serverhello(hs, &extensions) ||
652
747
  !ssl_ext_key_share_add_serverhello(hs, &extensions) ||
653
748
  !ssl_ext_supported_versions_add_serverhello(hs, &extensions) ||
654
- !ssl_add_message_cbb(ssl, cbb.get())) {
749
+ !ssl->method->finish_message(ssl, cbb.get(), out)) {
750
+ return false;
751
+ }
752
+ return true;
753
+ }
754
+
755
+ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
756
+ SSL *const ssl = hs->ssl;
757
+
758
+ Span<uint8_t> random(ssl->s3->server_random);
759
+
760
+ SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
761
+ if (hints && !hs->hints_requested &&
762
+ hints->server_random.size() == random.size()) {
763
+ OPENSSL_memcpy(random.data(), hints->server_random.data(), random.size());
764
+ } else {
765
+ RAND_bytes(random.data(), random.size());
766
+ if (hints && hs->hints_requested &&
767
+ !hints->server_random.CopyFrom(random)) {
768
+ return ssl_hs_error;
769
+ }
770
+ }
771
+
772
+ assert(!hs->ech_accept || hs->ech_is_inner_present);
773
+
774
+ if (hs->ech_is_inner_present) {
775
+ // Construct the ServerHelloECHConf message, which is the same as
776
+ // ServerHello, except the last 8 bytes of its random field are zeroed out.
777
+ Span<uint8_t> random_suffix = random.subspan(24);
778
+ OPENSSL_memset(random_suffix.data(), 0, random_suffix.size());
779
+
780
+ Array<uint8_t> server_hello_ech_conf;
781
+ if (!make_server_hello(hs, &server_hello_ech_conf) ||
782
+ !tls13_ech_accept_confirmation(hs, random_suffix,
783
+ server_hello_ech_conf)) {
784
+ return ssl_hs_error;
785
+ }
786
+ }
787
+
788
+ Array<uint8_t> server_hello;
789
+ if (!make_server_hello(hs, &server_hello) ||
790
+ !ssl->method->add_message(ssl, std::move(server_hello))) {
655
791
  return ssl_hs_error;
656
792
  }
657
793
 
794
+ hs->ecdh_public_key.Reset(); // No longer needed.
658
795
  if (!ssl->s3->used_hello_retry_request &&
659
796
  !ssl->method->add_change_cipher_spec(ssl)) {
660
797
  return ssl_hs_error;
@@ -669,6 +806,8 @@ static enum ssl_hs_wait_t do_send_server_hello(SSL_HANDSHAKE *hs) {
669
806
  }
670
807
 
671
808
  // Send EncryptedExtensions.
809
+ ScopedCBB cbb;
810
+ CBB body;
672
811
  if (!ssl->method->init_message(ssl, cbb.get(), &body,
673
812
  SSL3_MT_ENCRYPTED_EXTENSIONS) ||
674
813
  !ssl_add_serverhello_tlsext(hs, &body) ||
@@ -758,6 +897,10 @@ static enum ssl_hs_wait_t do_send_server_certificate_verify(SSL_HANDSHAKE *hs) {
758
897
 
759
898
  static enum ssl_hs_wait_t do_send_server_finished(SSL_HANDSHAKE *hs) {
760
899
  SSL *const ssl = hs->ssl;
900
+ if (hs->hints_requested) {
901
+ return ssl_hs_hints_ready;
902
+ }
903
+
761
904
  if (!tls13_add_finished(hs) ||
762
905
  // Update the secret to the master secret and derive traffic keys.
763
906
  !tls13_advance_key_schedule(
@@ -844,7 +987,7 @@ static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
844
987
  hs->client_handshake_secret())) {
845
988
  return ssl_hs_error;
846
989
  }
847
- hs->tls13_state = state13_read_client_certificate;
990
+ hs->tls13_state = state13_process_end_of_early_data;
848
991
  return ssl->s3->early_data_accepted ? ssl_hs_early_return : ssl_hs_ok;
849
992
  }
850
993
 
@@ -855,27 +998,31 @@ static enum ssl_hs_wait_t do_read_second_client_flight(SSL_HANDSHAKE *hs) {
855
998
 
856
999
  static enum ssl_hs_wait_t do_process_end_of_early_data(SSL_HANDSHAKE *hs) {
857
1000
  SSL *const ssl = hs->ssl;
858
- // If early data was not accepted, the EndOfEarlyData will be in the discarded
859
- // early data.
860
- if (hs->ssl->s3->early_data_accepted) {
861
- SSLMessage msg;
862
- if (!ssl->method->get_message(ssl, &msg)) {
863
- return ssl_hs_read_message;
864
- }
865
- if (!ssl_check_message_type(ssl, msg, SSL3_MT_END_OF_EARLY_DATA)) {
866
- return ssl_hs_error;
1001
+ // In protocols that use EndOfEarlyData, we must consume the extra message and
1002
+ // switch to client_handshake_secret after the early return.
1003
+ if (ssl->quic_method == nullptr) {
1004
+ // If early data was not accepted, the EndOfEarlyData will be in the
1005
+ // discarded early data.
1006
+ if (hs->ssl->s3->early_data_accepted) {
1007
+ SSLMessage msg;
1008
+ if (!ssl->method->get_message(ssl, &msg)) {
1009
+ return ssl_hs_read_message;
1010
+ }
1011
+ if (!ssl_check_message_type(ssl, msg, SSL3_MT_END_OF_EARLY_DATA)) {
1012
+ return ssl_hs_error;
1013
+ }
1014
+ if (CBS_len(&msg.body) != 0) {
1015
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
1016
+ OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1017
+ return ssl_hs_error;
1018
+ }
1019
+ ssl->method->next_message(ssl);
867
1020
  }
868
- if (CBS_len(&msg.body) != 0) {
869
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
870
- OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
1021
+ if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
1022
+ hs->new_session.get(),
1023
+ hs->client_handshake_secret())) {
871
1024
  return ssl_hs_error;
872
1025
  }
873
- ssl->method->next_message(ssl);
874
- }
875
- if (!tls13_set_traffic_key(ssl, ssl_encryption_handshake, evp_aead_open,
876
- hs->new_session.get(),
877
- hs->client_handshake_secret())) {
878
- return ssl_hs_error;
879
1026
  }
880
1027
  hs->tls13_state = state13_read_client_encrypted_extensions;
881
1028
  return ssl_hs_ok;