grpc 1.37.0 → 1.45.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +501 -260
- data/etc/roots.pem +335 -326
- data/include/grpc/byte_buffer.h +1 -1
- data/include/grpc/byte_buffer_reader.h +1 -1
- data/include/grpc/event_engine/README.md +38 -0
- data/include/grpc/event_engine/endpoint_config.h +43 -0
- data/include/grpc/event_engine/event_engine.h +399 -0
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +68 -0
- data/include/grpc/event_engine/memory_allocator.h +226 -0
- data/include/grpc/event_engine/memory_request.h +57 -0
- data/include/grpc/event_engine/port.h +39 -0
- data/include/grpc/fork.h +1 -1
- data/include/grpc/grpc.h +65 -22
- data/include/grpc/grpc_posix.h +22 -18
- data/include/grpc/grpc_security.h +358 -191
- data/include/grpc/grpc_security_constants.h +17 -14
- data/include/grpc/impl/codegen/atm.h +5 -3
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
- data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
- data/include/grpc/impl/codegen/atm_windows.h +2 -0
- data/include/grpc/impl/codegen/byte_buffer.h +2 -0
- data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
- data/include/grpc/impl/codegen/compression_types.h +2 -2
- data/include/grpc/impl/codegen/connectivity_state.h +2 -0
- data/include/grpc/impl/codegen/fork.h +2 -0
- data/include/grpc/impl/codegen/gpr_slice.h +2 -0
- data/include/grpc/impl/codegen/gpr_types.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +61 -28
- data/include/grpc/impl/codegen/log.h +2 -0
- data/include/grpc/impl/codegen/port_platform.h +83 -22
- data/include/grpc/impl/codegen/propagation_bits.h +2 -0
- data/include/grpc/impl/codegen/slice.h +6 -1
- data/include/grpc/impl/codegen/status.h +2 -0
- data/include/grpc/impl/codegen/sync.h +8 -5
- data/include/grpc/impl/codegen/sync_abseil.h +2 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +3 -0
- data/include/grpc/impl/codegen/sync_posix.h +4 -2
- data/include/grpc/impl/codegen/sync_windows.h +2 -0
- data/include/grpc/module.modulemap +14 -14
- data/include/grpc/slice.h +1 -12
- data/include/grpc/status.h +1 -1
- data/include/grpc/support/atm.h +1 -1
- data/include/grpc/support/atm_gcc_atomic.h +1 -1
- data/include/grpc/support/atm_gcc_sync.h +1 -1
- data/include/grpc/support/atm_windows.h +1 -1
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/port_platform.h +1 -1
- data/include/grpc/support/sync.h +1 -1
- data/include/grpc/support/sync_abseil.h +1 -1
- data/include/grpc/support/sync_custom.h +1 -1
- data/include/grpc/support/sync_generic.h +1 -1
- data/include/grpc/support/sync_posix.h +1 -1
- data/include/grpc/support/sync_windows.h +1 -1
- data/include/grpc/support/time.h +2 -2
- data/src/core/ext/filters/census/grpc_context.cc +1 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +24 -27
- data/src/core/ext/filters/client_channel/backend_metric.h +4 -3
- data/src/core/ext/filters/client_channel/backup_poller.cc +17 -12
- data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +158 -202
- data/src/core/ext/filters/client_channel/client_channel.cc +1231 -3574
- data/src/core/ext/filters/client_channel/client_channel.h +563 -56
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +2 -2
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +17 -19
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +19 -22
- data/src/core/ext/filters/client_channel/config_selector.cc +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +22 -10
- data/src/core/ext/filters/client_channel/connector.h +20 -20
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +15 -17
- data/src/core/ext/filters/client_channel/dynamic_filters.h +5 -5
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +2 -22
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +3 -16
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +72 -68
- data/src/core/ext/filters/client_channel/health/health_check_client.h +38 -36
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +54 -55
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +4 -3
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +6 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +12 -24
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +300 -201
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +3 -6
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +6 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +4 -4
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +86 -61
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +73 -68
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +785 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2551 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +77 -78
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +19 -14
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +37 -34
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +112 -167
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +188 -111
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +46 -65
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +198 -312
- data/src/core/ext/filters/client_channel/lb_policy.cc +17 -30
- data/src/core/ext/filters/client_channel/lb_policy.h +170 -137
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +2 -1
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -11
- data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +133 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +292 -149
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +23 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +24 -19
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +51 -69
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +168 -281
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +39 -26
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +138 -120
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +42 -47
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +9 -6
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +102 -79
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +41 -40
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +547 -468
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +42 -253
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +34 -57
- data/src/core/ext/filters/client_channel/retry_filter.cc +2640 -0
- data/src/core/ext/filters/{workarounds/workaround_cronet_compression_filter.h → client_channel/retry_filter.h} +9 -6
- data/src/core/ext/filters/client_channel/retry_service_config.cc +314 -0
- data/src/core/ext/filters/client_channel/retry_service_config.h +102 -0
- data/src/core/ext/filters/client_channel/retry_throttle.cc +14 -59
- data/src/core/ext/filters/client_channel/retry_throttle.h +11 -5
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +56 -41
- data/src/core/ext/filters/client_channel/subchannel.cc +143 -207
- data/src/core/ext/filters/client_channel/subchannel.h +43 -62
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +22 -7
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +11 -2
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +109 -348
- data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
- data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +41 -43
- data/src/core/ext/filters/deadline/deadline_filter.h +3 -2
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +105 -102
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +21 -31
- data/src/core/ext/filters/fault_injection/service_config_parser.h +11 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +108 -183
- data/src/core/ext/filters/http/client_authority_filter.cc +36 -95
- data/src/core/ext/filters/http/client_authority_filter.h +23 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +52 -73
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +67 -157
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +43 -56
- data/src/core/ext/filters/http/server/http_server_filter.cc +115 -207
- data/src/core/ext/filters/max_age/max_age_filter.cc +75 -69
- data/src/core/ext/filters/message_size/message_size_filter.cc +63 -69
- data/src/core/ext/filters/message_size/message_size_filter.h +11 -4
- data/src/core/ext/filters/rbac/rbac_filter.cc +162 -0
- data/src/core/ext/filters/rbac/rbac_filter.h +76 -0
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +606 -0
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +75 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector.cc +67 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +71 -0
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +271 -0
- data/src/core/{lib/transport/authority_override.h → ext/filters/server_config_selector/server_config_selector_filter.h} +8 -13
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +251 -19
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +339 -138
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +4 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +386 -463
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -4
- data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/context_list.h +4 -6
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +66 -47
- data/src/core/ext/transport/chttp2/transport/flow_control.h +27 -21
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +23 -24
- data/src/core/ext/transport/chttp2/transport/frame_data.h +11 -10
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +21 -20
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +17 -17
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +8 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +17 -15
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +49 -17
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +7 -6
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +16 -13
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +520 -749
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +183 -71
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +71 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +811 -1193
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +101 -83
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +239 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +115 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +51 -74
- data/src/core/ext/transport/chttp2/transport/parsing.cc +157 -293
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/varint.cc +13 -7
- data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
- data/src/core/ext/transport/chttp2/transport/writing.cc +113 -164
- data/src/core/ext/transport/inproc/inproc_plugin.cc +0 -4
- data/src/core/ext/transport/inproc/inproc_transport.cc +186 -215
- data/src/core/ext/transport/inproc/inproc_transport.h +1 -4
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +114 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +402 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +119 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +453 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +244 -210
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +932 -575
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +56 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +138 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +62 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +146 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +93 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +43 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +88 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +103 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +466 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +95 -0
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +44 -1
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +20 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +31 -5
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +40 -19
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +144 -117
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +513 -317
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +241 -188
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +954 -530
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +44 -29
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +137 -81
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +328 -250
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1266 -657
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +41 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +41 -28
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +136 -80
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +290 -0
- data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +1122 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +73 -54
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +265 -159
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +41 -23
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +238 -153
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +894 -471
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +63 -46
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +210 -130
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +20 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +33 -19
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +32 -18
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +88 -53
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +58 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +138 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +144 -118
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +529 -329
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +112 -91
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +425 -259
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +44 -26
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +212 -91
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +932 -266
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +18 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +33 -17
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +152 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +23 -10
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +47 -25
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +28 -14
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +53 -35
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +108 -0
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +52 -36
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +133 -85
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -39
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +325 -107
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +71 -54
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +244 -144
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +20 -7
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +36 -20
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +97 -69
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +400 -226
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +99 -78
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +340 -213
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +61 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +199 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +27 -11
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +86 -49
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +82 -62
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +294 -185
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +93 -60
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +349 -181
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +127 -100
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +307 -185
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +59 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +195 -88
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +648 -559
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2460 -1505
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +39 -20
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +127 -64
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +216 -0
- data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +870 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +44 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +82 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +49 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +95 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +28 -14
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +69 -40
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +52 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +119 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +62 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +203 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +47 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +89 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +69 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +184 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +32 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +42 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +71 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +192 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +54 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +126 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +18 -5
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +37 -23
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +46 -29
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +156 -92
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +52 -36
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +175 -107
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +63 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +165 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +27 -13
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +69 -41
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +272 -200
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1095 -552
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +10 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +7 -4
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +108 -52
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +448 -171
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +42 -27
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +115 -71
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +103 -83
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +341 -213
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +62 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +146 -0
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +16 -3
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +29 -15
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +92 -73
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +335 -218
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +32 -18
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +87 -54
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +85 -40
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +303 -104
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +101 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +76 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +228 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +74 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +202 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +29 -14
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +81 -46
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +42 -26
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +33 -19
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +20 -7
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +33 -19
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +37 -21
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +105 -61
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +32 -18
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +79 -52
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +27 -13
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +70 -43
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +38 -23
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +94 -58
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +51 -32
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +206 -124
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +54 -37
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +191 -115
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +66 -0
- data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +183 -0
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +10 -1
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +4 -1
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +42 -0
- data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +136 -0
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +24 -10
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +65 -34
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +31 -16
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +100 -52
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +26 -0
- data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +41 -0
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -7
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +39 -19
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +51 -0
- data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +114 -0
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +23 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +9 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +151 -126
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +439 -281
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +153 -127
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +483 -298
- data/src/core/ext/upb-generated/google/api/http.upb.c +44 -29
- data/src/core/ext/upb-generated/google/api/http.upb.h +137 -89
- data/src/core/ext/upb-generated/google/api/httpbody.upb.c +46 -0
- data/src/core/ext/upb-generated/google/api/httpbody.upb.h +99 -0
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -6
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +40 -22
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +367 -277
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1252 -764
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -6
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +36 -18
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +16 -3
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +29 -15
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +48 -32
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +100 -64
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -6
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +36 -18
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +58 -37
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +269 -149
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -9
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +44 -26
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +84 -0
- data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +276 -0
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +33 -19
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +68 -42
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +132 -108
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +458 -285
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +27 -13
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +72 -39
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +23 -9
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +64 -35
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +82 -62
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +321 -197
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +70 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +175 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +76 -14
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +132 -63
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +32 -8
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +41 -18
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +22 -1
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +9 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +32 -6
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +41 -18
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +31 -5
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +40 -19
- data/src/core/ext/upb-generated/validate/validate.upb.c +396 -295
- data/src/core/ext/upb-generated/validate/validate.upb.h +1395 -768
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +110 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +191 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +55 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +87 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +38 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +38 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +105 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +230 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +53 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +81 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +19 -6
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +35 -19
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +32 -18
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +77 -46
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +27 -13
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +39 -25
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +46 -0
- data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +95 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +24 -11
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +47 -27
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +35 -21
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +87 -54
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +24 -11
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +51 -29
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +73 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +144 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +203 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +726 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +132 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +65 -0
- data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +173 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +46 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +95 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +84 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +127 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +16 -61
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +67 -67
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +43 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +142 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +22 -12
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +1 -1
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +10 -13
- data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +69 -98
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +46 -46
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +349 -339
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +57 -52
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +18 -24
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +488 -484
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +80 -70
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +16 -18
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +18 -20
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +206 -0
- data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +105 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +17 -32
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +22 -22
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +17 -19
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +224 -229
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +79 -64
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +23 -33
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +16 -16
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +17 -21
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +23 -51
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +43 -43
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +76 -89
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +25 -25
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +16 -19
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +267 -200
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +59 -34
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +14 -16
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +55 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +16 -18
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +40 -38
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +20 -28
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +13 -13
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +98 -83
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +23 -13
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +20 -30
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +16 -16
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +16 -18
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +157 -155
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +21 -16
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +147 -153
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +22 -22
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +88 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +40 -36
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +69 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +19 -35
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +25 -25
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +40 -47
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +30 -25
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +190 -0
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +79 -71
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +12 -7
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +717 -773
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +162 -157
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +54 -48
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +188 -0
- data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +54 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +57 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +17 -21
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +72 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +99 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +71 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +57 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +75 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +77 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +17 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +19 -29
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +16 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +27 -30
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +26 -24
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +455 -429
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +62 -52
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +1 -1
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +178 -138
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +26 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +21 -27
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +194 -200
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +19 -19
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +58 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +16 -18
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +19 -33
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +22 -22
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +18 -22
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +120 -97
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +18 -13
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +46 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +24 -27
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +17 -19
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +17 -19
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +17 -19
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +45 -48
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +17 -21
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +16 -21
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +18 -24
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +15 -29
- data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +22 -22
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +16 -26
- data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +16 -16
- data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +53 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +12 -10
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +1 -1
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +94 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +14 -19
- data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +13 -19
- data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +38 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +13 -16
- data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +57 -0
- data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +7 -7
- data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +1 -1
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +154 -0
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +95 -0
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +153 -0
- data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +100 -0
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +5 -14
- data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +39 -0
- data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +5 -10
- data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +107 -164
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +82 -82
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +5 -10
- data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +5 -10
- data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +5 -16
- data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +13 -13
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +5 -10
- data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +5 -26
- data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +28 -28
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +9 -14
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +10 -18
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +10 -10
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +24 -33
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +1 -1
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +10 -13
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +10 -14
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +189 -216
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +70 -70
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +47 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +35 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +30 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +18 -22
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +32 -38
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +20 -26
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +41 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +23 -27
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +39 -45
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +7 -7
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +25 -29
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +4 -4
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +126 -0
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +80 -0
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +40 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_factory.h +1 -1
- data/src/core/ext/xds/certificate_provider_registry.cc +3 -3
- data/src/core/ext/xds/certificate_provider_store.h +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +7 -7
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +4 -4
- data/src/core/ext/xds/upb_utils.h +67 -0
- data/src/core/ext/xds/xds_api.cc +232 -3313
- data/src/core/ext/xds/xds_api.h +70 -550
- data/src/core/ext/xds/xds_bootstrap.cc +315 -300
- data/src/core/ext/xds/xds_bootstrap.h +54 -33
- data/src/core/ext/xds/xds_certificate_provider.cc +7 -7
- data/src/core/ext/xds/xds_certificate_provider.h +6 -6
- data/src/core/ext/xds/xds_channel_args.h +5 -2
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +109 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.h +53 -0
- data/src/core/ext/xds/xds_client.cc +1093 -957
- data/src/core/ext/xds/xds_client.h +143 -168
- data/src/core/ext/xds/xds_client_stats.cc +31 -30
- data/src/core/ext/xds/xds_client_stats.h +15 -13
- data/src/core/ext/xds/xds_cluster.cc +453 -0
- data/src/core/ext/xds/xds_cluster.h +108 -0
- data/src/core/ext/xds/xds_common_types.cc +388 -0
- data/src/core/ext/xds/xds_common_types.h +95 -0
- data/src/core/ext/xds/xds_endpoint.cc +364 -0
- data/src/core/ext/xds/xds_endpoint.h +135 -0
- data/src/core/ext/xds/xds_http_fault_filter.cc +10 -9
- data/src/core/ext/xds/xds_http_fault_filter.h +6 -5
- data/src/core/ext/xds/xds_http_filters.cc +15 -7
- data/src/core/ext/xds/xds_http_filters.h +7 -4
- data/src/core/ext/xds/xds_http_rbac_filter.cc +563 -0
- data/src/core/ext/xds/xds_http_rbac_filter.h +54 -0
- data/src/core/ext/xds/xds_listener.cc +1039 -0
- data/src/core/ext/xds/xds_listener.h +220 -0
- data/src/core/{lib/transport/authority_override.cc → ext/xds/xds_resource_type.cc} +10 -17
- data/src/core/ext/xds/xds_resource_type.h +98 -0
- data/src/core/ext/xds/xds_resource_type_impl.h +87 -0
- data/src/core/ext/xds/xds_route_config.cc +985 -0
- data/src/core/ext/xds/xds_route_config.h +215 -0
- data/src/core/ext/xds/xds_routing.cc +250 -0
- data/src/core/ext/xds/xds_routing.h +101 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +1083 -296
- data/src/core/lib/{iomgr → address_utils}/parse_address.cc +43 -25
- data/src/core/lib/{iomgr → address_utils}/parse_address.h +12 -7
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +34 -41
- data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +5 -15
- data/src/core/lib/avl/avl.h +389 -88
- data/src/core/lib/backoff/backoff.cc +9 -38
- data/src/core/lib/backoff/backoff.h +11 -11
- data/src/core/lib/channel/call_finalization.h +86 -0
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_args.cc +87 -9
- data/src/core/lib/channel/channel_args.h +13 -1
- data/src/core/lib/channel/channel_args_preconditioning.cc +48 -0
- data/src/core/lib/channel/channel_args_preconditioning.h +62 -0
- data/src/core/lib/channel/channel_stack.cc +25 -15
- data/src/core/lib/channel/channel_stack.h +53 -16
- data/src/core/lib/channel/channel_stack_builder.cc +68 -262
- data/src/core/lib/channel/channel_stack_builder.h +95 -155
- data/src/core/lib/channel/channel_trace.cc +8 -10
- data/src/core/lib/channel/channel_trace.h +2 -1
- data/src/core/lib/channel/channelz.cc +65 -52
- data/src/core/lib/channel/channelz.h +32 -29
- data/src/core/lib/channel/channelz_registry.cc +8 -7
- data/src/core/lib/channel/channelz_registry.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +14 -10
- data/src/core/lib/channel/connected_channel.h +1 -2
- data/src/core/lib/channel/context.h +14 -0
- data/src/core/lib/channel/handshaker.cc +10 -8
- data/src/core/lib/channel/handshaker.h +7 -8
- data/src/core/lib/channel/handshaker_factory.h +10 -2
- data/src/core/lib/channel/handshaker_registry.cc +15 -70
- data/src/core/lib/channel/handshaker_registry.h +29 -12
- data/src/core/lib/channel/promise_based_filter.cc +669 -0
- data/src/core/lib/channel/promise_based_filter.h +423 -0
- data/src/core/lib/channel/status_util.h +6 -2
- data/src/core/lib/compression/compression.cc +22 -114
- data/src/core/lib/compression/compression_internal.cc +145 -207
- data/src/core/lib/compression/compression_internal.h +64 -69
- data/src/core/lib/compression/message_compress.cc +13 -13
- data/src/core/lib/compression/message_compress.h +2 -2
- data/src/core/lib/config/core_configuration.cc +104 -0
- data/src/core/lib/config/core_configuration.h +196 -0
- data/src/core/lib/debug/stats.cc +1 -1
- data/src/core/lib/debug/stats.h +2 -1
- data/src/core/lib/debug/stats_data.cc +15 -14
- data/src/core/lib/debug/stats_data.h +1 -0
- data/src/core/lib/debug/trace.cc +1 -0
- data/src/core/lib/debug/trace.h +4 -3
- data/src/core/lib/event_engine/channel_args_endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/channel_args_endpoint_config.h +42 -0
- data/src/core/lib/event_engine/default_event_engine_factory.cc +27 -0
- data/src/core/lib/event_engine/event_engine.cc +52 -0
- data/src/core/lib/event_engine/event_engine_factory.h +36 -0
- data/src/core/lib/event_engine/memory_allocator.cc +66 -0
- data/src/core/lib/event_engine/resolved_address.cc +39 -0
- data/src/core/lib/event_engine/sockaddr.cc +40 -0
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/alloc.cc +4 -3
- data/src/core/lib/gpr/atm.cc +1 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env_linux.cc +1 -2
- data/src/core/lib/gpr/env_posix.cc +2 -3
- data/src/core/lib/gpr/log.cc +3 -3
- data/src/core/lib/gpr/log_android.cc +3 -2
- data/src/core/lib/gpr/log_linux.cc +7 -4
- data/src/core/lib/gpr/log_posix.cc +6 -3
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/string.cc +2 -2
- data/src/core/lib/gpr/string.h +2 -2
- data/src/core/lib/gpr/sync.cc +2 -2
- data/src/core/lib/gpr/sync_abseil.cc +7 -6
- data/src/core/lib/gpr/sync_posix.cc +4 -3
- data/src/core/lib/gpr/time.cc +5 -3
- data/src/core/lib/gpr/time_windows.cc +3 -2
- data/src/core/lib/gpr/tls.h +125 -40
- data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
- data/src/core/lib/gpr/useful.h +97 -32
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/atomic_utils.h +47 -0
- data/src/core/lib/gprpp/bitset.h +195 -0
- data/src/core/lib/gprpp/capture.h +76 -0
- data/src/core/lib/gprpp/chunked_vector.h +253 -0
- data/src/core/lib/gprpp/construct_destruct.h +39 -0
- data/src/core/lib/gprpp/cpp_impl_of.h +45 -0
- data/src/core/lib/gprpp/debug_location.h +2 -0
- data/src/core/lib/gprpp/dual_ref_counted.h +25 -26
- data/src/core/lib/gprpp/fork.cc +14 -12
- data/src/core/lib/gprpp/fork.h +4 -4
- data/src/core/lib/gprpp/global_config.h +1 -2
- data/src/core/lib/gprpp/global_config_env.cc +14 -14
- data/src/core/lib/gprpp/global_config_env.h +2 -2
- data/src/core/lib/gprpp/global_config_generic.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +11 -9
- data/src/core/lib/gprpp/memory.h +9 -3
- data/src/core/lib/gprpp/mpscq.cc +7 -7
- data/src/core/lib/gprpp/mpscq.h +6 -5
- data/src/core/lib/gprpp/orphanable.h +7 -7
- data/src/core/lib/gprpp/ref_counted.h +47 -33
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -4
- data/src/core/lib/gprpp/status_helper.cc +419 -0
- data/src/core/lib/gprpp/status_helper.h +181 -0
- data/src/core/lib/gprpp/sync.h +5 -31
- data/src/core/lib/gprpp/table.h +434 -0
- data/src/core/lib/gprpp/thd_posix.cc +5 -5
- data/src/core/lib/gprpp/thd_windows.cc +4 -11
- data/src/core/lib/gprpp/time.cc +186 -0
- data/src/core/lib/gprpp/time.h +292 -0
- data/src/core/lib/gprpp/time_util.cc +2 -2
- data/src/core/lib/gprpp/time_util.h +2 -2
- data/src/core/lib/http/format_request.cc +28 -23
- data/src/core/lib/http/format_request.h +8 -6
- data/src/core/lib/http/httpcli.cc +299 -209
- data/src/core/lib/http/httpcli.h +183 -85
- data/src/core/lib/http/httpcli_security_connector.cc +71 -81
- data/src/core/lib/http/httpcli_ssl_credentials.h +37 -0
- data/src/core/lib/http/parser.cc +18 -18
- data/src/core/lib/http/parser.h +6 -5
- data/src/core/lib/iomgr/buffer_list.cc +16 -17
- data/src/core/lib/iomgr/buffer_list.h +22 -24
- data/src/core/lib/iomgr/call_combiner.cc +55 -23
- data/src/core/lib/iomgr/call_combiner.h +12 -14
- data/src/core/lib/iomgr/cfstream_handle.cc +4 -4
- data/src/core/lib/iomgr/cfstream_handle.h +1 -1
- data/src/core/lib/iomgr/closure.h +33 -12
- data/src/core/lib/iomgr/combiner.cc +46 -36
- data/src/core/lib/iomgr/combiner.h +3 -2
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +1 -5
- data/src/core/lib/iomgr/endpoint.h +3 -6
- data/src/core/lib/iomgr/endpoint_cfstream.cc +25 -54
- data/src/core/lib/iomgr/endpoint_cfstream.h +4 -4
- data/src/core/lib/iomgr/endpoint_pair.h +1 -0
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +32 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +11 -9
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +5 -6
- data/src/core/lib/iomgr/error.cc +270 -99
- data/src/core/lib/iomgr/error.h +277 -113
- data/src/core/lib/iomgr/error_cfstream.cc +10 -4
- data/src/core/lib/iomgr/error_cfstream.h +2 -2
- data/src/core/lib/iomgr/error_internal.h +6 -1
- data/src/core/lib/iomgr/ev_apple.cc +10 -9
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +42 -48
- data/src/core/lib/iomgr/ev_epollex_linux.cc +80 -81
- data/src/core/lib/iomgr/ev_poll_posix.cc +73 -73
- data/src/core/lib/iomgr/ev_posix.cc +12 -12
- data/src/core/lib/iomgr/ev_posix.h +9 -9
- data/src/core/lib/iomgr/event_engine/closure.cc +77 -0
- data/src/core/lib/iomgr/event_engine/closure.h +42 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +172 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +52 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +85 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +47 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +37 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +133 -0
- data/src/core/lib/iomgr/event_engine/resolver.h +56 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +296 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +62 -0
- data/src/core/lib/iomgr/exec_ctx.cc +29 -102
- data/src/core/lib/iomgr/exec_ctx.h +32 -57
- data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
- data/src/core/lib/iomgr/executor/mpmcqueue.h +7 -11
- data/src/core/lib/iomgr/executor/threadpool.cc +4 -5
- data/src/core/lib/iomgr/executor/threadpool.h +4 -3
- data/src/core/lib/iomgr/executor.cc +37 -46
- data/src/core/lib/iomgr/executor.h +3 -3
- data/src/core/lib/iomgr/fork_posix.cc +3 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
- data/src/core/lib/iomgr/iocp_windows.cc +10 -9
- data/src/core/lib/iomgr/iocp_windows.h +1 -1
- data/src/core/lib/iomgr/iomgr.cc +5 -3
- data/src/core/lib/iomgr/iomgr.h +3 -3
- data/src/core/lib/iomgr/iomgr_internal.cc +8 -12
- data/src/core/lib/iomgr/iomgr_internal.h +6 -5
- data/src/core/lib/iomgr/iomgr_posix.cc +5 -3
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +44 -14
- data/src/core/lib/iomgr/iomgr_windows.cc +4 -5
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
- data/src/core/lib/iomgr/load_file.cc +6 -6
- data/src/core/lib/iomgr/load_file.h +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +23 -5
- data/src/core/lib/iomgr/lockfree_event.h +1 -1
- data/src/core/lib/iomgr/polling_entity.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.h +6 -0
- data/src/core/lib/iomgr/pollset.cc +5 -5
- data/src/core/lib/iomgr/pollset.h +9 -9
- data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
- data/src/core/lib/iomgr/pollset_windows.cc +6 -6
- data/src/core/lib/iomgr/port.h +8 -14
- data/src/core/lib/iomgr/python_util.h +3 -2
- data/src/core/lib/iomgr/resolve_address.cc +10 -24
- data/src/core/lib/iomgr/resolve_address.h +48 -43
- data/src/core/lib/iomgr/resolve_address_impl.h +59 -0
- data/src/core/lib/iomgr/resolve_address_posix.cc +91 -79
- data/src/core/lib/iomgr/resolve_address_posix.h +47 -0
- data/src/core/lib/iomgr/resolve_address_windows.cc +102 -85
- data/src/core/lib/iomgr/resolve_address_windows.h +47 -0
- data/src/core/lib/iomgr/resolved_address.h +39 -0
- data/src/core/lib/iomgr/sockaddr.h +2 -1
- data/src/core/lib/iomgr/{socket_utils_uv.cc → sockaddr_utils_posix.cc} +21 -8
- data/src/core/lib/iomgr/socket_factory_posix.cc +5 -5
- data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +17 -4
- data/src/core/lib/iomgr/socket_mutator.h +27 -3
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +28 -44
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +22 -22
- data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client.cc +1 -1
- data/src/core/lib/iomgr/tcp_client.h +5 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +12 -28
- data/src/core/lib/iomgr/tcp_client_posix.cc +38 -45
- data/src/core/lib/iomgr/tcp_client_posix.h +7 -6
- data/src/core/lib/iomgr/tcp_client_windows.cc +15 -15
- data/src/core/lib/iomgr/tcp_posix.cc +129 -159
- data/src/core/lib/iomgr/tcp_posix.h +17 -12
- data/src/core/lib/iomgr/tcp_server.cc +6 -6
- data/src/core/lib/iomgr/tcp_server.h +16 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +44 -34
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +34 -29
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +23 -20
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -12
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +32 -35
- data/src/core/lib/iomgr/tcp_windows.cc +35 -52
- data/src/core/lib/iomgr/tcp_windows.h +3 -3
- data/src/core/lib/iomgr/timer.cc +3 -2
- data/src/core/lib/iomgr/timer.h +17 -8
- data/src/core/lib/iomgr/timer_generic.cc +116 -127
- data/src/core/lib/iomgr/timer_generic.h +1 -0
- data/src/core/lib/iomgr/timer_heap.cc +2 -3
- data/src/core/lib/iomgr/timer_manager.cc +16 -15
- data/src/core/lib/iomgr/unix_sockets_posix.cc +25 -39
- data/src/core/lib/iomgr/unix_sockets_posix.h +6 -10
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +12 -18
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +6 -7
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
- data/src/core/lib/iomgr/work_serializer.cc +120 -44
- data/src/core/lib/iomgr/work_serializer.h +33 -5
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_reader.cc +97 -58
- data/src/core/lib/json/json_util.cc +71 -3
- data/src/core/lib/json/json_util.h +66 -116
- data/src/core/lib/json/json_writer.cc +0 -3
- data/src/core/lib/matchers/matchers.cc +47 -59
- data/src/core/lib/matchers/matchers.h +30 -30
- data/src/core/lib/profiling/basic_timers.cc +8 -6
- data/src/core/lib/profiling/stap_timers.cc +2 -2
- data/src/core/lib/promise/activity.cc +121 -0
- data/src/core/lib/promise/activity.h +540 -0
- data/src/core/lib/promise/arena_promise.h +188 -0
- data/src/core/lib/promise/context.h +86 -0
- data/src/core/lib/promise/detail/basic_seq.h +496 -0
- data/src/core/lib/promise/detail/promise_factory.h +189 -0
- data/src/core/lib/promise/detail/promise_like.h +85 -0
- data/src/core/lib/promise/detail/status.h +49 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +48 -0
- data/src/core/lib/promise/loop.h +134 -0
- data/src/core/lib/promise/map.h +88 -0
- data/src/core/lib/promise/poll.h +66 -0
- data/src/core/lib/promise/promise.h +95 -0
- data/src/core/lib/promise/race.h +84 -0
- data/src/core/lib/promise/seq.h +89 -0
- data/src/core/lib/promise/sleep.cc +74 -0
- data/src/core/lib/promise/sleep.h +66 -0
- data/src/core/lib/promise/try_seq.h +157 -0
- data/src/core/{ext/filters/client_channel → lib/resolver}/resolver.cc +17 -25
- data/src/core/{ext/filters/client_channel → lib/resolver}/resolver.h +43 -44
- data/src/core/{ext/filters/client_channel → lib/resolver}/resolver_factory.h +32 -29
- data/src/core/lib/resolver/resolver_registry.cc +156 -0
- data/src/core/lib/resolver/resolver_registry.h +113 -0
- data/src/core/{ext/filters/client_channel → lib/resolver}/server_address.cc +2 -2
- data/src/core/{ext/filters/client_channel → lib/resolver}/server_address.h +5 -5
- data/src/core/lib/resource_quota/api.cc +108 -0
- data/src/core/lib/resource_quota/api.h +40 -0
- data/src/core/lib/{gprpp → resource_quota}/arena.cc +18 -14
- data/src/core/lib/{gprpp → resource_quota}/arena.h +37 -16
- data/src/core/lib/resource_quota/memory_quota.cc +478 -0
- data/src/core/lib/resource_quota/memory_quota.h +457 -0
- data/src/core/lib/resource_quota/resource_quota.cc +33 -0
- data/src/core/lib/resource_quota/resource_quota.h +58 -0
- data/src/core/lib/resource_quota/thread_quota.cc +43 -0
- data/src/core/lib/resource_quota/thread_quota.h +57 -0
- data/src/core/lib/resource_quota/trace.cc +19 -0
- data/src/core/lib/resource_quota/trace.h +24 -0
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +33 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +212 -0
- data/src/core/lib/security/authorization/evaluate_args.h +92 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +60 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.h +62 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +109 -0
- data/src/core/lib/security/authorization/grpc_server_authz_filter.h +51 -0
- data/src/core/lib/security/authorization/matchers.cc +227 -0
- data/src/core/lib/security/authorization/matchers.h +211 -0
- data/src/core/lib/security/authorization/rbac_policy.cc +442 -0
- data/src/core/lib/security/authorization/rbac_policy.h +171 -0
- data/src/core/lib/security/context/security_context.cc +15 -10
- data/src/core/lib/security/context/security_context.h +1 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +6 -0
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
- data/src/core/lib/security/credentials/call_creds_util.cc +87 -0
- data/src/core/lib/security/credentials/call_creds_util.h +42 -0
- data/src/core/lib/security/credentials/channel_creds_registry.h +97 -0
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +70 -0
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +21 -84
- data/src/core/lib/security/credentials/composite/composite_credentials.h +21 -9
- data/src/core/lib/security/credentials/credentials.cc +11 -10
- data/src/core/lib/security/credentials/credentials.h +75 -59
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +78 -72
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +15 -13
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +5 -4
- data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +127 -80
- data/src/core/lib/security/credentials/external/external_account_credentials.h +15 -17
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -5
- data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +43 -26
- data/src/core/lib/security/credentials/external/url_external_account_credentials.h +10 -7
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +18 -18
- data/src/core/lib/security/credentials/fake/fake_credentials.h +14 -16
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +85 -30
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +6 -0
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +21 -28
- data/src/core/lib/security/credentials/iam/iam_credentials.h +11 -9
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +13 -7
- data/src/core/lib/security/credentials/jwt/json_token.cc +7 -9
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +52 -51
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +23 -15
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +66 -59
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -4
- data/src/core/lib/security/credentials/local/local_credentials.h +6 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +166 -193
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +54 -34
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +97 -157
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +54 -27
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +5 -14
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +6 -4
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +11 -9
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +19 -15
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +80 -25
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +20 -12
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +201 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +106 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +35 -85
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +38 -85
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +21 -10
- data/src/core/lib/security/credentials/tls/tls_credentials.h +6 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +31 -36
- data/src/core/lib/security/credentials/xds/xds_credentials.h +6 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +22 -18
- data/src/core/lib/security/security_connector/alts/alts_security_connector.h +3 -3
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +24 -25
- data/src/core/lib/security/security_connector/fake/fake_security_connector.h +0 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +8 -18
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +21 -16
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +5 -6
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +32 -24
- data/src/core/lib/security/security_connector/security_connector.cc +8 -15
- data/src/core/lib/security/security_connector/security_connector.h +24 -24
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +24 -22
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
- data/src/core/lib/security/security_connector/ssl_utils.cc +67 -39
- data/src/core/lib/security/security_connector/ssl_utils.h +17 -21
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +409 -272
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +118 -79
- data/src/core/lib/security/transport/auth_filters.h +38 -4
- data/src/core/lib/security/transport/client_auth_filter.cc +88 -353
- data/src/core/lib/security/transport/secure_endpoint.cc +8 -18
- data/src/core/lib/security/transport/secure_endpoint.h +1 -0
- data/src/core/lib/security/transport/security_handshaker.cc +138 -90
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +58 -48
- data/src/core/lib/security/transport/tsi_error.cc +5 -6
- data/src/core/lib/security/transport/tsi_error.h +2 -1
- data/src/core/lib/security/util/json_util.cc +8 -10
- data/src/core/lib/security/util/json_util.h +1 -1
- data/src/core/lib/service_config/service_config.h +82 -0
- data/src/core/{ext/filters/client_channel → lib/service_config}/service_config_call_data.h +17 -31
- data/src/core/{ext/filters/client_channel/service_config.cc → lib/service_config/service_config_impl.cc} +31 -27
- data/src/core/{ext/filters/client_channel/service_config.h → lib/service_config/service_config_impl.h} +22 -23
- data/src/core/{ext/filters/client_channel → lib/service_config}/service_config_parser.cc +35 -31
- data/src/core/lib/service_config/service_config_parser.h +106 -0
- data/src/core/lib/slice/percent_encoding.cc +84 -97
- data/src/core/lib/slice/percent_encoding.h +23 -28
- data/src/core/lib/slice/slice.cc +81 -191
- data/src/core/lib/slice/slice.h +384 -0
- data/src/core/lib/{gpr/tls_pthread.cc → slice/slice_api.cc} +15 -6
- data/src/core/lib/slice/slice_buffer.cc +10 -7
- data/src/core/lib/slice/slice_internal.h +15 -276
- data/src/core/lib/slice/slice_refcount.cc +35 -0
- data/src/core/lib/slice/slice_refcount.h +46 -0
- data/src/core/lib/slice/slice_refcount_base.h +61 -0
- data/src/core/lib/slice/slice_split.cc +100 -0
- data/src/core/lib/slice/slice_split.h +40 -0
- data/src/core/lib/slice/slice_string_helpers.cc +0 -83
- data/src/core/lib/slice/slice_string_helpers.h +0 -11
- data/src/core/lib/surface/api_trace.cc +2 -1
- data/src/core/lib/surface/api_trace.h +1 -0
- data/src/core/lib/surface/builtins.cc +49 -0
- data/src/core/lib/surface/builtins.h +26 -0
- data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
- data/src/core/lib/surface/call.cc +316 -521
- data/src/core/lib/surface/call.h +14 -9
- data/src/core/lib/surface/call_details.cc +2 -2
- data/src/core/lib/surface/call_log_batch.cc +2 -2
- data/src/core/lib/surface/channel.cc +75 -107
- data/src/core/lib/surface/channel.h +17 -24
- data/src/core/lib/surface/channel_init.cc +23 -76
- data/src/core/lib/surface/channel_init.h +52 -44
- data/src/core/lib/surface/channel_ping.cc +2 -3
- data/src/core/lib/surface/channel_stack_type.cc +2 -1
- data/src/core/lib/surface/completion_queue.cc +136 -145
- data/src/core/lib/surface/completion_queue.h +3 -2
- data/src/core/lib/surface/completion_queue_factory.cc +3 -3
- data/src/core/lib/surface/completion_queue_factory.h +1 -0
- data/src/core/lib/surface/event_string.cc +1 -0
- data/src/core/lib/surface/init.cc +82 -60
- data/src/core/lib/surface/init.h +10 -4
- data/src/core/lib/surface/lame_client.cc +50 -35
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/metadata_array.cc +2 -2
- data/src/core/lib/surface/server.cc +100 -128
- data/src/core/lib/surface/server.h +58 -53
- data/src/core/lib/surface/validate_metadata.cc +55 -24
- data/src/core/lib/surface/validate_metadata.h +3 -2
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +11 -12
- data/src/core/lib/transport/bdp_estimator.h +2 -2
- data/src/core/lib/transport/byte_stream.cc +9 -5
- data/src/core/lib/transport/byte_stream.h +9 -8
- data/src/core/lib/transport/connectivity_state.cc +9 -6
- data/src/core/lib/transport/connectivity_state.h +2 -2
- data/src/core/lib/transport/error_utils.cc +68 -29
- data/src/core/lib/transport/error_utils.h +13 -6
- data/src/core/lib/transport/metadata_batch.h +1348 -163
- data/src/core/lib/transport/parsed_metadata.cc +37 -0
- data/src/core/lib/transport/parsed_metadata.h +401 -0
- data/src/core/lib/transport/pid_controller.cc +4 -4
- data/src/core/lib/transport/status_conversion.cc +2 -2
- data/src/core/lib/transport/status_conversion.h +1 -1
- data/src/core/lib/transport/timeout_encoding.cc +204 -67
- data/src/core/lib/transport/timeout_encoding.h +40 -10
- data/src/core/lib/transport/transport.cc +15 -35
- data/src/core/lib/transport/transport.h +94 -8
- data/src/core/lib/transport/transport_impl.h +13 -0
- data/src/core/lib/transport/transport_op_string.cc +13 -35
- data/src/core/lib/uri/uri_parser.cc +237 -63
- data/src/core/lib/uri/uri_parser.h +39 -23
- data/src/core/plugin_registry/grpc_plugin_registry.cc +75 -102
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +85 -0
- data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
- data/src/core/tsi/alts/crypt/gsec.h +5 -0
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +10 -11
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +36 -31
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +9 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +38 -19
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -2
- data/src/core/tsi/alts/handshaker/transport_security_common_api.h +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +2 -2
- data/src/core/tsi/fake_transport_security.cc +15 -7
- data/src/core/tsi/local_transport_security.cc +42 -87
- data/src/core/tsi/local_transport_security.h +1 -4
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +141 -0
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +81 -0
- data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -4
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -53
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +6 -7
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
- data/src/core/tsi/ssl_transport_security.cc +186 -38
- data/src/core/tsi/ssl_transport_security.h +45 -11
- data/src/core/tsi/transport_security.cc +15 -3
- data/src/core/tsi/transport_security.h +16 -1
- data/src/core/tsi/transport_security_grpc.h +1 -0
- data/src/core/tsi/transport_security_interface.h +26 -0
- data/src/ruby/bin/math_services_pb.rb +1 -1
- data/src/ruby/ext/grpc/extconf.rb +22 -10
- data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
- data/src/ruby/ext/grpc/rb_call.c +5 -5
- data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
- data/src/ruby/ext/grpc/rb_channel.c +15 -10
- data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
- data/src/ruby/ext/grpc/rb_channel_credentials.c +4 -4
- data/src/ruby/ext/grpc/rb_channel_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
- data/src/ruby/ext/grpc/rb_compression_options.c +5 -4
- data/src/ruby/ext/grpc/rb_event_thread.c +4 -4
- data/src/ruby/ext/grpc/rb_grpc.c +5 -4
- data/src/ruby/ext/grpc/rb_grpc.h +1 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +36 -34
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +56 -53
- data/src/ruby/ext/grpc/rb_server.c +13 -9
- data/src/ruby/ext/grpc/rb_server_credentials.c +3 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +8 -5
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +3 -1
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +6 -5
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +3 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +1 -0
- data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
- data/src/ruby/spec/client_server_spec.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/container.h +104 -94
- data/third_party/abseil-cpp/absl/base/attributes.h +88 -35
- data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
- data/third_party/abseil-cpp/absl/base/config.h +102 -44
- data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +25 -36
- data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
- data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
- data/third_party/abseil-cpp/absl/base/internal/fast_type_id.h +48 -0
- data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -6
- data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
- data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
- data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +13 -11
- data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +70 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +9 -6
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +58 -52
- data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +17 -3
- data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +4 -4
- data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
- data/third_party/abseil-cpp/absl/base/macros.h +11 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
- data/third_party/abseil-cpp/absl/base/options.h +1 -1
- data/third_party/abseil-cpp/absl/base/port.h +0 -1
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
- data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -7
- data/third_party/abseil-cpp/absl/container/inlined_vector.h +110 -100
- data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +17 -15
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +23 -103
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +39 -79
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +469 -429
- data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +3 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +21 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +374 -243
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +27 -13
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +12 -11
- data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +6 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +15 -17
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_emscripten-inl.inc +110 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +234 -0
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +25 -7
- data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +11 -7
- data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +21 -3
- data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +2 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize.cc +2 -0
- data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +16 -2
- data/third_party/abseil-cpp/absl/debugging/symbolize_emscripten.inc +72 -0
- data/third_party/abseil-cpp/absl/functional/function_ref.h +4 -1
- data/third_party/abseil-cpp/absl/hash/hash.h +22 -0
- data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
- data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
- data/third_party/abseil-cpp/absl/hash/internal/hash.cc +27 -13
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +145 -45
- data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +123 -0
- data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.h +50 -0
- data/third_party/abseil-cpp/absl/memory/memory.h +1 -1
- data/third_party/abseil-cpp/absl/meta/type_traits.h +47 -3
- data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
- data/third_party/abseil-cpp/absl/numeric/int128.cc +6 -13
- data/third_party/abseil-cpp/absl/numeric/int128.h +146 -73
- data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +19 -25
- data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +73 -70
- data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
- data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
- data/third_party/abseil-cpp/absl/{base → profiling}/internal/exponential_biased.cc +4 -4
- data/third_party/abseil-cpp/absl/{base → profiling}/internal/exponential_biased.h +6 -6
- data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +230 -0
- data/third_party/abseil-cpp/absl/random/bernoulli_distribution.h +200 -0
- data/third_party/abseil-cpp/absl/random/beta_distribution.h +427 -0
- data/third_party/abseil-cpp/absl/random/discrete_distribution.cc +98 -0
- data/third_party/abseil-cpp/absl/random/discrete_distribution.h +247 -0
- data/third_party/abseil-cpp/absl/random/distributions.h +452 -0
- data/third_party/abseil-cpp/absl/random/exponential_distribution.h +165 -0
- data/third_party/abseil-cpp/absl/random/gaussian_distribution.cc +104 -0
- data/third_party/abseil-cpp/absl/random/gaussian_distribution.h +275 -0
- data/third_party/abseil-cpp/absl/random/internal/distribution_caller.h +92 -0
- data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +268 -0
- data/third_party/abseil-cpp/absl/random/internal/fastmath.h +57 -0
- data/third_party/abseil-cpp/absl/random/internal/generate_real.h +144 -0
- data/third_party/abseil-cpp/absl/random/internal/iostream_state_saver.h +245 -0
- data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +150 -0
- data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +308 -0
- data/third_party/abseil-cpp/absl/random/internal/platform.h +171 -0
- data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +253 -0
- data/third_party/abseil-cpp/absl/random/internal/pool_urbg.h +131 -0
- data/third_party/abseil-cpp/absl/random/internal/randen.cc +91 -0
- data/third_party/abseil-cpp/absl/random/internal/randen.h +102 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_detect.cc +221 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_detect.h +33 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_engine.h +239 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.cc +526 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_hwaes.h +50 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_round_keys.cc +462 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_slow.cc +471 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_slow.h +40 -0
- data/third_party/abseil-cpp/absl/random/internal/randen_traits.h +88 -0
- data/third_party/abseil-cpp/absl/random/internal/salted_seed_seq.h +167 -0
- data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +267 -0
- data/third_party/abseil-cpp/absl/random/internal/seed_material.h +104 -0
- data/third_party/abseil-cpp/absl/random/internal/traits.h +101 -0
- data/third_party/abseil-cpp/absl/random/internal/uniform_helper.h +244 -0
- data/third_party/abseil-cpp/absl/random/internal/wide_multiply.h +111 -0
- data/third_party/abseil-cpp/absl/random/log_uniform_int_distribution.h +257 -0
- data/third_party/abseil-cpp/absl/random/poisson_distribution.h +258 -0
- data/third_party/abseil-cpp/absl/random/random.h +189 -0
- data/third_party/abseil-cpp/absl/random/seed_gen_exception.cc +46 -0
- data/third_party/abseil-cpp/absl/random/seed_gen_exception.h +55 -0
- data/third_party/abseil-cpp/absl/random/seed_sequences.cc +29 -0
- data/third_party/abseil-cpp/absl/random/seed_sequences.h +110 -0
- data/third_party/abseil-cpp/absl/random/uniform_int_distribution.h +275 -0
- data/third_party/abseil-cpp/absl/random/uniform_real_distribution.h +202 -0
- data/third_party/abseil-cpp/absl/random/zipf_distribution.h +271 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
- data/third_party/abseil-cpp/absl/status/status.cc +27 -28
- data/third_party/abseil-cpp/absl/status/status.h +98 -33
- data/third_party/abseil-cpp/absl/status/statusor.cc +34 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +34 -24
- data/third_party/abseil-cpp/absl/strings/charconv.cc +8 -8
- data/third_party/abseil-cpp/absl/strings/charconv.h +3 -2
- data/third_party/abseil-cpp/absl/strings/cord.cc +619 -570
- data/third_party/abseil-cpp/absl/strings/cord.h +346 -101
- data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +7 -7
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +89 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +478 -31
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +1128 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +939 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +185 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.h +265 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.cc +68 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_reader.h +211 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.cc +129 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_consume.h +50 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +771 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +607 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +118 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.cc +96 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +85 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.cc +139 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +131 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +445 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +298 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +87 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_update_scope.h +71 -0
- data/third_party/abseil-cpp/absl/strings/internal/cordz_update_tracker.h +121 -0
- data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +48 -2
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +22 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +18 -5
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +20 -5
- data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +6 -6
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
- data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +76 -73
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +38 -16
- data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +49 -74
- data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
- data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
- data/third_party/abseil-cpp/absl/strings/match.h +16 -6
- data/third_party/abseil-cpp/absl/strings/numbers.cc +133 -5
- data/third_party/abseil-cpp/absl/strings/numbers.h +44 -10
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
- data/third_party/abseil-cpp/absl/strings/str_format.h +1 -2
- data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
- data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
- data/third_party/abseil-cpp/absl/strings/string_view.cc +16 -21
- data/third_party/abseil-cpp/absl/strings/string_view.h +120 -39
- data/third_party/abseil-cpp/absl/strings/substitute.cc +2 -1
- data/third_party/abseil-cpp/absl/strings/substitute.h +99 -74
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +25 -15
- data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +5 -3
- data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +2 -66
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +82 -65
- data/third_party/abseil-cpp/absl/time/civil_time.cc +1 -3
- data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
- data/third_party/abseil-cpp/absl/time/clock.h +2 -2
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +93 -20
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +2 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +83 -21
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +49 -0
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +5 -5
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -3
- data/third_party/abseil-cpp/absl/time/time.cc +4 -3
- data/third_party/abseil-cpp/absl/time/time.h +93 -60
- data/third_party/abseil-cpp/absl/types/bad_optional_access.h +1 -1
- data/third_party/abseil-cpp/absl/types/bad_variant_access.h +2 -2
- data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
- data/third_party/abseil-cpp/absl/types/span.h +3 -3
- data/third_party/abseil-cpp/absl/types/variant.h +9 -4
- data/third_party/address_sorting/address_sorting_posix.c +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +696 -662
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +67 -54
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +22 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +64 -44
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +269 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -40
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +60 -49
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +24 -28
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_locl.h → internal.h} +91 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +57 -281
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +292 -200
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +8 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +24 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +49 -65
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +21 -0
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +26 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +23 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +35 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +105 -95
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +56 -72
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +56 -73
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +6 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +2 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +30 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +50 -33
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +21 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +93 -107
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +91 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +50 -86
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +397 -311
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +125 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +46 -9
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +10 -6
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +38 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +156 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +96 -49
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +59 -22
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +2 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +351 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +15 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +24 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +25 -69
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +54 -74
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +32 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -19
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +23 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +239 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +5 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +24 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +18 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +23 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +80 -38
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +1517 -495
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +5 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +57 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +10 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +21 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +4 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +27 -41
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +12 -27
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +41 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +55 -104
- data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +350 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +42 -18
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +15 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +7 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +128 -91
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +37 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +386 -104
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +41 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1160 -331
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -679
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +54 -17
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +16 -18
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1084 -0
- data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +660 -747
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +90 -43
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +307 -201
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +173 -36
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +474 -156
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +34 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +56 -110
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +129 -96
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +10 -15
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +11 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +79 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +235 -178
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +146 -110
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +241 -132
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
- data/third_party/cares/cares/{ares.h → include/ares.h} +73 -1
- data/third_party/cares/cares/{ares_dns.h → include/ares_dns.h} +9 -0
- data/third_party/cares/cares/{ares_rules.h → include/ares_rules.h} +0 -0
- data/third_party/cares/cares/{ares_version.h → include/ares_version.h} +3 -3
- data/third_party/cares/cares/{ares__close_sockets.c → src/lib/ares__close_sockets.c} +2 -2
- data/third_party/cares/cares/{ares__get_hostent.c → src/lib/ares__get_hostent.c} +1 -2
- data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +260 -0
- data/third_party/cares/cares/{ares__read_line.c → src/lib/ares__read_line.c} +0 -0
- data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +264 -0
- data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +499 -0
- data/third_party/cares/cares/{ares__timeval.c → src/lib/ares__timeval.c} +0 -0
- data/third_party/cares/cares/src/lib/ares_android.c +444 -0
- data/third_party/cares/cares/src/lib/ares_android.h +27 -0
- data/third_party/cares/cares/{ares_cancel.c → src/lib/ares_cancel.c} +0 -0
- data/third_party/cares/cares/{ares_create_query.c → src/lib/ares_create_query.c} +8 -17
- data/third_party/cares/cares/{ares_data.c → src/lib/ares_data.c} +18 -0
- data/third_party/cares/cares/{ares_data.h → src/lib/ares_data.h} +2 -0
- data/third_party/cares/cares/{ares_destroy.c → src/lib/ares_destroy.c} +0 -0
- data/third_party/cares/cares/{ares_expand_name.c → src/lib/ares_expand_name.c} +114 -23
- data/third_party/cares/cares/{ares_expand_string.c → src/lib/ares_expand_string.c} +2 -5
- data/third_party/cares/cares/{ares_fds.c → src/lib/ares_fds.c} +0 -0
- data/third_party/cares/cares/{ares_free_hostent.c → src/lib/ares_free_hostent.c} +6 -4
- data/third_party/cares/cares/{ares_free_string.c → src/lib/ares_free_string.c} +0 -0
- data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +59 -0
- data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +772 -0
- data/third_party/cares/cares/{ares_getenv.c → src/lib/ares_getenv.c} +0 -2
- data/third_party/cares/cares/{ares_getenv.h → src/lib/ares_getenv.h} +0 -0
- data/third_party/cares/cares/{ares_gethostbyaddr.c → src/lib/ares_gethostbyaddr.c} +2 -9
- data/third_party/cares/cares/{ares_gethostbyname.c → src/lib/ares_gethostbyname.c} +25 -20
- data/third_party/cares/cares/{ares_getnameinfo.c → src/lib/ares_getnameinfo.c} +4 -10
- data/third_party/cares/cares/{ares_getsock.c → src/lib/ares_getsock.c} +0 -0
- data/third_party/cares/cares/{ares_inet_net_pton.h → src/lib/ares_inet_net_pton.h} +0 -0
- data/third_party/cares/cares/{ares_init.c → src/lib/ares_init.c} +79 -40
- data/third_party/cares/cares/{ares_iphlpapi.h → src/lib/ares_iphlpapi.h} +0 -0
- data/third_party/cares/cares/{ares_ipv6.h → src/lib/ares_ipv6.h} +7 -0
- data/third_party/cares/cares/{ares_library_init.c → src/lib/ares_library_init.c} +7 -2
- data/third_party/cares/cares/{ares_library_init.h → src/lib/ares_library_init.h} +1 -1
- data/third_party/cares/cares/{ares_llist.c → src/lib/ares_llist.c} +0 -0
- data/third_party/cares/cares/{ares_llist.h → src/lib/ares_llist.h} +0 -0
- data/third_party/cares/cares/{ares_mkquery.c → src/lib/ares_mkquery.c} +0 -0
- data/third_party/cares/cares/src/lib/ares_nameser.h +482 -0
- data/third_party/cares/cares/{ares_nowarn.c → src/lib/ares_nowarn.c} +0 -0
- data/third_party/cares/cares/{ares_nowarn.h → src/lib/ares_nowarn.h} +0 -0
- data/third_party/cares/cares/{ares_options.c → src/lib/ares_options.c} +0 -0
- data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +209 -0
- data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +212 -0
- data/third_party/cares/cares/src/lib/ares_parse_caa_reply.c +199 -0
- data/third_party/cares/cares/{ares_parse_mx_reply.c → src/lib/ares_parse_mx_reply.c} +2 -8
- data/third_party/cares/cares/{ares_parse_naptr_reply.c → src/lib/ares_parse_naptr_reply.c} +2 -13
- data/third_party/cares/cares/{ares_parse_ns_reply.c → src/lib/ares_parse_ns_reply.c} +5 -11
- data/third_party/cares/cares/{ares_parse_ptr_reply.c → src/lib/ares_parse_ptr_reply.c} +53 -46
- data/third_party/cares/cares/src/lib/ares_parse_soa_reply.c +179 -0
- data/third_party/cares/cares/{ares_parse_srv_reply.c → src/lib/ares_parse_srv_reply.c} +2 -13
- data/third_party/cares/cares/{ares_parse_txt_reply.c → src/lib/ares_parse_txt_reply.c} +3 -9
- data/third_party/cares/cares/{ares_platform.c → src/lib/ares_platform.c} +0 -0
- data/third_party/cares/cares/{ares_platform.h → src/lib/ares_platform.h} +0 -0
- data/third_party/cares/cares/{ares_private.h → src/lib/ares_private.h} +52 -11
- data/third_party/cares/cares/{ares_process.c → src/lib/ares_process.c} +127 -52
- data/third_party/cares/cares/{ares_query.c → src/lib/ares_query.c} +3 -9
- data/third_party/cares/cares/{ares_search.c → src/lib/ares_search.c} +5 -7
- data/third_party/cares/cares/{ares_send.c → src/lib/ares_send.c} +2 -8
- data/third_party/cares/cares/{ares_setup.h → src/lib/ares_setup.h} +4 -1
- data/third_party/cares/cares/{ares_strcasecmp.c → src/lib/ares_strcasecmp.c} +0 -0
- data/third_party/cares/cares/{ares_strcasecmp.h → src/lib/ares_strcasecmp.h} +0 -0
- data/third_party/cares/cares/{ares_strdup.c → src/lib/ares_strdup.c} +0 -0
- data/third_party/cares/cares/{ares_strdup.h → src/lib/ares_strdup.h} +0 -0
- data/third_party/cares/cares/{ares_strerror.c → src/lib/ares_strerror.c} +0 -0
- data/third_party/cares/cares/{ares_strsplit.c → src/lib/ares_strsplit.c} +4 -0
- data/third_party/cares/cares/{ares_strsplit.h → src/lib/ares_strsplit.h} +0 -0
- data/third_party/cares/cares/{ares_timeout.c → src/lib/ares_timeout.c} +0 -0
- data/third_party/cares/cares/{ares_version.c → src/lib/ares_version.c} +0 -0
- data/third_party/cares/cares/{ares_writev.c → src/lib/ares_writev.c} +0 -0
- data/third_party/cares/cares/src/lib/ares_writev.h +36 -0
- data/third_party/cares/cares/{bitncmp.c → src/lib/bitncmp.c} +0 -0
- data/third_party/cares/cares/{bitncmp.h → src/lib/bitncmp.h} +0 -0
- data/third_party/cares/cares/src/lib/config-dos.h +115 -0
- data/third_party/cares/cares/{config-win32.h → src/lib/config-win32.h} +0 -0
- data/third_party/cares/cares/{inet_net_pton.c → src/lib/inet_net_pton.c} +2 -8
- data/third_party/cares/cares/{inet_ntop.c → src/lib/inet_ntop.c} +2 -8
- data/third_party/cares/cares/{setup_once.h → src/lib/setup_once.h} +0 -0
- data/third_party/cares/cares/{windows_port.c → src/lib/windows_port.c} +0 -0
- data/third_party/re2/re2/compile.cc +91 -109
- data/third_party/re2/re2/dfa.cc +27 -39
- data/third_party/re2/re2/filtered_re2.cc +18 -2
- data/third_party/re2/re2/filtered_re2.h +10 -5
- data/third_party/re2/re2/nfa.cc +1 -1
- data/third_party/re2/re2/parse.cc +42 -23
- data/third_party/re2/re2/perl_groups.cc +34 -34
- data/third_party/re2/re2/prefilter.cc +3 -2
- data/third_party/re2/re2/prog.cc +182 -4
- data/third_party/re2/re2/prog.h +28 -9
- data/third_party/re2/re2/re2.cc +87 -118
- data/third_party/re2/re2/re2.h +156 -141
- data/third_party/re2/re2/regexp.cc +12 -5
- data/third_party/re2/re2/regexp.h +8 -2
- data/third_party/re2/re2/set.cc +31 -9
- data/third_party/re2/re2/set.h +9 -4
- data/third_party/re2/re2/simplify.cc +11 -3
- data/third_party/re2/re2/tostring.cc +1 -1
- data/third_party/re2/re2/walker-inl.h +1 -1
- data/third_party/re2/util/mutex.h +2 -2
- data/third_party/re2/util/pcre.h +3 -3
- data/third_party/upb/third_party/utf8_range/naive.c +92 -0
- data/third_party/upb/third_party/utf8_range/range2-neon.c +157 -0
- data/third_party/upb/third_party/utf8_range/range2-sse.c +170 -0
- data/third_party/upb/third_party/utf8_range/utf8_range.h +9 -0
- data/third_party/upb/upb/decode.c +758 -351
- data/third_party/upb/upb/decode.h +66 -12
- data/third_party/upb/upb/decode_fast.c +596 -581
- data/third_party/upb/upb/decode_fast.h +40 -13
- data/third_party/upb/upb/decode_internal.h +211 -0
- data/third_party/upb/upb/def.c +2089 -1069
- data/third_party/upb/upb/def.h +341 -256
- data/third_party/upb/upb/def.hpp +160 -161
- data/third_party/upb/upb/encode.c +285 -165
- data/third_party/upb/upb/encode.h +38 -13
- data/third_party/upb/upb/msg.c +276 -102
- data/third_party/upb/upb/msg.h +84 -582
- data/third_party/upb/upb/msg_internal.h +818 -0
- data/third_party/upb/upb/port_def.inc +85 -24
- data/third_party/upb/upb/port_undef.inc +38 -1
- data/third_party/upb/upb/reflection.c +312 -240
- data/third_party/upb/upb/reflection.h +119 -67
- data/third_party/upb/upb/reflection.hpp +37 -0
- data/third_party/upb/upb/table.c +398 -193
- data/third_party/upb/upb/table_internal.h +383 -0
- data/third_party/upb/upb/text_encode.c +141 -90
- data/third_party/upb/upb/text_encode.h +31 -5
- data/third_party/upb/upb/upb.c +164 -66
- data/third_party/upb/upb/upb.h +145 -139
- data/third_party/upb/upb/upb.hpp +50 -23
- data/third_party/upb/upb/upb_internal.h +68 -0
- data/third_party/xxhash/xxhash.h +679 -542
- metadata +597 -254
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +0 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +0 -84
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
- data/src/core/ext/filters/client_channel/resolver_registry.cc +0 -197
- data/src/core/ext/filters/client_channel/resolver_registry.h +0 -89
- data/src/core/ext/filters/client_channel/service_config_parser.h +0 -92
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -210
- data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
- data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
- data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
- data/src/core/ext/transport/chttp2/client/authority.h +0 -36
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +0 -125
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +0 -90
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +0 -213
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -55
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +0 -76
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +0 -130
- data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +0 -37
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -242
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +0 -27
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +0 -56
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -27
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +0 -56
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -27
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +0 -56
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -27
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +0 -56
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +0 -27
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +0 -56
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -124
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +0 -33
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +0 -77
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +0 -72
- data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +0 -73
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +0 -72
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +0 -80
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +0 -74
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +0 -44
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +0 -35
- data/src/core/lib/avl/avl.cc +0 -306
- data/src/core/lib/compression/algorithm_metadata.h +0 -61
- data/src/core/lib/compression/compression_args.cc +0 -135
- data/src/core/lib/compression/compression_args.h +0 -56
- data/src/core/lib/compression/stream_compression.cc +0 -80
- data/src/core/lib/compression/stream_compression.h +0 -116
- data/src/core/lib/compression/stream_compression_gzip.cc +0 -230
- data/src/core/lib/compression/stream_compression_gzip.h +0 -28
- data/src/core/lib/compression/stream_compression_identity.cc +0 -90
- data/src/core/lib/compression/stream_compression_identity.h +0 -29
- data/src/core/lib/gpr/arena.h +0 -47
- data/src/core/lib/gpr/tls_gcc.h +0 -52
- data/src/core/lib/gpr/tls_msvc.h +0 -54
- data/src/core/lib/gpr/tls_pthread.h +0 -56
- data/src/core/lib/gpr/tls_stdcpp.h +0 -48
- data/src/core/lib/gprpp/atomic.h +0 -104
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
- data/src/core/lib/iomgr/iomgr_custom.cc +0 -79
- data/src/core/lib/iomgr/iomgr_custom.h +0 -49
- data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
- data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
- data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
- data/src/core/lib/iomgr/pollset_custom.cc +0 -106
- data/src/core/lib/iomgr/pollset_custom.h +0 -35
- data/src/core/lib/iomgr/pollset_set_custom.cc +0 -48
- data/src/core/lib/iomgr/pollset_set_custom.h +0 -26
- data/src/core/lib/iomgr/pollset_uv.cc +0 -93
- data/src/core/lib/iomgr/pollset_uv.h +0 -32
- data/src/core/lib/iomgr/resolve_address_custom.cc +0 -168
- data/src/core/lib/iomgr/resolve_address_custom.h +0 -45
- data/src/core/lib/iomgr/resource_quota.cc +0 -1016
- data/src/core/lib/iomgr/resource_quota.h +0 -177
- data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
- data/src/core/lib/iomgr/tcp_client_custom.cc +0 -161
- data/src/core/lib/iomgr/tcp_custom.cc +0 -391
- data/src/core/lib/iomgr/tcp_custom.h +0 -84
- data/src/core/lib/iomgr/tcp_server_custom.cc +0 -483
- data/src/core/lib/iomgr/tcp_uv.cc +0 -419
- data/src/core/lib/iomgr/timer_custom.cc +0 -95
- data/src/core/lib/iomgr/timer_custom.h +0 -43
- data/src/core/lib/iomgr/timer_uv.cc +0 -66
- data/src/core/lib/iomgr/udp_server.cc +0 -747
- data/src/core/lib/iomgr/udp_server.h +0 -103
- data/src/core/lib/security/credentials/credentials_metadata.cc +0 -62
- data/src/core/lib/slice/slice_intern.cc +0 -373
- data/src/core/lib/slice/slice_utils.h +0 -200
- data/src/core/lib/surface/init_secure.cc +0 -81
- data/src/core/lib/transport/metadata.cc +0 -693
- data/src/core/lib/transport/metadata.h +0 -446
- data/src/core/lib/transport/metadata_batch.cc +0 -419
- data/src/core/lib/transport/static_metadata.cc +0 -1249
- data/src/core/lib/transport/static_metadata.h +0 -604
- data/src/core/lib/transport/status_metadata.cc +0 -62
- data/src/core/lib/transport/status_metadata.h +0 -48
- data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
- data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +0 -93
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +0 -217
- data/third_party/cares/cares/ares_getopt.c +0 -122
- data/third_party/cares/cares/ares_getopt.h +0 -53
- data/third_party/cares/cares/ares_parse_a_reply.c +0 -264
- data/third_party/cares/cares/ares_parse_aaaa_reply.c +0 -264
- data/third_party/cares/cares/ares_parse_soa_reply.c +0 -133
- data/third_party/upb/third_party/wyhash/wyhash.h +0 -145
- data/third_party/upb/upb/decode.int.h +0 -163
- data/third_party/upb/upb/table.int.h +0 -475
- data/third_party/upb/upb/upb.int.h +0 -29
|
@@ -124,11 +124,11 @@
|
|
|
124
124
|
#include <openssl/err.h>
|
|
125
125
|
#include <openssl/evp.h>
|
|
126
126
|
#include <openssl/hmac.h>
|
|
127
|
+
#include <openssl/hpke.h>
|
|
127
128
|
#include <openssl/mem.h>
|
|
128
129
|
#include <openssl/nid.h>
|
|
129
130
|
#include <openssl/rand.h>
|
|
130
131
|
|
|
131
|
-
#include "../crypto/hpke/internal.h"
|
|
132
132
|
#include "../crypto/internal.h"
|
|
133
133
|
#include "internal.h"
|
|
134
134
|
|
|
@@ -209,17 +209,25 @@ static bool is_post_quantum_group(uint16_t id) {
|
|
|
209
209
|
}
|
|
210
210
|
|
|
211
211
|
bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
|
212
|
-
const
|
|
212
|
+
Span<const uint8_t> body) {
|
|
213
|
+
CBS cbs = body;
|
|
214
|
+
if (!ssl_parse_client_hello_with_trailing_data(ssl, &cbs, out) ||
|
|
215
|
+
CBS_len(&cbs) != 0) {
|
|
216
|
+
return false;
|
|
217
|
+
}
|
|
218
|
+
return true;
|
|
219
|
+
}
|
|
220
|
+
|
|
221
|
+
bool ssl_parse_client_hello_with_trailing_data(const SSL *ssl, CBS *cbs,
|
|
222
|
+
SSL_CLIENT_HELLO *out) {
|
|
213
223
|
OPENSSL_memset(out, 0, sizeof(*out));
|
|
214
224
|
out->ssl = const_cast<SSL *>(ssl);
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
!CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
|
|
222
|
-
!CBS_get_u8_length_prefixed(&client_hello, &session_id) ||
|
|
225
|
+
|
|
226
|
+
CBS copy = *cbs;
|
|
227
|
+
CBS random, session_id;
|
|
228
|
+
if (!CBS_get_u16(cbs, &out->version) ||
|
|
229
|
+
!CBS_get_bytes(cbs, &random, SSL3_RANDOM_SIZE) ||
|
|
230
|
+
!CBS_get_u8_length_prefixed(cbs, &session_id) ||
|
|
223
231
|
CBS_len(&session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH) {
|
|
224
232
|
return false;
|
|
225
233
|
}
|
|
@@ -232,16 +240,16 @@ bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
|
|
232
240
|
// Skip past DTLS cookie
|
|
233
241
|
if (SSL_is_dtls(out->ssl)) {
|
|
234
242
|
CBS cookie;
|
|
235
|
-
if (!CBS_get_u8_length_prefixed(
|
|
243
|
+
if (!CBS_get_u8_length_prefixed(cbs, &cookie) ||
|
|
236
244
|
CBS_len(&cookie) > DTLS1_COOKIE_LENGTH) {
|
|
237
245
|
return false;
|
|
238
246
|
}
|
|
239
247
|
}
|
|
240
248
|
|
|
241
249
|
CBS cipher_suites, compression_methods;
|
|
242
|
-
if (!CBS_get_u16_length_prefixed(
|
|
250
|
+
if (!CBS_get_u16_length_prefixed(cbs, &cipher_suites) ||
|
|
243
251
|
CBS_len(&cipher_suites) < 2 || (CBS_len(&cipher_suites) & 1) != 0 ||
|
|
244
|
-
!CBS_get_u8_length_prefixed(
|
|
252
|
+
!CBS_get_u8_length_prefixed(cbs, &compression_methods) ||
|
|
245
253
|
CBS_len(&compression_methods) < 1) {
|
|
246
254
|
return false;
|
|
247
255
|
}
|
|
@@ -253,23 +261,22 @@ bool ssl_client_hello_init(const SSL *ssl, SSL_CLIENT_HELLO *out,
|
|
|
253
261
|
|
|
254
262
|
// If the ClientHello ends here then it's valid, but doesn't have any
|
|
255
263
|
// extensions.
|
|
256
|
-
if (CBS_len(
|
|
257
|
-
out->extensions =
|
|
264
|
+
if (CBS_len(cbs) == 0) {
|
|
265
|
+
out->extensions = nullptr;
|
|
258
266
|
out->extensions_len = 0;
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
267
|
+
} else {
|
|
268
|
+
// Extract extensions and check it is valid.
|
|
269
|
+
CBS extensions;
|
|
270
|
+
if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
|
|
271
|
+
!tls1_check_duplicate_extensions(&extensions)) {
|
|
272
|
+
return false;
|
|
273
|
+
}
|
|
274
|
+
out->extensions = CBS_data(&extensions);
|
|
275
|
+
out->extensions_len = CBS_len(&extensions);
|
|
268
276
|
}
|
|
269
277
|
|
|
270
|
-
out->
|
|
271
|
-
out->
|
|
272
|
-
|
|
278
|
+
out->client_hello = CBS_data(©);
|
|
279
|
+
out->client_hello_len = CBS_len(©) - CBS_len(cbs);
|
|
273
280
|
return true;
|
|
274
281
|
}
|
|
275
282
|
|
|
@@ -405,6 +412,11 @@ bool tls1_check_group_id(const SSL_HANDSHAKE *hs, uint16_t group_id) {
|
|
|
405
412
|
return false;
|
|
406
413
|
}
|
|
407
414
|
|
|
415
|
+
// We internally assume zero is never allocated as a group ID.
|
|
416
|
+
if (group_id == 0) {
|
|
417
|
+
return false;
|
|
418
|
+
}
|
|
419
|
+
|
|
408
420
|
for (uint16_t supported : tls1_get_grouplist(hs)) {
|
|
409
421
|
if (supported == group_id) {
|
|
410
422
|
return true;
|
|
@@ -488,9 +500,7 @@ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
488
500
|
return false;
|
|
489
501
|
}
|
|
490
502
|
|
|
491
|
-
// tls_extension represents a TLS extension that is handled internally.
|
|
492
|
-
// |init| function is called for each handshake, before any other functions of
|
|
493
|
-
// the extension. Then the add and parse callbacks are called as needed.
|
|
503
|
+
// tls_extension represents a TLS extension that is handled internally.
|
|
494
504
|
//
|
|
495
505
|
// The parse callbacks receive a |CBS| that contains the contents of the
|
|
496
506
|
// extension (i.e. not including the type and length bytes). If an extension is
|
|
@@ -500,14 +510,27 @@ bool tls12_check_peer_sigalg(const SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
500
510
|
// The add callbacks receive a |CBB| to which the extension can be appended but
|
|
501
511
|
// the function is responsible for appending the type and length bytes too.
|
|
502
512
|
//
|
|
513
|
+
// |add_clienthello| may be called multiple times and must not mutate |hs|. It
|
|
514
|
+
// is additionally passed two output |CBB|s. If the extension is the same
|
|
515
|
+
// independent of the value of |type|, the callback may write to
|
|
516
|
+
// |out_compressible| instead of |out|. When serializing the ClientHelloInner,
|
|
517
|
+
// all compressible extensions will be made continguous and replaced with
|
|
518
|
+
// ech_outer_extensions when encrypted. When serializing the ClientHelloOuter
|
|
519
|
+
// or not offering ECH, |out| will be equal to |out_compressible|, so writing to
|
|
520
|
+
// |out_compressible| still works.
|
|
521
|
+
//
|
|
522
|
+
// Note the |parse_serverhello| and |add_serverhello| callbacks refer to the
|
|
523
|
+
// TLS 1.2 ServerHello. In TLS 1.3, these callbacks act on EncryptedExtensions,
|
|
524
|
+
// with ServerHello extensions handled elsewhere in the handshake.
|
|
525
|
+
//
|
|
503
526
|
// All callbacks return true for success and false for error. If a parse
|
|
504
527
|
// function returns zero then a fatal alert with value |*out_alert| will be
|
|
505
528
|
// sent. If |*out_alert| isn't set, then a |decode_error| alert will be sent.
|
|
506
529
|
struct tls_extension {
|
|
507
530
|
uint16_t value;
|
|
508
|
-
void (*init)(SSL_HANDSHAKE *hs);
|
|
509
531
|
|
|
510
|
-
bool (*add_clienthello)(SSL_HANDSHAKE *hs, CBB *out
|
|
532
|
+
bool (*add_clienthello)(const SSL_HANDSHAKE *hs, CBB *out,
|
|
533
|
+
CBB *out_compressible, ssl_client_hello_type_t type);
|
|
511
534
|
bool (*parse_serverhello)(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
512
535
|
CBS *contents);
|
|
513
536
|
|
|
@@ -542,10 +565,21 @@ static bool dont_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
542
565
|
//
|
|
543
566
|
// https://tools.ietf.org/html/rfc6066#section-3.
|
|
544
567
|
|
|
545
|
-
static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
568
|
+
static bool ext_sni_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
569
|
+
CBB *out_compressible,
|
|
570
|
+
ssl_client_hello_type_t type) {
|
|
571
|
+
const SSL *const ssl = hs->ssl;
|
|
572
|
+
// If offering ECH, send the public name instead of the configured name.
|
|
573
|
+
Span<const uint8_t> hostname;
|
|
574
|
+
if (type == ssl_client_hello_outer) {
|
|
575
|
+
hostname = hs->selected_ech_config->public_name;
|
|
576
|
+
} else {
|
|
577
|
+
if (ssl->hostname == nullptr) {
|
|
578
|
+
return true;
|
|
579
|
+
}
|
|
580
|
+
hostname =
|
|
581
|
+
MakeConstSpan(reinterpret_cast<const uint8_t *>(ssl->hostname.get()),
|
|
582
|
+
strlen(ssl->hostname.get()));
|
|
549
583
|
}
|
|
550
584
|
|
|
551
585
|
CBB contents, server_name_list, name;
|
|
@@ -554,8 +588,7 @@ static bool ext_sni_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
554
588
|
!CBB_add_u16_length_prefixed(&contents, &server_name_list) ||
|
|
555
589
|
!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name) ||
|
|
556
590
|
!CBB_add_u16_length_prefixed(&server_name_list, &name) ||
|
|
557
|
-
!CBB_add_bytes(&name, (
|
|
558
|
-
strlen(ssl->hostname.get())) ||
|
|
591
|
+
!CBB_add_bytes(&name, hostname.data(), hostname.size()) ||
|
|
559
592
|
!CBB_flush(out)) {
|
|
560
593
|
return false;
|
|
561
594
|
}
|
|
@@ -591,179 +624,117 @@ static bool ext_sni_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
591
624
|
}
|
|
592
625
|
|
|
593
626
|
|
|
594
|
-
// Encrypted
|
|
627
|
+
// Encrypted ClientHello (ECH)
|
|
595
628
|
//
|
|
596
|
-
// https://tools.ietf.org/html/draft-ietf-tls-esni-
|
|
629
|
+
// https://tools.ietf.org/html/draft-ietf-tls-esni-13
|
|
597
630
|
|
|
598
|
-
|
|
599
|
-
|
|
600
|
-
|
|
601
|
-
|
|
602
|
-
RAND_bytes(reinterpret_cast<uint8_t *>(&value), sizeof(value));
|
|
603
|
-
return value % (max - min + 1) + min;
|
|
604
|
-
}
|
|
605
|
-
|
|
606
|
-
static bool ext_ech_add_clienthello_grease(SSL_HANDSHAKE *hs, CBB *out) {
|
|
607
|
-
// If we are responding to the server's HelloRetryRequest, we repeat the bytes
|
|
608
|
-
// of the first ECH GREASE extension.
|
|
609
|
-
if (hs->ssl->s3->used_hello_retry_request) {
|
|
610
|
-
CBB ech_body;
|
|
631
|
+
static bool ext_ech_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
632
|
+
CBB *out_compressible,
|
|
633
|
+
ssl_client_hello_type_t type) {
|
|
634
|
+
if (type == ssl_client_hello_inner) {
|
|
611
635
|
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
|
612
|
-
!
|
|
613
|
-
!
|
|
614
|
-
hs->ech_grease.size()) ||
|
|
615
|
-
!CBB_flush(out)) {
|
|
636
|
+
!CBB_add_u16(out, /* length */ 1) ||
|
|
637
|
+
!CBB_add_u8(out, ECH_CLIENT_INNER)) {
|
|
616
638
|
return false;
|
|
617
639
|
}
|
|
618
640
|
return true;
|
|
619
641
|
}
|
|
620
642
|
|
|
621
|
-
|
|
622
|
-
|
|
623
|
-
|
|
624
|
-
: EVP_HPKE_AEAD_CHACHA20POLY1305;
|
|
625
|
-
const EVP_AEAD *aead = EVP_HPKE_get_aead(aead_id);
|
|
626
|
-
assert(aead != nullptr);
|
|
627
|
-
|
|
628
|
-
uint8_t ech_config_id[8];
|
|
629
|
-
RAND_bytes(ech_config_id, sizeof(ech_config_id));
|
|
630
|
-
|
|
631
|
-
uint8_t ech_enc[X25519_PUBLIC_VALUE_LEN];
|
|
632
|
-
uint8_t private_key_unused[X25519_PRIVATE_KEY_LEN];
|
|
633
|
-
X25519_keypair(ech_enc, private_key_unused);
|
|
643
|
+
if (hs->ech_client_outer.empty()) {
|
|
644
|
+
return true;
|
|
645
|
+
}
|
|
634
646
|
|
|
635
|
-
|
|
636
|
-
// of a typical EncodedClientHelloInner, with an expected use of
|
|
637
|
-
// outer_extensions. To limit the size, we only consider initial ClientHellos
|
|
638
|
-
// that do not offer resumption.
|
|
639
|
-
//
|
|
640
|
-
// Field/Extension Size
|
|
641
|
-
// ---------------------------------------------------------------------
|
|
642
|
-
// version 2
|
|
643
|
-
// random 32
|
|
644
|
-
// legacy_session_id 1
|
|
645
|
-
// - Has a U8 length prefix, but body is
|
|
646
|
-
// always empty string in inner CH.
|
|
647
|
-
// cipher_suites 2 (length prefix)
|
|
648
|
-
// - Only includes TLS 1.3 ciphers (3). 6
|
|
649
|
-
// - Maybe also include a GREASE suite. 2
|
|
650
|
-
// legacy_compression_methods 2 (length prefix)
|
|
651
|
-
// - Always has "null" compression method. 1
|
|
652
|
-
// extensions: 2 (length prefix)
|
|
653
|
-
// - encrypted_client_hello (empty). 4 (id + length prefix)
|
|
654
|
-
// - supported_versions. 4 (id + length prefix)
|
|
655
|
-
// - U8 length prefix 1
|
|
656
|
-
// - U16 protocol version (TLS 1.3) 2
|
|
657
|
-
// - outer_extensions. 4 (id + length prefix)
|
|
658
|
-
// - U8 length prefix 1
|
|
659
|
-
// - N extension IDs (2 bytes each):
|
|
660
|
-
// - key_share 2
|
|
661
|
-
// - sigalgs 2
|
|
662
|
-
// - sct 2
|
|
663
|
-
// - alpn 2
|
|
664
|
-
// - supported_groups. 2
|
|
665
|
-
// - status_request. 2
|
|
666
|
-
// - psk_key_exchange_modes. 2
|
|
667
|
-
// - compress_certificate. 2
|
|
668
|
-
//
|
|
669
|
-
// The server_name extension has an overhead of 9 bytes, plus up to an
|
|
670
|
-
// estimated 100 bytes of hostname. Rounding up to a multiple of 32 yields a
|
|
671
|
-
// range of 96 to 192. Note that this estimate does not fully capture
|
|
672
|
-
// optional extensions like GREASE, but the rounding gives some leeway.
|
|
673
|
-
|
|
674
|
-
uint8_t payload[EVP_AEAD_MAX_OVERHEAD + 192];
|
|
675
|
-
const size_t payload_len =
|
|
676
|
-
EVP_AEAD_max_overhead(aead) + 32 * random_size(96 / 32, 192 / 32);
|
|
677
|
-
assert(payload_len <= sizeof(payload));
|
|
678
|
-
RAND_bytes(payload, payload_len);
|
|
679
|
-
|
|
680
|
-
// Inside the TLS extension contents, write a serialized ClientEncryptedCH.
|
|
681
|
-
CBB ech_body, config_id_cbb, enc_cbb, payload_cbb;
|
|
647
|
+
CBB ech_body;
|
|
682
648
|
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
|
683
649
|
!CBB_add_u16_length_prefixed(out, &ech_body) ||
|
|
684
|
-
!
|
|
685
|
-
!
|
|
686
|
-
|
|
687
|
-
!
|
|
688
|
-
!CBB_add_u16_length_prefixed(&ech_body, &enc_cbb) ||
|
|
689
|
-
!CBB_add_bytes(&enc_cbb, ech_enc, OPENSSL_ARRAY_SIZE(ech_enc)) ||
|
|
690
|
-
!CBB_add_u16_length_prefixed(&ech_body, &payload_cbb) ||
|
|
691
|
-
!CBB_add_bytes(&payload_cbb, payload, payload_len) || //
|
|
692
|
-
!CBB_flush(&ech_body)) {
|
|
693
|
-
return false;
|
|
694
|
-
}
|
|
695
|
-
// Save the bytes of the newly-generated extension in case the server sends
|
|
696
|
-
// a HelloRetryRequest.
|
|
697
|
-
if (!hs->ech_grease.CopyFrom(
|
|
698
|
-
MakeConstSpan(CBB_data(&ech_body), CBB_len(&ech_body)))) {
|
|
650
|
+
!CBB_add_u8(&ech_body, ECH_CLIENT_OUTER) ||
|
|
651
|
+
!CBB_add_bytes(&ech_body, hs->ech_client_outer.data(),
|
|
652
|
+
hs->ech_client_outer.size()) ||
|
|
653
|
+
!CBB_flush(out)) {
|
|
699
654
|
return false;
|
|
700
655
|
}
|
|
701
|
-
return CBB_flush(out);
|
|
702
|
-
}
|
|
703
|
-
|
|
704
|
-
static bool ext_ech_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
705
|
-
if (hs->max_version < TLS1_3_VERSION) {
|
|
706
|
-
return true;
|
|
707
|
-
}
|
|
708
|
-
if (hs->config->ech_grease_enabled) {
|
|
709
|
-
return ext_ech_add_clienthello_grease(hs, out);
|
|
710
|
-
}
|
|
711
|
-
// Nothing to do, since we don't yet implement the non-GREASE parts of ECH.
|
|
712
656
|
return true;
|
|
713
657
|
}
|
|
714
658
|
|
|
715
659
|
static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
716
660
|
CBS *contents) {
|
|
661
|
+
SSL *const ssl = hs->ssl;
|
|
717
662
|
if (contents == NULL) {
|
|
718
663
|
return true;
|
|
719
664
|
}
|
|
720
665
|
|
|
721
|
-
//
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
666
|
+
// The ECH extension may not be sent in TLS 1.2 ServerHello, only TLS 1.3
|
|
667
|
+
// EncryptedExtensions. It also may not be sent in response to an inner ECH
|
|
668
|
+
// extension.
|
|
669
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION ||
|
|
670
|
+
ssl->s3->ech_status == ssl_ech_accepted) {
|
|
671
|
+
*out_alert = SSL_AD_UNSUPPORTED_EXTENSION;
|
|
672
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_UNEXPECTED_EXTENSION);
|
|
673
|
+
return false;
|
|
674
|
+
}
|
|
675
|
+
|
|
676
|
+
if (!ssl_is_valid_ech_config_list(*contents)) {
|
|
726
677
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
727
678
|
return false;
|
|
728
679
|
}
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
!CBS_get_u16_length_prefixed(&ech_configs, &ech_config_contents)) {
|
|
735
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
736
|
-
return false;
|
|
737
|
-
}
|
|
680
|
+
|
|
681
|
+
if (ssl->s3->ech_status == ssl_ech_rejected &&
|
|
682
|
+
!hs->ech_retry_configs.CopyFrom(*contents)) {
|
|
683
|
+
*out_alert = SSL_AD_INTERNAL_ERROR;
|
|
684
|
+
return false;
|
|
738
685
|
}
|
|
686
|
+
|
|
739
687
|
return true;
|
|
740
688
|
}
|
|
741
689
|
|
|
742
690
|
static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
743
691
|
CBS *contents) {
|
|
744
|
-
if (contents
|
|
745
|
-
hs->ech_present = true;
|
|
692
|
+
if (contents == nullptr) {
|
|
746
693
|
return true;
|
|
747
694
|
}
|
|
748
|
-
return true;
|
|
749
|
-
}
|
|
750
695
|
|
|
751
|
-
|
|
696
|
+
uint8_t type;
|
|
697
|
+
if (!CBS_get_u8(contents, &type)) {
|
|
698
|
+
return false;
|
|
699
|
+
}
|
|
700
|
+
if (type == ECH_CLIENT_OUTER) {
|
|
701
|
+
// Outer ECH extensions are handled outside the callback.
|
|
702
|
+
return true;
|
|
703
|
+
}
|
|
704
|
+
if (type != ECH_CLIENT_INNER || CBS_len(contents) != 0) {
|
|
705
|
+
return false;
|
|
706
|
+
}
|
|
707
|
+
|
|
708
|
+
hs->ech_is_inner = true;
|
|
752
709
|
return true;
|
|
753
710
|
}
|
|
754
711
|
|
|
755
|
-
static bool
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
712
|
+
static bool ext_ech_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
713
|
+
SSL *const ssl = hs->ssl;
|
|
714
|
+
if (ssl_protocol_version(ssl) < TLS1_3_VERSION ||
|
|
715
|
+
ssl->s3->ech_status == ssl_ech_accepted || //
|
|
716
|
+
hs->ech_keys == nullptr) {
|
|
759
717
|
return true;
|
|
760
718
|
}
|
|
761
|
-
|
|
762
|
-
|
|
719
|
+
|
|
720
|
+
// Write the list of retry configs to |out|. Note |SSL_CTX_set1_ech_keys|
|
|
721
|
+
// ensures |ech_keys| contains at least one retry config.
|
|
722
|
+
CBB body, retry_configs;
|
|
723
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_encrypted_client_hello) ||
|
|
724
|
+
!CBB_add_u16_length_prefixed(out, &body) ||
|
|
725
|
+
!CBB_add_u16_length_prefixed(&body, &retry_configs)) {
|
|
763
726
|
return false;
|
|
764
727
|
}
|
|
765
|
-
hs->
|
|
766
|
-
|
|
728
|
+
for (const auto &config : hs->ech_keys->configs) {
|
|
729
|
+
if (!config->is_retry_config()) {
|
|
730
|
+
continue;
|
|
731
|
+
}
|
|
732
|
+
if (!CBB_add_bytes(&retry_configs, config->ech_config().raw.data(),
|
|
733
|
+
config->ech_config().raw.size())) {
|
|
734
|
+
return false;
|
|
735
|
+
}
|
|
736
|
+
}
|
|
737
|
+
return CBB_flush(out);
|
|
767
738
|
}
|
|
768
739
|
|
|
769
740
|
|
|
@@ -771,10 +742,13 @@ static bool ext_ech_is_inner_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
771
742
|
//
|
|
772
743
|
// https://tools.ietf.org/html/rfc5746
|
|
773
744
|
|
|
774
|
-
static bool ext_ri_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
775
|
-
|
|
745
|
+
static bool ext_ri_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
746
|
+
CBB *out_compressible,
|
|
747
|
+
ssl_client_hello_type_t type) {
|
|
748
|
+
const SSL *const ssl = hs->ssl;
|
|
776
749
|
// Renegotiation indication is not necessary in TLS 1.3.
|
|
777
|
-
if (hs->min_version >= TLS1_3_VERSION
|
|
750
|
+
if (hs->min_version >= TLS1_3_VERSION ||
|
|
751
|
+
type == ssl_client_hello_inner) {
|
|
778
752
|
return true;
|
|
779
753
|
}
|
|
780
754
|
|
|
@@ -936,9 +910,11 @@ static bool ext_ri_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
936
910
|
//
|
|
937
911
|
// https://tools.ietf.org/html/rfc7627
|
|
938
912
|
|
|
939
|
-
static bool ext_ems_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
913
|
+
static bool ext_ems_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
914
|
+
CBB *out_compressible,
|
|
915
|
+
ssl_client_hello_type_t type) {
|
|
940
916
|
// Extended master secret is not necessary in TLS 1.3.
|
|
941
|
-
if (hs->min_version >= TLS1_3_VERSION) {
|
|
917
|
+
if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner) {
|
|
942
918
|
return true;
|
|
943
919
|
}
|
|
944
920
|
|
|
@@ -1011,10 +987,12 @@ static bool ext_ems_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1011
987
|
//
|
|
1012
988
|
// https://tools.ietf.org/html/rfc5077
|
|
1013
989
|
|
|
1014
|
-
static bool ext_ticket_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1015
|
-
|
|
990
|
+
static bool ext_ticket_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
991
|
+
CBB *out_compressible,
|
|
992
|
+
ssl_client_hello_type_t type) {
|
|
993
|
+
const SSL *const ssl = hs->ssl;
|
|
1016
994
|
// TLS 1.3 uses a different ticket extension.
|
|
1017
|
-
if (hs->min_version >= TLS1_3_VERSION ||
|
|
995
|
+
if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner ||
|
|
1018
996
|
SSL_get_options(ssl) & SSL_OP_NO_TICKET) {
|
|
1019
997
|
return true;
|
|
1020
998
|
}
|
|
@@ -1089,17 +1067,19 @@ static bool ext_ticket_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1089
1067
|
//
|
|
1090
1068
|
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
|
1091
1069
|
|
|
1092
|
-
static bool ext_sigalgs_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1070
|
+
static bool ext_sigalgs_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1071
|
+
CBB *out_compressible,
|
|
1072
|
+
ssl_client_hello_type_t type) {
|
|
1093
1073
|
if (hs->max_version < TLS1_2_VERSION) {
|
|
1094
1074
|
return true;
|
|
1095
1075
|
}
|
|
1096
1076
|
|
|
1097
1077
|
CBB contents, sigalgs_cbb;
|
|
1098
|
-
if (!CBB_add_u16(
|
|
1099
|
-
!CBB_add_u16_length_prefixed(
|
|
1078
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_signature_algorithms) ||
|
|
1079
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
1100
1080
|
!CBB_add_u16_length_prefixed(&contents, &sigalgs_cbb) ||
|
|
1101
1081
|
!tls12_add_verify_sigalgs(hs, &sigalgs_cbb) ||
|
|
1102
|
-
!CBB_flush(
|
|
1082
|
+
!CBB_flush(out_compressible)) {
|
|
1103
1083
|
return false;
|
|
1104
1084
|
}
|
|
1105
1085
|
|
|
@@ -1128,18 +1108,20 @@ static bool ext_sigalgs_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1128
1108
|
//
|
|
1129
1109
|
// https://tools.ietf.org/html/rfc6066#section-8
|
|
1130
1110
|
|
|
1131
|
-
static bool ext_ocsp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1111
|
+
static bool ext_ocsp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1112
|
+
CBB *out_compressible,
|
|
1113
|
+
ssl_client_hello_type_t type) {
|
|
1132
1114
|
if (!hs->config->ocsp_stapling_enabled) {
|
|
1133
1115
|
return true;
|
|
1134
1116
|
}
|
|
1135
1117
|
|
|
1136
1118
|
CBB contents;
|
|
1137
|
-
if (!CBB_add_u16(
|
|
1138
|
-
!CBB_add_u16_length_prefixed(
|
|
1119
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_status_request) ||
|
|
1120
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
1139
1121
|
!CBB_add_u8(&contents, TLSEXT_STATUSTYPE_ocsp) ||
|
|
1140
1122
|
!CBB_add_u16(&contents, 0 /* empty responder ID list */) ||
|
|
1141
1123
|
!CBB_add_u16(&contents, 0 /* empty request extensions */) ||
|
|
1142
|
-
!CBB_flush(
|
|
1124
|
+
!CBB_flush(out_compressible)) {
|
|
1143
1125
|
return false;
|
|
1144
1126
|
}
|
|
1145
1127
|
|
|
@@ -1210,11 +1192,16 @@ static bool ext_ocsp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1210
1192
|
//
|
|
1211
1193
|
// https://htmlpreview.github.io/?https://github.com/agl/technotes/blob/master/nextprotoneg.html
|
|
1212
1194
|
|
|
1213
|
-
static bool ext_npn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1214
|
-
|
|
1215
|
-
|
|
1216
|
-
|
|
1217
|
-
|
|
1195
|
+
static bool ext_npn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1196
|
+
CBB *out_compressible,
|
|
1197
|
+
ssl_client_hello_type_t type) {
|
|
1198
|
+
const SSL *const ssl = hs->ssl;
|
|
1199
|
+
if (ssl->ctx->next_proto_select_cb == NULL ||
|
|
1200
|
+
// Do not allow NPN to change on renegotiation.
|
|
1201
|
+
ssl->s3->initial_handshake_complete ||
|
|
1202
|
+
// NPN is not defined in DTLS or TLS 1.3.
|
|
1203
|
+
SSL_is_dtls(ssl) || hs->min_version >= TLS1_3_VERSION ||
|
|
1204
|
+
type == ssl_client_hello_inner) {
|
|
1218
1205
|
return true;
|
|
1219
1206
|
}
|
|
1220
1207
|
|
|
@@ -1333,13 +1320,15 @@ static bool ext_npn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1333
1320
|
//
|
|
1334
1321
|
// https://tools.ietf.org/html/rfc6962#section-3.3.1
|
|
1335
1322
|
|
|
1336
|
-
static bool ext_sct_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1323
|
+
static bool ext_sct_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1324
|
+
CBB *out_compressible,
|
|
1325
|
+
ssl_client_hello_type_t type) {
|
|
1337
1326
|
if (!hs->config->signed_cert_timestamps_enabled) {
|
|
1338
1327
|
return true;
|
|
1339
1328
|
}
|
|
1340
1329
|
|
|
1341
|
-
if (!CBB_add_u16(
|
|
1342
|
-
!CBB_add_u16(
|
|
1330
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_certificate_timestamp) ||
|
|
1331
|
+
!CBB_add_u16(out_compressible, 0 /* length */)) {
|
|
1343
1332
|
return false;
|
|
1344
1333
|
}
|
|
1345
1334
|
|
|
@@ -1424,8 +1413,10 @@ static bool ext_sct_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1424
1413
|
//
|
|
1425
1414
|
// https://tools.ietf.org/html/rfc7301
|
|
1426
1415
|
|
|
1427
|
-
static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1428
|
-
|
|
1416
|
+
static bool ext_alpn_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1417
|
+
CBB *out_compressible,
|
|
1418
|
+
ssl_client_hello_type_t type) {
|
|
1419
|
+
const SSL *const ssl = hs->ssl;
|
|
1429
1420
|
if (hs->config->alpn_client_proto_list.empty() && ssl->quic_method) {
|
|
1430
1421
|
// ALPN MUST be used with QUIC.
|
|
1431
1422
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_APPLICATION_PROTOCOL);
|
|
@@ -1438,12 +1429,13 @@ static bool ext_alpn_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1438
1429
|
}
|
|
1439
1430
|
|
|
1440
1431
|
CBB contents, proto_list;
|
|
1441
|
-
if (!CBB_add_u16(
|
|
1442
|
-
|
|
1432
|
+
if (!CBB_add_u16(out_compressible,
|
|
1433
|
+
TLSEXT_TYPE_application_layer_protocol_negotiation) ||
|
|
1434
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
1443
1435
|
!CBB_add_u16_length_prefixed(&contents, &proto_list) ||
|
|
1444
1436
|
!CBB_add_bytes(&proto_list, hs->config->alpn_client_proto_list.data(),
|
|
1445
1437
|
hs->config->alpn_client_proto_list.size()) ||
|
|
1446
|
-
!CBB_flush(
|
|
1438
|
+
!CBB_flush(out_compressible)) {
|
|
1447
1439
|
return false;
|
|
1448
1440
|
}
|
|
1449
1441
|
|
|
@@ -1499,6 +1491,22 @@ static bool ext_alpn_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1499
1491
|
return true;
|
|
1500
1492
|
}
|
|
1501
1493
|
|
|
1494
|
+
bool ssl_is_valid_alpn_list(Span<const uint8_t> in) {
|
|
1495
|
+
CBS protocol_name_list = in;
|
|
1496
|
+
if (CBS_len(&protocol_name_list) == 0) {
|
|
1497
|
+
return false;
|
|
1498
|
+
}
|
|
1499
|
+
while (CBS_len(&protocol_name_list) > 0) {
|
|
1500
|
+
CBS protocol_name;
|
|
1501
|
+
if (!CBS_get_u8_length_prefixed(&protocol_name_list, &protocol_name) ||
|
|
1502
|
+
// Empty protocol names are forbidden.
|
|
1503
|
+
CBS_len(&protocol_name) == 0) {
|
|
1504
|
+
return false;
|
|
1505
|
+
}
|
|
1506
|
+
}
|
|
1507
|
+
return true;
|
|
1508
|
+
}
|
|
1509
|
+
|
|
1502
1510
|
bool ssl_is_alpn_protocol_allowed(const SSL_HANDSHAKE *hs,
|
|
1503
1511
|
Span<const uint8_t> protocol) {
|
|
1504
1512
|
if (hs->config->alpn_client_proto_list.empty()) {
|
|
@@ -1551,25 +1559,12 @@ bool ssl_negotiate_alpn(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1551
1559
|
CBS protocol_name_list;
|
|
1552
1560
|
if (!CBS_get_u16_length_prefixed(&contents, &protocol_name_list) ||
|
|
1553
1561
|
CBS_len(&contents) != 0 ||
|
|
1554
|
-
|
|
1562
|
+
!ssl_is_valid_alpn_list(protocol_name_list)) {
|
|
1555
1563
|
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
|
1556
1564
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1557
1565
|
return false;
|
|
1558
1566
|
}
|
|
1559
1567
|
|
|
1560
|
-
// Validate the protocol list.
|
|
1561
|
-
CBS protocol_name_list_copy = protocol_name_list;
|
|
1562
|
-
while (CBS_len(&protocol_name_list_copy) > 0) {
|
|
1563
|
-
CBS protocol_name;
|
|
1564
|
-
if (!CBS_get_u8_length_prefixed(&protocol_name_list_copy, &protocol_name) ||
|
|
1565
|
-
// Empty protocol names are forbidden.
|
|
1566
|
-
CBS_len(&protocol_name) == 0) {
|
|
1567
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_PARSE_TLSEXT);
|
|
1568
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
1569
|
-
return false;
|
|
1570
|
-
}
|
|
1571
|
-
}
|
|
1572
|
-
|
|
1573
1568
|
const uint8_t *selected;
|
|
1574
1569
|
uint8_t selected_len;
|
|
1575
1570
|
int ret = ssl->ctx->alpn_select_cb(
|
|
@@ -1635,13 +1630,20 @@ static bool ext_alpn_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1635
1630
|
//
|
|
1636
1631
|
// https://tools.ietf.org/html/draft-balfanz-tls-channelid-01
|
|
1637
1632
|
|
|
1638
|
-
static
|
|
1639
|
-
|
|
1640
|
-
|
|
1641
|
-
|
|
1642
|
-
|
|
1643
|
-
|
|
1644
|
-
|
|
1633
|
+
static bool ext_channel_id_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1634
|
+
CBB *out_compressible,
|
|
1635
|
+
ssl_client_hello_type_t type) {
|
|
1636
|
+
const SSL *const ssl = hs->ssl;
|
|
1637
|
+
if (!hs->config->channel_id_private || SSL_is_dtls(ssl) ||
|
|
1638
|
+
// Don't offer Channel ID in ClientHelloOuter. ClientHelloOuter handshakes
|
|
1639
|
+
// are not authenticated for the name that can learn the Channel ID.
|
|
1640
|
+
//
|
|
1641
|
+
// We could alternatively offer the extension but sign with a random key.
|
|
1642
|
+
// For other extensions, we try to align |ssl_client_hello_outer| and
|
|
1643
|
+
// |ssl_client_hello_unencrypted|, to improve the effectiveness of ECH
|
|
1644
|
+
// GREASE. However, Channel ID is deprecated and unlikely to be used with
|
|
1645
|
+
// ECH, so do the simplest thing.
|
|
1646
|
+
type == ssl_client_hello_outer) {
|
|
1645
1647
|
return true;
|
|
1646
1648
|
}
|
|
1647
1649
|
|
|
@@ -1656,19 +1658,18 @@ static bool ext_channel_id_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1656
1658
|
static bool ext_channel_id_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
1657
1659
|
uint8_t *out_alert,
|
|
1658
1660
|
CBS *contents) {
|
|
1659
|
-
SSL *const ssl = hs->ssl;
|
|
1660
1661
|
if (contents == NULL) {
|
|
1661
1662
|
return true;
|
|
1662
1663
|
}
|
|
1663
1664
|
|
|
1664
|
-
assert(!SSL_is_dtls(ssl));
|
|
1665
|
-
assert(hs->config->
|
|
1665
|
+
assert(!SSL_is_dtls(hs->ssl));
|
|
1666
|
+
assert(hs->config->channel_id_private);
|
|
1666
1667
|
|
|
1667
1668
|
if (CBS_len(contents) != 0) {
|
|
1668
1669
|
return false;
|
|
1669
1670
|
}
|
|
1670
1671
|
|
|
1671
|
-
|
|
1672
|
+
hs->channel_id_negotiated = true;
|
|
1672
1673
|
return true;
|
|
1673
1674
|
}
|
|
1674
1675
|
|
|
@@ -1684,13 +1685,12 @@ static bool ext_channel_id_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
1684
1685
|
return false;
|
|
1685
1686
|
}
|
|
1686
1687
|
|
|
1687
|
-
|
|
1688
|
+
hs->channel_id_negotiated = true;
|
|
1688
1689
|
return true;
|
|
1689
1690
|
}
|
|
1690
1691
|
|
|
1691
1692
|
static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1692
|
-
|
|
1693
|
-
if (!ssl->s3->channel_id_valid) {
|
|
1693
|
+
if (!hs->channel_id_negotiated) {
|
|
1694
1694
|
return true;
|
|
1695
1695
|
}
|
|
1696
1696
|
|
|
@@ -1707,22 +1707,21 @@ static bool ext_channel_id_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1707
1707
|
//
|
|
1708
1708
|
// https://tools.ietf.org/html/rfc5764
|
|
1709
1709
|
|
|
1710
|
-
|
|
1711
|
-
|
|
1712
|
-
|
|
1713
|
-
|
|
1714
|
-
|
|
1715
|
-
|
|
1716
|
-
SSL *const ssl = hs->ssl;
|
|
1717
|
-
STACK_OF(SRTP_PROTECTION_PROFILE) *profiles = SSL_get_srtp_profiles(ssl);
|
|
1710
|
+
static bool ext_srtp_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1711
|
+
CBB *out_compressible,
|
|
1712
|
+
ssl_client_hello_type_t type) {
|
|
1713
|
+
const SSL *const ssl = hs->ssl;
|
|
1714
|
+
const STACK_OF(SRTP_PROTECTION_PROFILE) *profiles =
|
|
1715
|
+
SSL_get_srtp_profiles(ssl);
|
|
1718
1716
|
if (profiles == NULL ||
|
|
1719
|
-
sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0
|
|
1717
|
+
sk_SRTP_PROTECTION_PROFILE_num(profiles) == 0 ||
|
|
1718
|
+
!SSL_is_dtls(ssl)) {
|
|
1720
1719
|
return true;
|
|
1721
1720
|
}
|
|
1722
1721
|
|
|
1723
1722
|
CBB contents, profile_ids;
|
|
1724
|
-
if (!CBB_add_u16(
|
|
1725
|
-
!CBB_add_u16_length_prefixed(
|
|
1723
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_srtp) ||
|
|
1724
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
1726
1725
|
!CBB_add_u16_length_prefixed(&contents, &profile_ids)) {
|
|
1727
1726
|
return false;
|
|
1728
1727
|
}
|
|
@@ -1734,7 +1733,7 @@ static bool ext_srtp_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1734
1733
|
}
|
|
1735
1734
|
|
|
1736
1735
|
if (!CBB_add_u8(&contents, 0 /* empty use_mki value */) ||
|
|
1737
|
-
!CBB_flush(
|
|
1736
|
+
!CBB_flush(out_compressible)) {
|
|
1738
1737
|
return false;
|
|
1739
1738
|
}
|
|
1740
1739
|
|
|
@@ -1752,6 +1751,7 @@ static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1752
1751
|
// single uint16_t profile ID, then followed by a u8-prefixed srtp_mki field.
|
|
1753
1752
|
//
|
|
1754
1753
|
// See https://tools.ietf.org/html/rfc5764#section-4.1.1
|
|
1754
|
+
assert(SSL_is_dtls(ssl));
|
|
1755
1755
|
CBS profile_ids, srtp_mki;
|
|
1756
1756
|
uint16_t profile_id;
|
|
1757
1757
|
if (!CBS_get_u16_length_prefixed(contents, &profile_ids) ||
|
|
@@ -1770,11 +1770,8 @@ static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1770
1770
|
return false;
|
|
1771
1771
|
}
|
|
1772
1772
|
|
|
1773
|
-
|
|
1774
|
-
|
|
1775
|
-
// Check to see if the server gave us something we support (and presumably
|
|
1776
|
-
// offered).
|
|
1777
|
-
for (const SRTP_PROTECTION_PROFILE *profile : profiles) {
|
|
1773
|
+
// Check to see if the server gave us something we support and offered.
|
|
1774
|
+
for (const SRTP_PROTECTION_PROFILE *profile : SSL_get_srtp_profiles(ssl)) {
|
|
1778
1775
|
if (profile->id == profile_id) {
|
|
1779
1776
|
ssl->s3->srtp_profile = profile;
|
|
1780
1777
|
return true;
|
|
@@ -1789,7 +1786,8 @@ static bool ext_srtp_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
1789
1786
|
static bool ext_srtp_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
1790
1787
|
CBS *contents) {
|
|
1791
1788
|
SSL *const ssl = hs->ssl;
|
|
1792
|
-
|
|
1789
|
+
// DTLS-SRTP is only defined for DTLS.
|
|
1790
|
+
if (contents == NULL || !SSL_is_dtls(ssl)) {
|
|
1793
1791
|
return true;
|
|
1794
1792
|
}
|
|
1795
1793
|
|
|
@@ -1833,6 +1831,7 @@ static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1833
1831
|
return true;
|
|
1834
1832
|
}
|
|
1835
1833
|
|
|
1834
|
+
assert(SSL_is_dtls(ssl));
|
|
1836
1835
|
CBB contents, profile_ids;
|
|
1837
1836
|
if (!CBB_add_u16(out, TLSEXT_TYPE_srtp) ||
|
|
1838
1837
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
@@ -1851,7 +1850,7 @@ static bool ext_srtp_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1851
1850
|
//
|
|
1852
1851
|
// https://tools.ietf.org/html/rfc4492#section-5.1.2
|
|
1853
1852
|
|
|
1854
|
-
static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
|
|
1853
|
+
static bool ext_ec_point_add_extension(const SSL_HANDSHAKE *hs, CBB *out) {
|
|
1855
1854
|
CBB contents, formats;
|
|
1856
1855
|
if (!CBB_add_u16(out, TLSEXT_TYPE_ec_point_formats) ||
|
|
1857
1856
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
@@ -1864,9 +1863,11 @@ static bool ext_ec_point_add_extension(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1864
1863
|
return true;
|
|
1865
1864
|
}
|
|
1866
1865
|
|
|
1867
|
-
static bool ext_ec_point_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
1866
|
+
static bool ext_ec_point_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
1867
|
+
CBB *out_compressible,
|
|
1868
|
+
ssl_client_hello_type_t type) {
|
|
1868
1869
|
// The point format extension is unnecessary in TLS 1.3.
|
|
1869
|
-
if (hs->min_version >= TLS1_3_VERSION) {
|
|
1870
|
+
if (hs->min_version >= TLS1_3_VERSION || type == ssl_client_hello_inner) {
|
|
1870
1871
|
return true;
|
|
1871
1872
|
}
|
|
1872
1873
|
|
|
@@ -1932,10 +1933,34 @@ static bool ext_ec_point_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1932
1933
|
//
|
|
1933
1934
|
// https://tools.ietf.org/html/rfc8446#section-4.2.11
|
|
1934
1935
|
|
|
1935
|
-
static
|
|
1936
|
-
|
|
1936
|
+
static bool should_offer_psk(const SSL_HANDSHAKE *hs,
|
|
1937
|
+
ssl_client_hello_type_t type) {
|
|
1938
|
+
const SSL *const ssl = hs->ssl;
|
|
1937
1939
|
if (hs->max_version < TLS1_3_VERSION || ssl->session == nullptr ||
|
|
1938
|
-
ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION
|
|
1940
|
+
ssl_session_protocol_version(ssl->session.get()) < TLS1_3_VERSION ||
|
|
1941
|
+
// TODO(https://crbug.com/boringssl/275): Should we synthesize a
|
|
1942
|
+
// placeholder PSK, at least when we offer early data? Otherwise
|
|
1943
|
+
// ClientHelloOuter will contain an early_data extension without a
|
|
1944
|
+
// pre_shared_key extension and potentially break the recovery flow.
|
|
1945
|
+
type == ssl_client_hello_outer) {
|
|
1946
|
+
return false;
|
|
1947
|
+
}
|
|
1948
|
+
|
|
1949
|
+
// Per RFC 8446 section 4.1.4, skip offering the session if the selected
|
|
1950
|
+
// cipher in HelloRetryRequest does not match. This avoids performing the
|
|
1951
|
+
// transcript hash transformation for multiple hashes.
|
|
1952
|
+
if (ssl->s3->used_hello_retry_request &&
|
|
1953
|
+
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
|
1954
|
+
return false;
|
|
1955
|
+
}
|
|
1956
|
+
|
|
1957
|
+
return true;
|
|
1958
|
+
}
|
|
1959
|
+
|
|
1960
|
+
static size_t ext_pre_shared_key_clienthello_length(
|
|
1961
|
+
const SSL_HANDSHAKE *hs, ssl_client_hello_type_t type) {
|
|
1962
|
+
const SSL *const ssl = hs->ssl;
|
|
1963
|
+
if (!should_offer_psk(hs, type)) {
|
|
1939
1964
|
return 0;
|
|
1940
1965
|
}
|
|
1941
1966
|
|
|
@@ -1943,19 +1968,12 @@ static size_t ext_pre_shared_key_clienthello_length(SSL_HANDSHAKE *hs) {
|
|
|
1943
1968
|
return 15 + ssl->session->ticket.size() + binder_len;
|
|
1944
1969
|
}
|
|
1945
1970
|
|
|
1946
|
-
static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs,
|
|
1947
|
-
|
|
1948
|
-
|
|
1949
|
-
|
|
1950
|
-
|
|
1951
|
-
|
|
1952
|
-
}
|
|
1953
|
-
|
|
1954
|
-
// Per RFC 8446 section 4.1.4, skip offering the session if the selected
|
|
1955
|
-
// cipher in HelloRetryRequest does not match. This avoids performing the
|
|
1956
|
-
// transcript hash transformation for multiple hashes.
|
|
1957
|
-
if (ssl->s3 && ssl->s3->used_hello_retry_request &&
|
|
1958
|
-
ssl->session->cipher->algorithm_prf != hs->new_cipher->algorithm_prf) {
|
|
1971
|
+
static bool ext_pre_shared_key_add_clienthello(const SSL_HANDSHAKE *hs,
|
|
1972
|
+
CBB *out, bool *out_needs_binder,
|
|
1973
|
+
ssl_client_hello_type_t type) {
|
|
1974
|
+
const SSL *const ssl = hs->ssl;
|
|
1975
|
+
*out_needs_binder = false;
|
|
1976
|
+
if (!should_offer_psk(hs, type)) {
|
|
1959
1977
|
return true;
|
|
1960
1978
|
}
|
|
1961
1979
|
|
|
@@ -1966,7 +1984,6 @@ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1966
1984
|
|
|
1967
1985
|
// Fill in a placeholder zero binder of the appropriate length. It will be
|
|
1968
1986
|
// computed and filled in later after length prefixes are computed.
|
|
1969
|
-
uint8_t zero_binder[EVP_MAX_MD_SIZE] = {0};
|
|
1970
1987
|
size_t binder_len = EVP_MD_size(ssl_session_get_digest(ssl->session.get()));
|
|
1971
1988
|
|
|
1972
1989
|
CBB contents, identity, ticket, binders, binder;
|
|
@@ -1979,11 +1996,11 @@ static bool ext_pre_shared_key_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
1979
1996
|
!CBB_add_u32(&identity, obfuscated_ticket_age) ||
|
|
1980
1997
|
!CBB_add_u16_length_prefixed(&contents, &binders) ||
|
|
1981
1998
|
!CBB_add_u8_length_prefixed(&binders, &binder) ||
|
|
1982
|
-
!
|
|
1999
|
+
!CBB_add_zeros(&binder, binder_len)) {
|
|
1983
2000
|
return false;
|
|
1984
2001
|
}
|
|
1985
2002
|
|
|
1986
|
-
|
|
2003
|
+
*out_needs_binder = true;
|
|
1987
2004
|
return CBB_flush(out);
|
|
1988
2005
|
}
|
|
1989
2006
|
|
|
@@ -2096,21 +2113,22 @@ bool ssl_ext_pre_shared_key_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2096
2113
|
//
|
|
2097
2114
|
// https://tools.ietf.org/html/rfc8446#section-4.2.9
|
|
2098
2115
|
|
|
2099
|
-
static bool ext_psk_key_exchange_modes_add_clienthello(
|
|
2100
|
-
|
|
2116
|
+
static bool ext_psk_key_exchange_modes_add_clienthello(
|
|
2117
|
+
const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
|
|
2118
|
+
ssl_client_hello_type_t type) {
|
|
2101
2119
|
if (hs->max_version < TLS1_3_VERSION) {
|
|
2102
2120
|
return true;
|
|
2103
2121
|
}
|
|
2104
2122
|
|
|
2105
2123
|
CBB contents, ke_modes;
|
|
2106
|
-
if (!CBB_add_u16(
|
|
2107
|
-
!CBB_add_u16_length_prefixed(
|
|
2124
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_psk_key_exchange_modes) ||
|
|
2125
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
2108
2126
|
!CBB_add_u8_length_prefixed(&contents, &ke_modes) ||
|
|
2109
2127
|
!CBB_add_u8(&ke_modes, SSL_PSK_DHE_KE)) {
|
|
2110
2128
|
return false;
|
|
2111
2129
|
}
|
|
2112
2130
|
|
|
2113
|
-
return CBB_flush(
|
|
2131
|
+
return CBB_flush(out_compressible);
|
|
2114
2132
|
}
|
|
2115
2133
|
|
|
2116
2134
|
static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
@@ -2140,23 +2158,10 @@ static bool ext_psk_key_exchange_modes_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2140
2158
|
//
|
|
2141
2159
|
// https://tools.ietf.org/html/rfc8446#section-4.2.10
|
|
2142
2160
|
|
|
2143
|
-
|
|
2144
|
-
|
|
2145
|
-
|
|
2146
|
-
|
|
2147
|
-
const SSL_HANDSHAKE *hs, Span<const uint8_t> *out_settings,
|
|
2148
|
-
Span<const uint8_t> protocol) {
|
|
2149
|
-
for (const ALPSConfig &config : hs->config->alps_configs) {
|
|
2150
|
-
if (protocol == config.protocol) {
|
|
2151
|
-
*out_settings = config.settings;
|
|
2152
|
-
return true;
|
|
2153
|
-
}
|
|
2154
|
-
}
|
|
2155
|
-
return false;
|
|
2156
|
-
}
|
|
2157
|
-
|
|
2158
|
-
static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2159
|
-
SSL *const ssl = hs->ssl;
|
|
2161
|
+
static bool ext_early_data_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
2162
|
+
CBB *out_compressible,
|
|
2163
|
+
ssl_client_hello_type_t type) {
|
|
2164
|
+
const SSL *const ssl = hs->ssl;
|
|
2160
2165
|
// The second ClientHello never offers early data, and we must have already
|
|
2161
2166
|
// filled in |early_data_reason| by this point.
|
|
2162
2167
|
if (ssl->s3->used_hello_retry_request) {
|
|
@@ -2164,56 +2169,17 @@ static bool ext_early_data_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2164
2169
|
return true;
|
|
2165
2170
|
}
|
|
2166
2171
|
|
|
2167
|
-
if (!
|
|
2168
|
-
ssl->s3->early_data_reason = ssl_early_data_disabled;
|
|
2169
|
-
return true;
|
|
2170
|
-
}
|
|
2171
|
-
|
|
2172
|
-
if (hs->max_version < TLS1_3_VERSION) {
|
|
2173
|
-
// We discard inapplicable sessions, so this is redundant with the session
|
|
2174
|
-
// checks below, but we check give a more useful reason.
|
|
2175
|
-
ssl->s3->early_data_reason = ssl_early_data_protocol_version;
|
|
2172
|
+
if (!hs->early_data_offered) {
|
|
2176
2173
|
return true;
|
|
2177
2174
|
}
|
|
2178
2175
|
|
|
2179
|
-
|
|
2180
|
-
|
|
2181
|
-
|
|
2182
|
-
|
|
2183
|
-
|
|
2184
|
-
|
|
2185
|
-
|
|
2186
|
-
ssl->s3->early_data_reason = ssl_early_data_unsupported_for_session;
|
|
2187
|
-
return true;
|
|
2188
|
-
}
|
|
2189
|
-
|
|
2190
|
-
if (!ssl->session->early_alpn.empty()) {
|
|
2191
|
-
if (!ssl_is_alpn_protocol_allowed(hs, ssl->session->early_alpn)) {
|
|
2192
|
-
// Avoid reporting a confusing value in |SSL_get0_alpn_selected|.
|
|
2193
|
-
ssl->s3->early_data_reason = ssl_early_data_alpn_mismatch;
|
|
2194
|
-
return true;
|
|
2195
|
-
}
|
|
2196
|
-
|
|
2197
|
-
// If the previous connection negotiated ALPS, only offer 0-RTT when the
|
|
2198
|
-
// local are settings are consistent with what we'd offer for this
|
|
2199
|
-
// connection.
|
|
2200
|
-
if (ssl->session->has_application_settings) {
|
|
2201
|
-
Span<const uint8_t> settings;
|
|
2202
|
-
if (!ssl_get_local_application_settings(hs, &settings,
|
|
2203
|
-
ssl->session->early_alpn) ||
|
|
2204
|
-
settings != ssl->session->local_application_settings) {
|
|
2205
|
-
ssl->s3->early_data_reason = ssl_early_data_alps_mismatch;
|
|
2206
|
-
return true;
|
|
2207
|
-
}
|
|
2208
|
-
}
|
|
2209
|
-
}
|
|
2210
|
-
|
|
2211
|
-
// |early_data_reason| will be filled in later when the server responds.
|
|
2212
|
-
hs->early_data_offered = true;
|
|
2213
|
-
|
|
2214
|
-
if (!CBB_add_u16(out, TLSEXT_TYPE_early_data) ||
|
|
2215
|
-
!CBB_add_u16(out, 0) ||
|
|
2216
|
-
!CBB_flush(out)) {
|
|
2176
|
+
// If offering ECH, the extension only applies to ClientHelloInner, but we
|
|
2177
|
+
// send the extension in both ClientHellos. This ensures that, if the server
|
|
2178
|
+
// handshakes with ClientHelloOuter, it can skip past early data. See
|
|
2179
|
+
// draft-ietf-tls-esni-13, section 6.1.
|
|
2180
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_early_data) ||
|
|
2181
|
+
!CBB_add_u16(out_compressible, 0) ||
|
|
2182
|
+
!CBB_flush(out_compressible)) {
|
|
2217
2183
|
return false;
|
|
2218
2184
|
}
|
|
2219
2185
|
|
|
@@ -2294,43 +2260,33 @@ static bool ext_early_data_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2294
2260
|
//
|
|
2295
2261
|
// https://tools.ietf.org/html/rfc8446#section-4.2.8
|
|
2296
2262
|
|
|
2297
|
-
|
|
2263
|
+
bool ssl_setup_key_shares(SSL_HANDSHAKE *hs, uint16_t override_group_id) {
|
|
2298
2264
|
SSL *const ssl = hs->ssl;
|
|
2265
|
+
hs->key_shares[0].reset();
|
|
2266
|
+
hs->key_shares[1].reset();
|
|
2267
|
+
hs->key_share_bytes.Reset();
|
|
2268
|
+
|
|
2299
2269
|
if (hs->max_version < TLS1_3_VERSION) {
|
|
2300
2270
|
return true;
|
|
2301
2271
|
}
|
|
2302
2272
|
|
|
2303
|
-
|
|
2304
|
-
if (!
|
|
2305
|
-
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2306
|
-
!CBB_add_u16_length_prefixed(&contents, &kse_bytes)) {
|
|
2273
|
+
bssl::ScopedCBB cbb;
|
|
2274
|
+
if (!CBB_init(cbb.get(), 64)) {
|
|
2307
2275
|
return false;
|
|
2308
2276
|
}
|
|
2309
2277
|
|
|
2310
|
-
|
|
2311
|
-
|
|
2312
|
-
|
|
2313
|
-
|
|
2314
|
-
|
|
2315
|
-
if (group_id == 0 &&
|
|
2316
|
-
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
|
|
2317
|
-
hs->key_share_bytes.size())) {
|
|
2318
|
-
return false;
|
|
2319
|
-
}
|
|
2320
|
-
hs->key_share_bytes.Reset();
|
|
2321
|
-
if (group_id == 0) {
|
|
2322
|
-
return CBB_flush(out);
|
|
2323
|
-
}
|
|
2324
|
-
} else {
|
|
2325
|
-
// Add a fake group. See draft-davidben-tls-grease-01.
|
|
2326
|
-
if (ssl->ctx->grease_enabled &&
|
|
2327
|
-
(!CBB_add_u16(&kse_bytes,
|
|
2328
|
-
ssl_get_grease_value(hs, ssl_grease_group)) ||
|
|
2329
|
-
!CBB_add_u16(&kse_bytes, 1 /* length */) ||
|
|
2330
|
-
!CBB_add_u8(&kse_bytes, 0 /* one byte key share */))) {
|
|
2278
|
+
if (override_group_id == 0 && ssl->ctx->grease_enabled) {
|
|
2279
|
+
// Add a fake group. See RFC 8701.
|
|
2280
|
+
if (!CBB_add_u16(cbb.get(), ssl_get_grease_value(hs, ssl_grease_group)) ||
|
|
2281
|
+
!CBB_add_u16(cbb.get(), 1 /* length */) ||
|
|
2282
|
+
!CBB_add_u8(cbb.get(), 0 /* one byte key share */)) {
|
|
2331
2283
|
return false;
|
|
2332
2284
|
}
|
|
2285
|
+
}
|
|
2333
2286
|
|
|
2287
|
+
uint16_t group_id = override_group_id;
|
|
2288
|
+
uint16_t second_group_id = 0;
|
|
2289
|
+
if (override_group_id == 0) {
|
|
2334
2290
|
// Predict the most preferred group.
|
|
2335
2291
|
Span<const uint16_t> groups = tls1_get_grouplist(hs);
|
|
2336
2292
|
if (groups.empty()) {
|
|
@@ -2350,34 +2306,45 @@ static bool ext_key_share_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2350
2306
|
|
|
2351
2307
|
CBB key_exchange;
|
|
2352
2308
|
hs->key_shares[0] = SSLKeyShare::Create(group_id);
|
|
2353
|
-
if (!hs->key_shares[0] ||
|
|
2354
|
-
!CBB_add_u16(
|
|
2355
|
-
!CBB_add_u16_length_prefixed(
|
|
2356
|
-
!hs->key_shares[0]->Offer(&key_exchange)
|
|
2357
|
-
!CBB_flush(&kse_bytes)) {
|
|
2309
|
+
if (!hs->key_shares[0] || //
|
|
2310
|
+
!CBB_add_u16(cbb.get(), group_id) ||
|
|
2311
|
+
!CBB_add_u16_length_prefixed(cbb.get(), &key_exchange) ||
|
|
2312
|
+
!hs->key_shares[0]->Offer(&key_exchange)) {
|
|
2358
2313
|
return false;
|
|
2359
2314
|
}
|
|
2360
2315
|
|
|
2361
2316
|
if (second_group_id != 0) {
|
|
2362
2317
|
hs->key_shares[1] = SSLKeyShare::Create(second_group_id);
|
|
2363
|
-
if (!hs->key_shares[1] ||
|
|
2364
|
-
!CBB_add_u16(
|
|
2365
|
-
!CBB_add_u16_length_prefixed(
|
|
2366
|
-
!hs->key_shares[1]->Offer(&key_exchange)
|
|
2367
|
-
!CBB_flush(&kse_bytes)) {
|
|
2318
|
+
if (!hs->key_shares[1] || //
|
|
2319
|
+
!CBB_add_u16(cbb.get(), second_group_id) ||
|
|
2320
|
+
!CBB_add_u16_length_prefixed(cbb.get(), &key_exchange) ||
|
|
2321
|
+
!hs->key_shares[1]->Offer(&key_exchange)) {
|
|
2368
2322
|
return false;
|
|
2369
2323
|
}
|
|
2370
2324
|
}
|
|
2371
2325
|
|
|
2372
|
-
|
|
2373
|
-
|
|
2374
|
-
|
|
2375
|
-
|
|
2376
|
-
|
|
2326
|
+
return CBBFinishArray(cbb.get(), &hs->key_share_bytes);
|
|
2327
|
+
}
|
|
2328
|
+
|
|
2329
|
+
static bool ext_key_share_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
2330
|
+
CBB *out_compressible,
|
|
2331
|
+
ssl_client_hello_type_t type) {
|
|
2332
|
+
if (hs->max_version < TLS1_3_VERSION) {
|
|
2333
|
+
return true;
|
|
2334
|
+
}
|
|
2335
|
+
|
|
2336
|
+
assert(!hs->key_share_bytes.empty());
|
|
2337
|
+
CBB contents, kse_bytes;
|
|
2338
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_key_share) ||
|
|
2339
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
2340
|
+
!CBB_add_u16_length_prefixed(&contents, &kse_bytes) ||
|
|
2341
|
+
!CBB_add_bytes(&kse_bytes, hs->key_share_bytes.data(),
|
|
2342
|
+
hs->key_share_bytes.size()) ||
|
|
2343
|
+
!CBB_flush(out_compressible)) {
|
|
2377
2344
|
return false;
|
|
2378
2345
|
}
|
|
2379
2346
|
|
|
2380
|
-
return
|
|
2347
|
+
return true;
|
|
2381
2348
|
}
|
|
2382
2349
|
|
|
2383
2350
|
bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
@@ -2415,25 +2382,29 @@ bool ssl_ext_key_share_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
|
2415
2382
|
}
|
|
2416
2383
|
|
|
2417
2384
|
bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
2418
|
-
|
|
2419
|
-
uint8_t *out_alert,
|
|
2420
|
-
|
|
2421
|
-
|
|
2422
|
-
|
|
2423
|
-
|
|
2424
|
-
|
|
2385
|
+
Span<const uint8_t> *out_peer_key,
|
|
2386
|
+
uint8_t *out_alert,
|
|
2387
|
+
const SSL_CLIENT_HELLO *client_hello) {
|
|
2388
|
+
// We only support connections that include an ECDHE key exchange.
|
|
2389
|
+
CBS contents;
|
|
2390
|
+
if (!ssl_client_hello_get_extension(client_hello, &contents,
|
|
2391
|
+
TLSEXT_TYPE_key_share)) {
|
|
2392
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_MISSING_KEY_SHARE);
|
|
2393
|
+
*out_alert = SSL_AD_MISSING_EXTENSION;
|
|
2425
2394
|
return false;
|
|
2426
2395
|
}
|
|
2427
2396
|
|
|
2428
|
-
|
|
2429
|
-
|
|
2397
|
+
CBS key_shares;
|
|
2398
|
+
if (!CBS_get_u16_length_prefixed(&contents, &key_shares) ||
|
|
2399
|
+
CBS_len(&contents) != 0) {
|
|
2430
2400
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
2431
2401
|
return false;
|
|
2432
2402
|
}
|
|
2433
2403
|
|
|
2434
2404
|
// Find the corresponding key share.
|
|
2405
|
+
const uint16_t group_id = hs->new_session->group_id;
|
|
2435
2406
|
CBS peer_key;
|
|
2436
|
-
CBS_init(&peer_key,
|
|
2407
|
+
CBS_init(&peer_key, nullptr, 0);
|
|
2437
2408
|
while (CBS_len(&key_shares) > 0) {
|
|
2438
2409
|
uint16_t id;
|
|
2439
2410
|
CBS peer_key_tmp;
|
|
@@ -2456,47 +2427,24 @@ bool ssl_ext_key_share_parse_clienthello(SSL_HANDSHAKE *hs, bool *out_found,
|
|
|
2456
2427
|
}
|
|
2457
2428
|
}
|
|
2458
2429
|
|
|
2459
|
-
if (
|
|
2460
|
-
*
|
|
2461
|
-
out_secret->Reset();
|
|
2462
|
-
return true;
|
|
2463
|
-
}
|
|
2464
|
-
|
|
2465
|
-
// Compute the DH secret.
|
|
2466
|
-
Array<uint8_t> secret;
|
|
2467
|
-
ScopedCBB public_key;
|
|
2468
|
-
UniquePtr<SSLKeyShare> key_share = SSLKeyShare::Create(group_id);
|
|
2469
|
-
if (!key_share ||
|
|
2470
|
-
!CBB_init(public_key.get(), 32) ||
|
|
2471
|
-
!key_share->Accept(public_key.get(), &secret, out_alert, peer_key) ||
|
|
2472
|
-
!CBBFinishArray(public_key.get(), &hs->ecdh_public_key)) {
|
|
2473
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2474
|
-
return false;
|
|
2430
|
+
if (out_peer_key != nullptr) {
|
|
2431
|
+
*out_peer_key = peer_key;
|
|
2475
2432
|
}
|
|
2476
|
-
|
|
2477
|
-
*out_secret = std::move(secret);
|
|
2478
|
-
*out_found = true;
|
|
2433
|
+
*out_found = CBS_len(&peer_key) != 0;
|
|
2479
2434
|
return true;
|
|
2480
2435
|
}
|
|
2481
2436
|
|
|
2482
|
-
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out
|
|
2483
|
-
bool dry_run) {
|
|
2484
|
-
uint16_t group_id;
|
|
2437
|
+
bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2485
2438
|
CBB kse_bytes, public_key;
|
|
2486
|
-
if (!
|
|
2487
|
-
!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
|
2439
|
+
if (!CBB_add_u16(out, TLSEXT_TYPE_key_share) ||
|
|
2488
2440
|
!CBB_add_u16_length_prefixed(out, &kse_bytes) ||
|
|
2489
|
-
!CBB_add_u16(&kse_bytes, group_id) ||
|
|
2441
|
+
!CBB_add_u16(&kse_bytes, hs->new_session->group_id) ||
|
|
2490
2442
|
!CBB_add_u16_length_prefixed(&kse_bytes, &public_key) ||
|
|
2491
2443
|
!CBB_add_bytes(&public_key, hs->ecdh_public_key.data(),
|
|
2492
2444
|
hs->ecdh_public_key.size()) ||
|
|
2493
2445
|
!CBB_flush(out)) {
|
|
2494
2446
|
return false;
|
|
2495
2447
|
}
|
|
2496
|
-
if (!dry_run) {
|
|
2497
|
-
hs->ecdh_public_key.Reset();
|
|
2498
|
-
hs->new_session->group_id = group_id;
|
|
2499
|
-
}
|
|
2500
2448
|
return true;
|
|
2501
2449
|
}
|
|
2502
2450
|
|
|
@@ -2505,12 +2453,20 @@ bool ssl_ext_key_share_add_serverhello(SSL_HANDSHAKE *hs, CBB *out,
|
|
|
2505
2453
|
//
|
|
2506
2454
|
// https://tools.ietf.org/html/rfc8446#section-4.2.1
|
|
2507
2455
|
|
|
2508
|
-
static bool ext_supported_versions_add_clienthello(
|
|
2509
|
-
|
|
2456
|
+
static bool ext_supported_versions_add_clienthello(
|
|
2457
|
+
const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
|
|
2458
|
+
ssl_client_hello_type_t type) {
|
|
2459
|
+
const SSL *const ssl = hs->ssl;
|
|
2510
2460
|
if (hs->max_version <= TLS1_2_VERSION) {
|
|
2511
2461
|
return true;
|
|
2512
2462
|
}
|
|
2513
2463
|
|
|
2464
|
+
// supported_versions is compressible in ECH if ClientHelloOuter already
|
|
2465
|
+
// requires TLS 1.3. Otherwise the extensions differ in the older versions.
|
|
2466
|
+
if (hs->min_version >= TLS1_3_VERSION) {
|
|
2467
|
+
out = out_compressible;
|
|
2468
|
+
}
|
|
2469
|
+
|
|
2514
2470
|
CBB contents, versions;
|
|
2515
2471
|
if (!CBB_add_u16(out, TLSEXT_TYPE_supported_versions) ||
|
|
2516
2472
|
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
@@ -2518,13 +2474,16 @@ static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out)
|
|
|
2518
2474
|
return false;
|
|
2519
2475
|
}
|
|
2520
2476
|
|
|
2521
|
-
// Add a fake version. See
|
|
2477
|
+
// Add a fake version. See RFC 8701.
|
|
2522
2478
|
if (ssl->ctx->grease_enabled &&
|
|
2523
2479
|
!CBB_add_u16(&versions, ssl_get_grease_value(hs, ssl_grease_version))) {
|
|
2524
2480
|
return false;
|
|
2525
2481
|
}
|
|
2526
2482
|
|
|
2527
|
-
|
|
2483
|
+
// Encrypted ClientHellos requires TLS 1.3 or later.
|
|
2484
|
+
uint16_t extra_min_version =
|
|
2485
|
+
type == ssl_client_hello_inner ? TLS1_3_VERSION : 0;
|
|
2486
|
+
if (!ssl_add_supported_versions(hs, &versions, extra_min_version) ||
|
|
2528
2487
|
!CBB_flush(out)) {
|
|
2529
2488
|
return false;
|
|
2530
2489
|
}
|
|
@@ -2537,22 +2496,22 @@ static bool ext_supported_versions_add_clienthello(SSL_HANDSHAKE *hs, CBB *out)
|
|
|
2537
2496
|
//
|
|
2538
2497
|
// https://tools.ietf.org/html/rfc8446#section-4.2.2
|
|
2539
2498
|
|
|
2540
|
-
static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
2499
|
+
static bool ext_cookie_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
2500
|
+
CBB *out_compressible,
|
|
2501
|
+
ssl_client_hello_type_t type) {
|
|
2541
2502
|
if (hs->cookie.empty()) {
|
|
2542
2503
|
return true;
|
|
2543
2504
|
}
|
|
2544
2505
|
|
|
2545
2506
|
CBB contents, cookie;
|
|
2546
|
-
if (!CBB_add_u16(
|
|
2547
|
-
!CBB_add_u16_length_prefixed(
|
|
2507
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_cookie) ||
|
|
2508
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
2548
2509
|
!CBB_add_u16_length_prefixed(&contents, &cookie) ||
|
|
2549
2510
|
!CBB_add_bytes(&cookie, hs->cookie.data(), hs->cookie.size()) ||
|
|
2550
|
-
!CBB_flush(
|
|
2511
|
+
!CBB_flush(out_compressible)) {
|
|
2551
2512
|
return false;
|
|
2552
2513
|
}
|
|
2553
2514
|
|
|
2554
|
-
// The cookie is no longer needed in memory.
|
|
2555
|
-
hs->cookie.Reset();
|
|
2556
2515
|
return true;
|
|
2557
2516
|
}
|
|
2558
2517
|
|
|
@@ -2562,16 +2521,19 @@ static bool ext_cookie_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2562
2521
|
// https://tools.ietf.org/html/rfc4492#section-5.1.1
|
|
2563
2522
|
// https://tools.ietf.org/html/rfc8446#section-4.2.7
|
|
2564
2523
|
|
|
2565
|
-
static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs,
|
|
2566
|
-
|
|
2524
|
+
static bool ext_supported_groups_add_clienthello(const SSL_HANDSHAKE *hs,
|
|
2525
|
+
CBB *out,
|
|
2526
|
+
CBB *out_compressible,
|
|
2527
|
+
ssl_client_hello_type_t type) {
|
|
2528
|
+
const SSL *const ssl = hs->ssl;
|
|
2567
2529
|
CBB contents, groups_bytes;
|
|
2568
|
-
if (!CBB_add_u16(
|
|
2569
|
-
!CBB_add_u16_length_prefixed(
|
|
2530
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_supported_groups) ||
|
|
2531
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
2570
2532
|
!CBB_add_u16_length_prefixed(&contents, &groups_bytes)) {
|
|
2571
2533
|
return false;
|
|
2572
2534
|
}
|
|
2573
2535
|
|
|
2574
|
-
// Add a fake group. See
|
|
2536
|
+
// Add a fake group. See RFC 8701.
|
|
2575
2537
|
if (ssl->ctx->grease_enabled &&
|
|
2576
2538
|
!CBB_add_u16(&groups_bytes,
|
|
2577
2539
|
ssl_get_grease_value(hs, ssl_grease_group))) {
|
|
@@ -2588,7 +2550,7 @@ static bool ext_supported_groups_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
2588
2550
|
}
|
|
2589
2551
|
}
|
|
2590
2552
|
|
|
2591
|
-
return CBB_flush(
|
|
2553
|
+
return CBB_flush(out_compressible);
|
|
2592
2554
|
}
|
|
2593
2555
|
|
|
2594
2556
|
static bool ext_supported_groups_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
@@ -2640,158 +2602,11 @@ static bool ext_supported_groups_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
2640
2602
|
return true;
|
|
2641
2603
|
}
|
|
2642
2604
|
|
|
2643
|
-
// Token Binding
|
|
2644
|
-
//
|
|
2645
|
-
// https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-10
|
|
2646
|
-
|
|
2647
|
-
// The Token Binding version number currently matches the draft number of
|
|
2648
|
-
// draft-ietf-tokbind-protocol, and when published as an RFC it will be 0x0100.
|
|
2649
|
-
// Since there are no wire changes to the protocol from draft 13 through the
|
|
2650
|
-
// current draft (16), this implementation supports all versions in that range.
|
|
2651
|
-
static uint16_t kTokenBindingMaxVersion = 16;
|
|
2652
|
-
static uint16_t kTokenBindingMinVersion = 13;
|
|
2653
|
-
|
|
2654
|
-
static bool ext_token_binding_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2655
|
-
SSL *const ssl = hs->ssl;
|
|
2656
|
-
if (hs->config->token_binding_params.empty() || SSL_is_dtls(ssl)) {
|
|
2657
|
-
return true;
|
|
2658
|
-
}
|
|
2659
|
-
|
|
2660
|
-
CBB contents, params;
|
|
2661
|
-
if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
|
|
2662
|
-
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2663
|
-
!CBB_add_u16(&contents, kTokenBindingMaxVersion) ||
|
|
2664
|
-
!CBB_add_u8_length_prefixed(&contents, ¶ms) ||
|
|
2665
|
-
!CBB_add_bytes(¶ms, hs->config->token_binding_params.data(),
|
|
2666
|
-
hs->config->token_binding_params.size()) ||
|
|
2667
|
-
!CBB_flush(out)) {
|
|
2668
|
-
return false;
|
|
2669
|
-
}
|
|
2670
|
-
|
|
2671
|
-
return true;
|
|
2672
|
-
}
|
|
2673
|
-
|
|
2674
|
-
static bool ext_token_binding_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
2675
|
-
uint8_t *out_alert,
|
|
2676
|
-
CBS *contents) {
|
|
2677
|
-
SSL *const ssl = hs->ssl;
|
|
2678
|
-
if (contents == nullptr) {
|
|
2679
|
-
return true;
|
|
2680
|
-
}
|
|
2681
|
-
|
|
2682
|
-
CBS params_list;
|
|
2683
|
-
uint16_t version;
|
|
2684
|
-
uint8_t param;
|
|
2685
|
-
if (!CBS_get_u16(contents, &version) ||
|
|
2686
|
-
!CBS_get_u8_length_prefixed(contents, ¶ms_list) ||
|
|
2687
|
-
!CBS_get_u8(¶ms_list, ¶m) ||
|
|
2688
|
-
CBS_len(¶ms_list) > 0 ||
|
|
2689
|
-
CBS_len(contents) > 0) {
|
|
2690
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
2691
|
-
return false;
|
|
2692
|
-
}
|
|
2693
|
-
|
|
2694
|
-
// The server-negotiated version must be less than or equal to our version.
|
|
2695
|
-
if (version > kTokenBindingMaxVersion) {
|
|
2696
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2697
|
-
return false;
|
|
2698
|
-
}
|
|
2699
|
-
|
|
2700
|
-
// If the server-selected version is less than what we support, then Token
|
|
2701
|
-
// Binding wasn't negotiated (but the extension was parsed successfully).
|
|
2702
|
-
if (version < kTokenBindingMinVersion) {
|
|
2703
|
-
return true;
|
|
2704
|
-
}
|
|
2705
|
-
|
|
2706
|
-
for (uint8_t config_param : hs->config->token_binding_params) {
|
|
2707
|
-
if (param == config_param) {
|
|
2708
|
-
ssl->s3->negotiated_token_binding_param = param;
|
|
2709
|
-
ssl->s3->token_binding_negotiated = true;
|
|
2710
|
-
return true;
|
|
2711
|
-
}
|
|
2712
|
-
}
|
|
2713
|
-
|
|
2714
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
2715
|
-
return false;
|
|
2716
|
-
}
|
|
2717
|
-
|
|
2718
|
-
// select_tb_param looks for the first token binding param in
|
|
2719
|
-
// |hs->ssl->token_binding_params| that is also in |params| and puts it in
|
|
2720
|
-
// |hs->ssl->negotiated_token_binding_param|. It returns true if a token binding
|
|
2721
|
-
// param is found, and false otherwise.
|
|
2722
|
-
static bool select_tb_param(SSL_HANDSHAKE *hs,
|
|
2723
|
-
Span<const uint8_t> peer_params) {
|
|
2724
|
-
for (uint8_t tb_param : hs->config->token_binding_params) {
|
|
2725
|
-
for (uint8_t peer_param : peer_params) {
|
|
2726
|
-
if (tb_param == peer_param) {
|
|
2727
|
-
hs->ssl->s3->negotiated_token_binding_param = tb_param;
|
|
2728
|
-
return true;
|
|
2729
|
-
}
|
|
2730
|
-
}
|
|
2731
|
-
}
|
|
2732
|
-
return false;
|
|
2733
|
-
}
|
|
2734
|
-
|
|
2735
|
-
static bool ext_token_binding_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
2736
|
-
uint8_t *out_alert,
|
|
2737
|
-
CBS *contents) {
|
|
2738
|
-
SSL *const ssl = hs->ssl;
|
|
2739
|
-
if (contents == nullptr || hs->config->token_binding_params.empty()) {
|
|
2740
|
-
return true;
|
|
2741
|
-
}
|
|
2742
|
-
|
|
2743
|
-
CBS params;
|
|
2744
|
-
uint16_t version;
|
|
2745
|
-
if (!CBS_get_u16(contents, &version) ||
|
|
2746
|
-
!CBS_get_u8_length_prefixed(contents, ¶ms) ||
|
|
2747
|
-
CBS_len(¶ms) == 0 ||
|
|
2748
|
-
CBS_len(contents) > 0) {
|
|
2749
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
2750
|
-
return false;
|
|
2751
|
-
}
|
|
2752
|
-
|
|
2753
|
-
// If the client-selected version is less than what we support, then Token
|
|
2754
|
-
// Binding wasn't negotiated (but the extension was parsed successfully).
|
|
2755
|
-
if (version < kTokenBindingMinVersion) {
|
|
2756
|
-
return true;
|
|
2757
|
-
}
|
|
2758
|
-
|
|
2759
|
-
// If the client-selected version is higher than we support, use our max
|
|
2760
|
-
// version. Otherwise, use the client's version.
|
|
2761
|
-
hs->negotiated_token_binding_version =
|
|
2762
|
-
std::min(version, kTokenBindingMaxVersion);
|
|
2763
|
-
if (!select_tb_param(hs, params)) {
|
|
2764
|
-
return true;
|
|
2765
|
-
}
|
|
2766
|
-
|
|
2767
|
-
ssl->s3->token_binding_negotiated = true;
|
|
2768
|
-
return true;
|
|
2769
|
-
}
|
|
2770
|
-
|
|
2771
|
-
static bool ext_token_binding_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
2772
|
-
SSL *const ssl = hs->ssl;
|
|
2773
|
-
|
|
2774
|
-
if (!ssl->s3->token_binding_negotiated) {
|
|
2775
|
-
return true;
|
|
2776
|
-
}
|
|
2777
|
-
|
|
2778
|
-
CBB contents, params;
|
|
2779
|
-
if (!CBB_add_u16(out, TLSEXT_TYPE_token_binding) ||
|
|
2780
|
-
!CBB_add_u16_length_prefixed(out, &contents) ||
|
|
2781
|
-
!CBB_add_u16(&contents, hs->negotiated_token_binding_version) ||
|
|
2782
|
-
!CBB_add_u8_length_prefixed(&contents, ¶ms) ||
|
|
2783
|
-
!CBB_add_u8(¶ms, ssl->s3->negotiated_token_binding_param) ||
|
|
2784
|
-
!CBB_flush(out)) {
|
|
2785
|
-
return false;
|
|
2786
|
-
}
|
|
2787
|
-
|
|
2788
|
-
return true;
|
|
2789
|
-
}
|
|
2790
2605
|
|
|
2791
2606
|
// QUIC Transport Parameters
|
|
2792
2607
|
|
|
2793
2608
|
static bool ext_quic_transport_params_add_clienthello_impl(
|
|
2794
|
-
SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
|
2609
|
+
const SSL_HANDSHAKE *hs, CBB *out, bool use_legacy_codepoint) {
|
|
2795
2610
|
if (hs->config->quic_transport_params.empty() && !hs->ssl->quic_method) {
|
|
2796
2611
|
return true;
|
|
2797
2612
|
}
|
|
@@ -2808,7 +2623,7 @@ static bool ext_quic_transport_params_add_clienthello_impl(
|
|
|
2808
2623
|
return true;
|
|
2809
2624
|
}
|
|
2810
2625
|
|
|
2811
|
-
uint16_t extension_type =
|
|
2626
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
|
|
2812
2627
|
if (hs->config->quic_use_legacy_codepoint) {
|
|
2813
2628
|
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
|
2814
2629
|
}
|
|
@@ -2824,16 +2639,18 @@ static bool ext_quic_transport_params_add_clienthello_impl(
|
|
|
2824
2639
|
return true;
|
|
2825
2640
|
}
|
|
2826
2641
|
|
|
2827
|
-
static bool ext_quic_transport_params_add_clienthello(
|
|
2828
|
-
|
|
2642
|
+
static bool ext_quic_transport_params_add_clienthello(
|
|
2643
|
+
const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
|
|
2644
|
+
ssl_client_hello_type_t type) {
|
|
2829
2645
|
return ext_quic_transport_params_add_clienthello_impl(
|
|
2830
|
-
hs,
|
|
2646
|
+
hs, out_compressible, /*use_legacy_codepoint=*/false);
|
|
2831
2647
|
}
|
|
2832
2648
|
|
|
2833
|
-
static bool ext_quic_transport_params_add_clienthello_legacy(
|
|
2834
|
-
|
|
2649
|
+
static bool ext_quic_transport_params_add_clienthello_legacy(
|
|
2650
|
+
const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
|
|
2651
|
+
ssl_client_hello_type_t type) {
|
|
2835
2652
|
return ext_quic_transport_params_add_clienthello_impl(
|
|
2836
|
-
hs,
|
|
2653
|
+
hs, out_compressible, /*use_legacy_codepoint=*/true);
|
|
2837
2654
|
}
|
|
2838
2655
|
|
|
2839
2656
|
static bool ext_quic_transport_params_parse_serverhello_impl(
|
|
@@ -2944,7 +2761,7 @@ static bool ext_quic_transport_params_add_serverhello_impl(
|
|
|
2944
2761
|
return true;
|
|
2945
2762
|
}
|
|
2946
2763
|
|
|
2947
|
-
uint16_t extension_type =
|
|
2764
|
+
uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
|
|
2948
2765
|
if (hs->config->quic_use_legacy_codepoint) {
|
|
2949
2766
|
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
|
|
2950
2767
|
}
|
|
@@ -2977,8 +2794,9 @@ static bool ext_quic_transport_params_add_serverhello_legacy(SSL_HANDSHAKE *hs,
|
|
|
2977
2794
|
//
|
|
2978
2795
|
// https://tools.ietf.org/html/draft-ietf-tls-subcerts
|
|
2979
2796
|
|
|
2980
|
-
static bool ext_delegated_credential_add_clienthello(
|
|
2981
|
-
|
|
2797
|
+
static bool ext_delegated_credential_add_clienthello(
|
|
2798
|
+
const SSL_HANDSHAKE *hs, CBB *out, CBB *out_compressible,
|
|
2799
|
+
ssl_client_hello_type_t type) {
|
|
2982
2800
|
return true;
|
|
2983
2801
|
}
|
|
2984
2802
|
|
|
@@ -3007,7 +2825,9 @@ static bool ext_delegated_credential_parse_clienthello(SSL_HANDSHAKE *hs,
|
|
|
3007
2825
|
|
|
3008
2826
|
// Certificate compression
|
|
3009
2827
|
|
|
3010
|
-
static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out
|
|
2828
|
+
static bool cert_compression_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
2829
|
+
CBB *out_compressible,
|
|
2830
|
+
ssl_client_hello_type_t type) {
|
|
3011
2831
|
bool first = true;
|
|
3012
2832
|
CBB contents, algs;
|
|
3013
2833
|
|
|
@@ -3016,9 +2836,10 @@ static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
3016
2836
|
continue;
|
|
3017
2837
|
}
|
|
3018
2838
|
|
|
3019
|
-
if (first &&
|
|
3020
|
-
|
|
3021
|
-
|
|
2839
|
+
if (first &&
|
|
2840
|
+
(!CBB_add_u16(out_compressible, TLSEXT_TYPE_cert_compression) ||
|
|
2841
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
2842
|
+
!CBB_add_u8_length_prefixed(&contents, &algs))) {
|
|
3022
2843
|
return false;
|
|
3023
2844
|
}
|
|
3024
2845
|
first = false;
|
|
@@ -3027,7 +2848,7 @@ static bool cert_compression_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
3027
2848
|
}
|
|
3028
2849
|
}
|
|
3029
2850
|
|
|
3030
|
-
return first || CBB_flush(
|
|
2851
|
+
return first || CBB_flush(out_compressible);
|
|
3031
2852
|
}
|
|
3032
2853
|
|
|
3033
2854
|
static bool cert_compression_parse_serverhello(SSL_HANDSHAKE *hs,
|
|
@@ -3113,8 +2934,22 @@ static bool cert_compression_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
3113
2934
|
//
|
|
3114
2935
|
// https://tools.ietf.org/html/draft-vvv-tls-alps-01
|
|
3115
2936
|
|
|
3116
|
-
|
|
3117
|
-
|
|
2937
|
+
bool ssl_get_local_application_settings(const SSL_HANDSHAKE *hs,
|
|
2938
|
+
Span<const uint8_t> *out_settings,
|
|
2939
|
+
Span<const uint8_t> protocol) {
|
|
2940
|
+
for (const ALPSConfig &config : hs->config->alps_configs) {
|
|
2941
|
+
if (protocol == config.protocol) {
|
|
2942
|
+
*out_settings = config.settings;
|
|
2943
|
+
return true;
|
|
2944
|
+
}
|
|
2945
|
+
}
|
|
2946
|
+
return false;
|
|
2947
|
+
}
|
|
2948
|
+
|
|
2949
|
+
static bool ext_alps_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
|
|
2950
|
+
CBB *out_compressible,
|
|
2951
|
+
ssl_client_hello_type_t type) {
|
|
2952
|
+
const SSL *const ssl = hs->ssl;
|
|
3118
2953
|
if (// ALPS requires TLS 1.3.
|
|
3119
2954
|
hs->max_version < TLS1_3_VERSION ||
|
|
3120
2955
|
// Do not offer ALPS without ALPN.
|
|
@@ -3127,8 +2962,8 @@ static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
3127
2962
|
}
|
|
3128
2963
|
|
|
3129
2964
|
CBB contents, proto_list, proto;
|
|
3130
|
-
if (!CBB_add_u16(
|
|
3131
|
-
!CBB_add_u16_length_prefixed(
|
|
2965
|
+
if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_application_settings) ||
|
|
2966
|
+
!CBB_add_u16_length_prefixed(out_compressible, &contents) ||
|
|
3132
2967
|
!CBB_add_u16_length_prefixed(&contents, &proto_list)) {
|
|
3133
2968
|
return false;
|
|
3134
2969
|
}
|
|
@@ -3141,7 +2976,7 @@ static bool ext_alps_add_clienthello(SSL_HANDSHAKE *hs, CBB *out) {
|
|
|
3141
2976
|
}
|
|
3142
2977
|
}
|
|
3143
2978
|
|
|
3144
|
-
return CBB_flush(
|
|
2979
|
+
return CBB_flush(out_compressible);
|
|
3145
2980
|
}
|
|
3146
2981
|
|
|
3147
2982
|
static bool ext_alps_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
@@ -3252,7 +3087,6 @@ bool ssl_negotiate_alps(SSL_HANDSHAKE *hs, uint8_t *out_alert,
|
|
|
3252
3087
|
static const struct tls_extension kExtensions[] = {
|
|
3253
3088
|
{
|
|
3254
3089
|
TLSEXT_TYPE_server_name,
|
|
3255
|
-
NULL,
|
|
3256
3090
|
ext_sni_add_clienthello,
|
|
3257
3091
|
ext_sni_parse_serverhello,
|
|
3258
3092
|
ext_sni_parse_clienthello,
|
|
@@ -3260,23 +3094,13 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3260
3094
|
},
|
|
3261
3095
|
{
|
|
3262
3096
|
TLSEXT_TYPE_encrypted_client_hello,
|
|
3263
|
-
NULL,
|
|
3264
3097
|
ext_ech_add_clienthello,
|
|
3265
3098
|
ext_ech_parse_serverhello,
|
|
3266
3099
|
ext_ech_parse_clienthello,
|
|
3267
|
-
|
|
3268
|
-
},
|
|
3269
|
-
{
|
|
3270
|
-
TLSEXT_TYPE_ech_is_inner,
|
|
3271
|
-
NULL,
|
|
3272
|
-
ext_ech_is_inner_add_clienthello,
|
|
3273
|
-
forbid_parse_serverhello,
|
|
3274
|
-
ext_ech_is_inner_parse_clienthello,
|
|
3275
|
-
dont_add_serverhello,
|
|
3100
|
+
ext_ech_add_serverhello,
|
|
3276
3101
|
},
|
|
3277
3102
|
{
|
|
3278
3103
|
TLSEXT_TYPE_extended_master_secret,
|
|
3279
|
-
NULL,
|
|
3280
3104
|
ext_ems_add_clienthello,
|
|
3281
3105
|
ext_ems_parse_serverhello,
|
|
3282
3106
|
ext_ems_parse_clienthello,
|
|
@@ -3284,7 +3108,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3284
3108
|
},
|
|
3285
3109
|
{
|
|
3286
3110
|
TLSEXT_TYPE_renegotiate,
|
|
3287
|
-
NULL,
|
|
3288
3111
|
ext_ri_add_clienthello,
|
|
3289
3112
|
ext_ri_parse_serverhello,
|
|
3290
3113
|
ext_ri_parse_clienthello,
|
|
@@ -3292,7 +3115,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3292
3115
|
},
|
|
3293
3116
|
{
|
|
3294
3117
|
TLSEXT_TYPE_supported_groups,
|
|
3295
|
-
NULL,
|
|
3296
3118
|
ext_supported_groups_add_clienthello,
|
|
3297
3119
|
ext_supported_groups_parse_serverhello,
|
|
3298
3120
|
ext_supported_groups_parse_clienthello,
|
|
@@ -3300,7 +3122,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3300
3122
|
},
|
|
3301
3123
|
{
|
|
3302
3124
|
TLSEXT_TYPE_ec_point_formats,
|
|
3303
|
-
NULL,
|
|
3304
3125
|
ext_ec_point_add_clienthello,
|
|
3305
3126
|
ext_ec_point_parse_serverhello,
|
|
3306
3127
|
ext_ec_point_parse_clienthello,
|
|
@@ -3308,7 +3129,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3308
3129
|
},
|
|
3309
3130
|
{
|
|
3310
3131
|
TLSEXT_TYPE_session_ticket,
|
|
3311
|
-
NULL,
|
|
3312
3132
|
ext_ticket_add_clienthello,
|
|
3313
3133
|
ext_ticket_parse_serverhello,
|
|
3314
3134
|
// Ticket extension client parsing is handled in ssl_session.c
|
|
@@ -3317,7 +3137,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3317
3137
|
},
|
|
3318
3138
|
{
|
|
3319
3139
|
TLSEXT_TYPE_application_layer_protocol_negotiation,
|
|
3320
|
-
NULL,
|
|
3321
3140
|
ext_alpn_add_clienthello,
|
|
3322
3141
|
ext_alpn_parse_serverhello,
|
|
3323
3142
|
// ALPN is negotiated late in |ssl_negotiate_alpn|.
|
|
@@ -3326,7 +3145,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3326
3145
|
},
|
|
3327
3146
|
{
|
|
3328
3147
|
TLSEXT_TYPE_status_request,
|
|
3329
|
-
NULL,
|
|
3330
3148
|
ext_ocsp_add_clienthello,
|
|
3331
3149
|
ext_ocsp_parse_serverhello,
|
|
3332
3150
|
ext_ocsp_parse_clienthello,
|
|
@@ -3334,7 +3152,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3334
3152
|
},
|
|
3335
3153
|
{
|
|
3336
3154
|
TLSEXT_TYPE_signature_algorithms,
|
|
3337
|
-
NULL,
|
|
3338
3155
|
ext_sigalgs_add_clienthello,
|
|
3339
3156
|
forbid_parse_serverhello,
|
|
3340
3157
|
ext_sigalgs_parse_clienthello,
|
|
@@ -3342,7 +3159,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3342
3159
|
},
|
|
3343
3160
|
{
|
|
3344
3161
|
TLSEXT_TYPE_next_proto_neg,
|
|
3345
|
-
NULL,
|
|
3346
3162
|
ext_npn_add_clienthello,
|
|
3347
3163
|
ext_npn_parse_serverhello,
|
|
3348
3164
|
ext_npn_parse_clienthello,
|
|
@@ -3350,7 +3166,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3350
3166
|
},
|
|
3351
3167
|
{
|
|
3352
3168
|
TLSEXT_TYPE_certificate_timestamp,
|
|
3353
|
-
NULL,
|
|
3354
3169
|
ext_sct_add_clienthello,
|
|
3355
3170
|
ext_sct_parse_serverhello,
|
|
3356
3171
|
ext_sct_parse_clienthello,
|
|
@@ -3358,7 +3173,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3358
3173
|
},
|
|
3359
3174
|
{
|
|
3360
3175
|
TLSEXT_TYPE_channel_id,
|
|
3361
|
-
ext_channel_id_init,
|
|
3362
3176
|
ext_channel_id_add_clienthello,
|
|
3363
3177
|
ext_channel_id_parse_serverhello,
|
|
3364
3178
|
ext_channel_id_parse_clienthello,
|
|
@@ -3366,7 +3180,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3366
3180
|
},
|
|
3367
3181
|
{
|
|
3368
3182
|
TLSEXT_TYPE_srtp,
|
|
3369
|
-
ext_srtp_init,
|
|
3370
3183
|
ext_srtp_add_clienthello,
|
|
3371
3184
|
ext_srtp_parse_serverhello,
|
|
3372
3185
|
ext_srtp_parse_clienthello,
|
|
@@ -3374,7 +3187,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3374
3187
|
},
|
|
3375
3188
|
{
|
|
3376
3189
|
TLSEXT_TYPE_key_share,
|
|
3377
|
-
NULL,
|
|
3378
3190
|
ext_key_share_add_clienthello,
|
|
3379
3191
|
forbid_parse_serverhello,
|
|
3380
3192
|
ignore_parse_clienthello,
|
|
@@ -3382,7 +3194,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3382
3194
|
},
|
|
3383
3195
|
{
|
|
3384
3196
|
TLSEXT_TYPE_psk_key_exchange_modes,
|
|
3385
|
-
NULL,
|
|
3386
3197
|
ext_psk_key_exchange_modes_add_clienthello,
|
|
3387
3198
|
forbid_parse_serverhello,
|
|
3388
3199
|
ext_psk_key_exchange_modes_parse_clienthello,
|
|
@@ -3390,7 +3201,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3390
3201
|
},
|
|
3391
3202
|
{
|
|
3392
3203
|
TLSEXT_TYPE_early_data,
|
|
3393
|
-
NULL,
|
|
3394
3204
|
ext_early_data_add_clienthello,
|
|
3395
3205
|
ext_early_data_parse_serverhello,
|
|
3396
3206
|
ext_early_data_parse_clienthello,
|
|
@@ -3398,7 +3208,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3398
3208
|
},
|
|
3399
3209
|
{
|
|
3400
3210
|
TLSEXT_TYPE_supported_versions,
|
|
3401
|
-
NULL,
|
|
3402
3211
|
ext_supported_versions_add_clienthello,
|
|
3403
3212
|
forbid_parse_serverhello,
|
|
3404
3213
|
ignore_parse_clienthello,
|
|
@@ -3406,15 +3215,13 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3406
3215
|
},
|
|
3407
3216
|
{
|
|
3408
3217
|
TLSEXT_TYPE_cookie,
|
|
3409
|
-
NULL,
|
|
3410
3218
|
ext_cookie_add_clienthello,
|
|
3411
3219
|
forbid_parse_serverhello,
|
|
3412
3220
|
ignore_parse_clienthello,
|
|
3413
3221
|
dont_add_serverhello,
|
|
3414
3222
|
},
|
|
3415
3223
|
{
|
|
3416
|
-
|
|
3417
|
-
NULL,
|
|
3224
|
+
TLSEXT_TYPE_quic_transport_parameters,
|
|
3418
3225
|
ext_quic_transport_params_add_clienthello,
|
|
3419
3226
|
ext_quic_transport_params_parse_serverhello,
|
|
3420
3227
|
ext_quic_transport_params_parse_clienthello,
|
|
@@ -3422,23 +3229,13 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3422
3229
|
},
|
|
3423
3230
|
{
|
|
3424
3231
|
TLSEXT_TYPE_quic_transport_parameters_legacy,
|
|
3425
|
-
NULL,
|
|
3426
3232
|
ext_quic_transport_params_add_clienthello_legacy,
|
|
3427
3233
|
ext_quic_transport_params_parse_serverhello_legacy,
|
|
3428
3234
|
ext_quic_transport_params_parse_clienthello_legacy,
|
|
3429
3235
|
ext_quic_transport_params_add_serverhello_legacy,
|
|
3430
3236
|
},
|
|
3431
|
-
{
|
|
3432
|
-
TLSEXT_TYPE_token_binding,
|
|
3433
|
-
NULL,
|
|
3434
|
-
ext_token_binding_add_clienthello,
|
|
3435
|
-
ext_token_binding_parse_serverhello,
|
|
3436
|
-
ext_token_binding_parse_clienthello,
|
|
3437
|
-
ext_token_binding_add_serverhello,
|
|
3438
|
-
},
|
|
3439
3237
|
{
|
|
3440
3238
|
TLSEXT_TYPE_cert_compression,
|
|
3441
|
-
NULL,
|
|
3442
3239
|
cert_compression_add_clienthello,
|
|
3443
3240
|
cert_compression_parse_serverhello,
|
|
3444
3241
|
cert_compression_parse_clienthello,
|
|
@@ -3446,7 +3243,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3446
3243
|
},
|
|
3447
3244
|
{
|
|
3448
3245
|
TLSEXT_TYPE_delegated_credential,
|
|
3449
|
-
NULL,
|
|
3450
3246
|
ext_delegated_credential_add_clienthello,
|
|
3451
3247
|
forbid_parse_serverhello,
|
|
3452
3248
|
ext_delegated_credential_parse_clienthello,
|
|
@@ -3454,7 +3250,6 @@ static const struct tls_extension kExtensions[] = {
|
|
|
3454
3250
|
},
|
|
3455
3251
|
{
|
|
3456
3252
|
TLSEXT_TYPE_application_settings,
|
|
3457
|
-
NULL,
|
|
3458
3253
|
ext_alps_add_clienthello,
|
|
3459
3254
|
ext_alps_parse_serverhello,
|
|
3460
3255
|
// ALPS is negotiated late in |ssl_negotiate_alpn|.
|
|
@@ -3472,6 +3267,30 @@ static_assert(kNumExtensions <=
|
|
|
3472
3267
|
sizeof(((SSL_HANDSHAKE *)NULL)->extensions.received) * 8,
|
|
3473
3268
|
"too many extensions for received bitset");
|
|
3474
3269
|
|
|
3270
|
+
bool ssl_setup_extension_permutation(SSL_HANDSHAKE *hs) {
|
|
3271
|
+
if (!hs->config->permute_extensions) {
|
|
3272
|
+
return true;
|
|
3273
|
+
}
|
|
3274
|
+
|
|
3275
|
+
static_assert(kNumExtensions <= UINT8_MAX,
|
|
3276
|
+
"extensions_permutation type is too small");
|
|
3277
|
+
uint32_t seeds[kNumExtensions - 1];
|
|
3278
|
+
Array<uint8_t> permutation;
|
|
3279
|
+
if (!RAND_bytes(reinterpret_cast<uint8_t *>(seeds), sizeof(seeds)) ||
|
|
3280
|
+
!permutation.Init(kNumExtensions)) {
|
|
3281
|
+
return false;
|
|
3282
|
+
}
|
|
3283
|
+
for (size_t i = 0; i < kNumExtensions; i++) {
|
|
3284
|
+
permutation[i] = i;
|
|
3285
|
+
}
|
|
3286
|
+
for (size_t i = kNumExtensions - 1; i > 0; i--) {
|
|
3287
|
+
// Set element |i| to a randomly-selected element 0 <= j <= i.
|
|
3288
|
+
std::swap(permutation[i], permutation[seeds[i - 1] % (i + 1)]);
|
|
3289
|
+
}
|
|
3290
|
+
hs->extension_permutation = std::move(permutation);
|
|
3291
|
+
return true;
|
|
3292
|
+
}
|
|
3293
|
+
|
|
3475
3294
|
static const struct tls_extension *tls_extension_find(uint32_t *out_index,
|
|
3476
3295
|
uint16_t value) {
|
|
3477
3296
|
unsigned i;
|
|
@@ -3485,8 +3304,137 @@ static const struct tls_extension *tls_extension_find(uint32_t *out_index,
|
|
|
3485
3304
|
return NULL;
|
|
3486
3305
|
}
|
|
3487
3306
|
|
|
3488
|
-
bool
|
|
3307
|
+
static bool add_padding_extension(CBB *cbb, uint16_t ext, size_t len) {
|
|
3308
|
+
CBB child;
|
|
3309
|
+
if (!CBB_add_u16(cbb, ext) || //
|
|
3310
|
+
!CBB_add_u16_length_prefixed(cbb, &child) ||
|
|
3311
|
+
!CBB_add_zeros(&child, len)) {
|
|
3312
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3313
|
+
return false;
|
|
3314
|
+
}
|
|
3315
|
+
return CBB_flush(cbb);
|
|
3316
|
+
}
|
|
3317
|
+
|
|
3318
|
+
static bool ssl_add_clienthello_tlsext_inner(SSL_HANDSHAKE *hs, CBB *out,
|
|
3319
|
+
CBB *out_encoded,
|
|
3320
|
+
bool *out_needs_psk_binder) {
|
|
3321
|
+
// When writing ClientHelloInner, we construct the real and encoded
|
|
3322
|
+
// ClientHellos concurrently, to handle compression. Uncompressed extensions
|
|
3323
|
+
// are written to |extensions| and copied to |extensions_encoded|. Compressed
|
|
3324
|
+
// extensions are buffered in |compressed| and written to the end. (ECH can
|
|
3325
|
+
// only compress continguous extensions.)
|
|
3326
|
+
SSL *const ssl = hs->ssl;
|
|
3327
|
+
bssl::ScopedCBB compressed, outer_extensions;
|
|
3328
|
+
CBB extensions, extensions_encoded;
|
|
3329
|
+
if (!CBB_add_u16_length_prefixed(out, &extensions) ||
|
|
3330
|
+
!CBB_add_u16_length_prefixed(out_encoded, &extensions_encoded) ||
|
|
3331
|
+
!CBB_init(compressed.get(), 64) ||
|
|
3332
|
+
!CBB_init(outer_extensions.get(), 64)) {
|
|
3333
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3334
|
+
return false;
|
|
3335
|
+
}
|
|
3336
|
+
|
|
3337
|
+
hs->inner_extensions_sent = 0;
|
|
3338
|
+
|
|
3339
|
+
if (ssl->ctx->grease_enabled) {
|
|
3340
|
+
// Add a fake empty extension. See RFC 8701. This always matches
|
|
3341
|
+
// |ssl_add_clienthello_tlsext|, so compress it.
|
|
3342
|
+
uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension1);
|
|
3343
|
+
if (!add_padding_extension(compressed.get(), grease_ext, 0) ||
|
|
3344
|
+
!CBB_add_u16(outer_extensions.get(), grease_ext)) {
|
|
3345
|
+
return false;
|
|
3346
|
+
}
|
|
3347
|
+
}
|
|
3348
|
+
|
|
3349
|
+
for (size_t unpermuted = 0; unpermuted < kNumExtensions; unpermuted++) {
|
|
3350
|
+
size_t i = hs->extension_permutation.empty()
|
|
3351
|
+
? unpermuted
|
|
3352
|
+
: hs->extension_permutation[unpermuted];
|
|
3353
|
+
const size_t len_before = CBB_len(&extensions);
|
|
3354
|
+
const size_t len_compressed_before = CBB_len(compressed.get());
|
|
3355
|
+
if (!kExtensions[i].add_clienthello(hs, &extensions, compressed.get(),
|
|
3356
|
+
ssl_client_hello_inner)) {
|
|
3357
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
|
|
3358
|
+
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
|
3359
|
+
return false;
|
|
3360
|
+
}
|
|
3361
|
+
|
|
3362
|
+
const size_t bytes_written = CBB_len(&extensions) - len_before;
|
|
3363
|
+
const size_t bytes_written_compressed =
|
|
3364
|
+
CBB_len(compressed.get()) - len_compressed_before;
|
|
3365
|
+
// The callback may write to at most one output.
|
|
3366
|
+
assert(bytes_written == 0 || bytes_written_compressed == 0);
|
|
3367
|
+
if (bytes_written != 0 || bytes_written_compressed != 0) {
|
|
3368
|
+
hs->inner_extensions_sent |= (1u << i);
|
|
3369
|
+
}
|
|
3370
|
+
// If compressed, update the running ech_outer_extensions extension.
|
|
3371
|
+
if (bytes_written_compressed != 0 &&
|
|
3372
|
+
!CBB_add_u16(outer_extensions.get(), kExtensions[i].value)) {
|
|
3373
|
+
return false;
|
|
3374
|
+
}
|
|
3375
|
+
}
|
|
3376
|
+
|
|
3377
|
+
if (ssl->ctx->grease_enabled) {
|
|
3378
|
+
// Add a fake non-empty extension. See RFC 8701. This always matches
|
|
3379
|
+
// |ssl_add_clienthello_tlsext|, so compress it.
|
|
3380
|
+
uint16_t grease_ext = ssl_get_grease_value(hs, ssl_grease_extension2);
|
|
3381
|
+
if (!add_padding_extension(compressed.get(), grease_ext, 1) ||
|
|
3382
|
+
!CBB_add_u16(outer_extensions.get(), grease_ext)) {
|
|
3383
|
+
return false;
|
|
3384
|
+
}
|
|
3385
|
+
}
|
|
3386
|
+
|
|
3387
|
+
// Uncompressed extensions are encoded as-is.
|
|
3388
|
+
if (!CBB_add_bytes(&extensions_encoded, CBB_data(&extensions),
|
|
3389
|
+
CBB_len(&extensions))) {
|
|
3390
|
+
return false;
|
|
3391
|
+
}
|
|
3392
|
+
|
|
3393
|
+
// Flush all the compressed extensions.
|
|
3394
|
+
if (CBB_len(compressed.get()) != 0) {
|
|
3395
|
+
CBB extension, child;
|
|
3396
|
+
// Copy them as-is in the real ClientHelloInner.
|
|
3397
|
+
if (!CBB_add_bytes(&extensions, CBB_data(compressed.get()),
|
|
3398
|
+
CBB_len(compressed.get())) ||
|
|
3399
|
+
// Replace with ech_outer_extensions in the encoded form.
|
|
3400
|
+
!CBB_add_u16(&extensions_encoded, TLSEXT_TYPE_ech_outer_extensions) ||
|
|
3401
|
+
!CBB_add_u16_length_prefixed(&extensions_encoded, &extension) ||
|
|
3402
|
+
!CBB_add_u8_length_prefixed(&extension, &child) ||
|
|
3403
|
+
!CBB_add_bytes(&child, CBB_data(outer_extensions.get()),
|
|
3404
|
+
CBB_len(outer_extensions.get())) ||
|
|
3405
|
+
!CBB_flush(&extensions_encoded)) {
|
|
3406
|
+
return false;
|
|
3407
|
+
}
|
|
3408
|
+
}
|
|
3409
|
+
|
|
3410
|
+
// The PSK extension must be last. It is never compressed. Note, if there is a
|
|
3411
|
+
// binder, the caller will need to update both ClientHelloInner and
|
|
3412
|
+
// EncodedClientHelloInner after computing it.
|
|
3413
|
+
const size_t len_before = CBB_len(&extensions);
|
|
3414
|
+
if (!ext_pre_shared_key_add_clienthello(hs, &extensions, out_needs_psk_binder,
|
|
3415
|
+
ssl_client_hello_inner) ||
|
|
3416
|
+
!CBB_add_bytes(&extensions_encoded, CBB_data(&extensions) + len_before,
|
|
3417
|
+
CBB_len(&extensions) - len_before) ||
|
|
3418
|
+
!CBB_flush(out) || //
|
|
3419
|
+
!CBB_flush(out_encoded)) {
|
|
3420
|
+
return false;
|
|
3421
|
+
}
|
|
3422
|
+
|
|
3423
|
+
return true;
|
|
3424
|
+
}
|
|
3425
|
+
|
|
3426
|
+
bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out, CBB *out_encoded,
|
|
3427
|
+
bool *out_needs_psk_binder,
|
|
3428
|
+
ssl_client_hello_type_t type,
|
|
3489
3429
|
size_t header_len) {
|
|
3430
|
+
*out_needs_psk_binder = false;
|
|
3431
|
+
|
|
3432
|
+
if (type == ssl_client_hello_inner) {
|
|
3433
|
+
return ssl_add_clienthello_tlsext_inner(hs, out, out_encoded,
|
|
3434
|
+
out_needs_psk_binder);
|
|
3435
|
+
}
|
|
3436
|
+
|
|
3437
|
+
assert(out_encoded == nullptr); // Only ClientHelloInner needs two outputs.
|
|
3490
3438
|
SSL *const ssl = hs->ssl;
|
|
3491
3439
|
CBB extensions;
|
|
3492
3440
|
if (!CBB_add_u16_length_prefixed(out, &extensions)) {
|
|
@@ -3499,27 +3447,20 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
|
|
|
3499
3447
|
// important to reset this value.
|
|
3500
3448
|
hs->extensions.sent = 0;
|
|
3501
3449
|
|
|
3502
|
-
|
|
3503
|
-
|
|
3504
|
-
|
|
3505
|
-
|
|
3506
|
-
|
|
3507
|
-
|
|
3508
|
-
uint16_t grease_ext1 = 0;
|
|
3509
|
-
if (ssl->ctx->grease_enabled) {
|
|
3510
|
-
// Add a fake empty extension. See draft-davidben-tls-grease-01.
|
|
3511
|
-
grease_ext1 = ssl_get_grease_value(hs, ssl_grease_extension1);
|
|
3512
|
-
if (!CBB_add_u16(&extensions, grease_ext1) ||
|
|
3513
|
-
!CBB_add_u16(&extensions, 0 /* zero length */)) {
|
|
3514
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3515
|
-
return false;
|
|
3516
|
-
}
|
|
3450
|
+
// Add a fake empty extension. See RFC 8701.
|
|
3451
|
+
if (ssl->ctx->grease_enabled &&
|
|
3452
|
+
!add_padding_extension(
|
|
3453
|
+
&extensions, ssl_get_grease_value(hs, ssl_grease_extension1), 0)) {
|
|
3454
|
+
return false;
|
|
3517
3455
|
}
|
|
3518
3456
|
|
|
3519
3457
|
bool last_was_empty = false;
|
|
3520
|
-
for (size_t
|
|
3458
|
+
for (size_t unpermuted = 0; unpermuted < kNumExtensions; unpermuted++) {
|
|
3459
|
+
size_t i = hs->extension_permutation.empty()
|
|
3460
|
+
? unpermuted
|
|
3461
|
+
: hs->extension_permutation[unpermuted];
|
|
3521
3462
|
const size_t len_before = CBB_len(&extensions);
|
|
3522
|
-
if (!kExtensions[i].add_clienthello(hs, &extensions)) {
|
|
3463
|
+
if (!kExtensions[i].add_clienthello(hs, &extensions, &extensions, type)) {
|
|
3523
3464
|
OPENSSL_PUT_ERROR(SSL, SSL_R_ERROR_ADDING_EXTENSION);
|
|
3524
3465
|
ERR_add_error_dataf("extension %u", (unsigned)kExtensions[i].value);
|
|
3525
3466
|
return false;
|
|
@@ -3535,29 +3476,22 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
|
|
|
3535
3476
|
}
|
|
3536
3477
|
|
|
3537
3478
|
if (ssl->ctx->grease_enabled) {
|
|
3538
|
-
// Add a fake non-empty extension. See
|
|
3539
|
-
|
|
3540
|
-
|
|
3541
|
-
// The two fake extensions must not have the same value. GREASE values are
|
|
3542
|
-
// of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
|
|
3543
|
-
// one.
|
|
3544
|
-
if (grease_ext1 == grease_ext2) {
|
|
3545
|
-
grease_ext2 ^= 0x1010;
|
|
3546
|
-
}
|
|
3547
|
-
|
|
3548
|
-
if (!CBB_add_u16(&extensions, grease_ext2) ||
|
|
3549
|
-
!CBB_add_u16(&extensions, 1 /* one byte length */) ||
|
|
3550
|
-
!CBB_add_u8(&extensions, 0 /* single zero byte as contents */)) {
|
|
3551
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3479
|
+
// Add a fake non-empty extension. See RFC 8701.
|
|
3480
|
+
if (!add_padding_extension(
|
|
3481
|
+
&extensions, ssl_get_grease_value(hs, ssl_grease_extension2), 1)) {
|
|
3552
3482
|
return false;
|
|
3553
3483
|
}
|
|
3554
|
-
|
|
3555
3484
|
last_was_empty = false;
|
|
3556
3485
|
}
|
|
3557
3486
|
|
|
3558
|
-
|
|
3559
|
-
|
|
3560
|
-
|
|
3487
|
+
// In cleartext ClientHellos, we add the padding extension to work around
|
|
3488
|
+
// bugs. We also apply this padding to ClientHelloOuter, to keep the wire
|
|
3489
|
+
// images aligned.
|
|
3490
|
+
size_t psk_extension_len = ext_pre_shared_key_clienthello_length(hs, type);
|
|
3491
|
+
if (!SSL_is_dtls(ssl) && !ssl->quic_method &&
|
|
3492
|
+
!ssl->s3->used_hello_retry_request) {
|
|
3493
|
+
header_len +=
|
|
3494
|
+
SSL3_HM_HEADER_LENGTH + 2 + CBB_len(&extensions) + psk_extension_len;
|
|
3561
3495
|
size_t padding_len = 0;
|
|
3562
3496
|
|
|
3563
3497
|
// The final extension must be non-empty. WebSphere Application
|
|
@@ -3591,24 +3525,21 @@ bool ssl_add_clienthello_tlsext(SSL_HANDSHAKE *hs, CBB *out,
|
|
|
3591
3525
|
}
|
|
3592
3526
|
}
|
|
3593
3527
|
|
|
3594
|
-
if (padding_len != 0
|
|
3595
|
-
|
|
3596
|
-
|
|
3597
|
-
!CBB_add_u16(&extensions, padding_len) ||
|
|
3598
|
-
!CBB_add_space(&extensions, &padding_bytes, padding_len)) {
|
|
3599
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3600
|
-
return false;
|
|
3601
|
-
}
|
|
3602
|
-
|
|
3603
|
-
OPENSSL_memset(padding_bytes, 0, padding_len);
|
|
3528
|
+
if (padding_len != 0 &&
|
|
3529
|
+
!add_padding_extension(&extensions, TLSEXT_TYPE_padding, padding_len)) {
|
|
3530
|
+
return false;
|
|
3604
3531
|
}
|
|
3605
3532
|
}
|
|
3606
3533
|
|
|
3607
3534
|
// The PSK extension must be last, including after the padding.
|
|
3608
|
-
|
|
3535
|
+
const size_t len_before = CBB_len(&extensions);
|
|
3536
|
+
if (!ext_pre_shared_key_add_clienthello(hs, &extensions, out_needs_psk_binder,
|
|
3537
|
+
type)) {
|
|
3609
3538
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
3610
3539
|
return false;
|
|
3611
3540
|
}
|
|
3541
|
+
assert(psk_extension_len == CBB_len(&extensions) - len_before);
|
|
3542
|
+
(void)len_before; // |assert| is omitted in release builds.
|
|
3612
3543
|
|
|
3613
3544
|
// Discard empty extensions blocks.
|
|
3614
3545
|
if (CBB_len(&extensions) == 0) {
|
|
@@ -3654,12 +3585,6 @@ err:
|
|
|
3654
3585
|
static bool ssl_scan_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
|
3655
3586
|
const SSL_CLIENT_HELLO *client_hello,
|
|
3656
3587
|
int *out_alert) {
|
|
3657
|
-
for (size_t i = 0; i < kNumExtensions; i++) {
|
|
3658
|
-
if (kExtensions[i].init != NULL) {
|
|
3659
|
-
kExtensions[i].init(hs);
|
|
3660
|
-
}
|
|
3661
|
-
}
|
|
3662
|
-
|
|
3663
3588
|
hs->extensions.received = 0;
|
|
3664
3589
|
CBS extensions;
|
|
3665
3590
|
CBS_init(&extensions, client_hello->extensions, client_hello->extensions_len);
|
|
@@ -3740,18 +3665,10 @@ bool ssl_parse_clienthello_tlsext(SSL_HANDSHAKE *hs,
|
|
|
3740
3665
|
return true;
|
|
3741
3666
|
}
|
|
3742
3667
|
|
|
3743
|
-
static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
|
|
3668
|
+
static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs,
|
|
3744
3669
|
int *out_alert) {
|
|
3745
|
-
|
|
3746
|
-
|
|
3747
|
-
if (CBS_len(cbs) == 0 && ssl_protocol_version(ssl) < TLS1_3_VERSION) {
|
|
3748
|
-
return true;
|
|
3749
|
-
}
|
|
3750
|
-
|
|
3751
|
-
// Decode the extensions block and check it is valid.
|
|
3752
|
-
CBS extensions;
|
|
3753
|
-
if (!CBS_get_u16_length_prefixed(cbs, &extensions) ||
|
|
3754
|
-
!tls1_check_duplicate_extensions(&extensions)) {
|
|
3670
|
+
CBS extensions = *cbs;
|
|
3671
|
+
if (!tls1_check_duplicate_extensions(&extensions)) {
|
|
3755
3672
|
*out_alert = SSL_AD_DECODE_ERROR;
|
|
3756
3673
|
return false;
|
|
3757
3674
|
}
|
|
@@ -3820,18 +3737,8 @@ static bool ssl_scan_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs,
|
|
|
3820
3737
|
|
|
3821
3738
|
static bool ssl_check_clienthello_tlsext(SSL_HANDSHAKE *hs) {
|
|
3822
3739
|
SSL *const ssl = hs->ssl;
|
|
3823
|
-
|
|
3824
|
-
if (ssl->s3->token_binding_negotiated &&
|
|
3825
|
-
!(SSL_get_secure_renegotiation_support(ssl) &&
|
|
3826
|
-
SSL_get_extms_support(ssl))) {
|
|
3827
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_NEGOTIATED_TB_WITHOUT_EMS_OR_RI);
|
|
3828
|
-
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_UNSUPPORTED_EXTENSION);
|
|
3829
|
-
return false;
|
|
3830
|
-
}
|
|
3831
|
-
|
|
3832
3740
|
int ret = SSL_TLSEXT_ERR_NOACK;
|
|
3833
3741
|
int al = SSL_AD_UNRECOGNIZED_NAME;
|
|
3834
|
-
|
|
3835
3742
|
if (ssl->ctx->servername_callback != 0) {
|
|
3836
3743
|
ret = ssl->ctx->servername_callback(ssl, &al, ssl->ctx->servername_arg);
|
|
3837
3744
|
} else if (ssl->session_ctx->servername_callback != 0) {
|
|
@@ -3883,7 +3790,7 @@ static bool ssl_check_serverhello_tlsext(SSL_HANDSHAKE *hs) {
|
|
|
3883
3790
|
return true;
|
|
3884
3791
|
}
|
|
3885
3792
|
|
|
3886
|
-
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, CBS *cbs) {
|
|
3793
|
+
bool ssl_parse_serverhello_tlsext(SSL_HANDSHAKE *hs, const CBS *cbs) {
|
|
3887
3794
|
SSL *const ssl = hs->ssl;
|
|
3888
3795
|
int alert = SSL_AD_DECODE_ERROR;
|
|
3889
3796
|
if (!ssl_scan_serverhello_tlsext(hs, cbs, &alert)) {
|
|
@@ -3911,8 +3818,8 @@ static enum ssl_ticket_aead_result_t decrypt_ticket_with_cipher_ctx(
|
|
|
3911
3818
|
return ssl_ticket_aead_ignore_ticket;
|
|
3912
3819
|
}
|
|
3913
3820
|
// Split the ticket into the ticket and the MAC.
|
|
3914
|
-
auto ticket_mac = ticket.
|
|
3915
|
-
ticket = ticket.
|
|
3821
|
+
auto ticket_mac = ticket.last(mac_len);
|
|
3822
|
+
ticket = ticket.first(ticket.size() - mac_len);
|
|
3916
3823
|
HMAC_Update(hmac_ctx, ticket.data(), ticket.size());
|
|
3917
3824
|
HMAC_Final(hmac_ctx, mac, NULL);
|
|
3918
3825
|
assert(mac_len == ticket_mac.size());
|
|
@@ -4046,6 +3953,7 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
|
4046
3953
|
SSL_HANDSHAKE *hs, UniquePtr<SSL_SESSION> *out_session,
|
|
4047
3954
|
bool *out_renew_ticket, Span<const uint8_t> ticket,
|
|
4048
3955
|
Span<const uint8_t> session_id) {
|
|
3956
|
+
SSL *const ssl = hs->ssl;
|
|
4049
3957
|
*out_renew_ticket = false;
|
|
4050
3958
|
out_session->reset();
|
|
4051
3959
|
|
|
@@ -4054,9 +3962,21 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
|
4054
3962
|
return ssl_ticket_aead_ignore_ticket;
|
|
4055
3963
|
}
|
|
4056
3964
|
|
|
3965
|
+
// Tickets in TLS 1.3 are tied into pre-shared keys (PSKs), unlike in TLS 1.2
|
|
3966
|
+
// where that concept doesn't exist. The |decrypted_psk| and |ignore_psk|
|
|
3967
|
+
// hints only apply to PSKs. We check the version to determine which this is.
|
|
3968
|
+
const bool is_psk = ssl_protocol_version(ssl) >= TLS1_3_VERSION;
|
|
3969
|
+
|
|
4057
3970
|
Array<uint8_t> plaintext;
|
|
4058
3971
|
enum ssl_ticket_aead_result_t result;
|
|
4059
|
-
|
|
3972
|
+
SSL_HANDSHAKE_HINTS *const hints = hs->hints.get();
|
|
3973
|
+
if (is_psk && hints && !hs->hints_requested &&
|
|
3974
|
+
!hints->decrypted_psk.empty()) {
|
|
3975
|
+
result = plaintext.CopyFrom(hints->decrypted_psk) ? ssl_ticket_aead_success
|
|
3976
|
+
: ssl_ticket_aead_error;
|
|
3977
|
+
} else if (is_psk && hints && !hs->hints_requested && hints->ignore_psk) {
|
|
3978
|
+
result = ssl_ticket_aead_ignore_ticket;
|
|
3979
|
+
} else if (ssl->session_ctx->ticket_aead_method != NULL) {
|
|
4060
3980
|
result = ssl_decrypt_ticket_with_method(hs, &plaintext, out_renew_ticket,
|
|
4061
3981
|
ticket);
|
|
4062
3982
|
} else {
|
|
@@ -4065,9 +3985,8 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
|
4065
3985
|
// length should be well under the minimum size for the session material and
|
|
4066
3986
|
// HMAC.
|
|
4067
3987
|
if (ticket.size() < SSL_TICKET_KEY_NAME_LEN + EVP_MAX_IV_LENGTH) {
|
|
4068
|
-
|
|
4069
|
-
}
|
|
4070
|
-
if (hs->ssl->session_ctx->ticket_key_cb != NULL) {
|
|
3988
|
+
result = ssl_ticket_aead_ignore_ticket;
|
|
3989
|
+
} else if (ssl->session_ctx->ticket_key_cb != NULL) {
|
|
4071
3990
|
result =
|
|
4072
3991
|
ssl_decrypt_ticket_with_cb(hs, &plaintext, out_renew_ticket, ticket);
|
|
4073
3992
|
} else {
|
|
@@ -4075,22 +3994,33 @@ enum ssl_ticket_aead_result_t ssl_process_ticket(
|
|
|
4075
3994
|
}
|
|
4076
3995
|
}
|
|
4077
3996
|
|
|
3997
|
+
if (is_psk && hints && hs->hints_requested) {
|
|
3998
|
+
if (result == ssl_ticket_aead_ignore_ticket) {
|
|
3999
|
+
hints->ignore_psk = true;
|
|
4000
|
+
} else if (result == ssl_ticket_aead_success &&
|
|
4001
|
+
!hints->decrypted_psk.CopyFrom(plaintext)) {
|
|
4002
|
+
return ssl_ticket_aead_error;
|
|
4003
|
+
}
|
|
4004
|
+
}
|
|
4005
|
+
|
|
4078
4006
|
if (result != ssl_ticket_aead_success) {
|
|
4079
4007
|
return result;
|
|
4080
4008
|
}
|
|
4081
4009
|
|
|
4082
4010
|
// Decode the session.
|
|
4083
4011
|
UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
|
|
4084
|
-
plaintext.data(), plaintext.size(),
|
|
4012
|
+
plaintext.data(), plaintext.size(), ssl->ctx.get()));
|
|
4085
4013
|
if (!session) {
|
|
4086
4014
|
ERR_clear_error(); // Don't leave an error on the queue.
|
|
4087
4015
|
return ssl_ticket_aead_ignore_ticket;
|
|
4088
4016
|
}
|
|
4089
4017
|
|
|
4090
|
-
//
|
|
4091
|
-
//
|
|
4092
|
-
|
|
4093
|
-
|
|
4018
|
+
// Envoy's tests expect the session to have a session ID that matches the
|
|
4019
|
+
// placeholder used by the client. It's unclear whether this is a good idea,
|
|
4020
|
+
// but we maintain it for now.
|
|
4021
|
+
SHA256(ticket.data(), ticket.size(), session->session_id);
|
|
4022
|
+
// Other consumers may expect a non-empty session ID to indicate resumption.
|
|
4023
|
+
session->session_id_length = SHA256_DIGEST_LENGTH;
|
|
4094
4024
|
|
|
4095
4025
|
*out_session = std::move(session);
|
|
4096
4026
|
return ssl_ticket_aead_success;
|
|
@@ -4238,11 +4168,11 @@ bool tls1_verify_channel_id(SSL_HANDSHAKE *hs, const SSLMessage &msg) {
|
|
|
4238
4168
|
if (!sig_ok) {
|
|
4239
4169
|
OPENSSL_PUT_ERROR(SSL, SSL_R_CHANNEL_ID_SIGNATURE_INVALID);
|
|
4240
4170
|
ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
|
|
4241
|
-
ssl->s3->channel_id_valid = false;
|
|
4242
4171
|
return false;
|
|
4243
4172
|
}
|
|
4244
4173
|
|
|
4245
4174
|
OPENSSL_memcpy(ssl->s3->channel_id, p, 64);
|
|
4175
|
+
ssl->s3->channel_id_valid = true;
|
|
4246
4176
|
return true;
|
|
4247
4177
|
}
|
|
4248
4178
|
|
|
@@ -4353,23 +4283,6 @@ bool tls1_record_handshake_hashes_for_channel_id(SSL_HANDSHAKE *hs) {
|
|
|
4353
4283
|
return true;
|
|
4354
4284
|
}
|
|
4355
4285
|
|
|
4356
|
-
bool ssl_do_channel_id_callback(SSL_HANDSHAKE *hs) {
|
|
4357
|
-
if (hs->config->channel_id_private != NULL ||
|
|
4358
|
-
hs->ssl->ctx->channel_id_cb == NULL) {
|
|
4359
|
-
return true;
|
|
4360
|
-
}
|
|
4361
|
-
|
|
4362
|
-
EVP_PKEY *key = NULL;
|
|
4363
|
-
hs->ssl->ctx->channel_id_cb(hs->ssl, &key);
|
|
4364
|
-
if (key == NULL) {
|
|
4365
|
-
// The caller should try again later.
|
|
4366
|
-
return true;
|
|
4367
|
-
}
|
|
4368
|
-
|
|
4369
|
-
UniquePtr<EVP_PKEY> free_key(key);
|
|
4370
|
-
return SSL_set1_tls_channel_id(hs->ssl, key);
|
|
4371
|
-
}
|
|
4372
|
-
|
|
4373
4286
|
bool ssl_is_sct_list_valid(const CBS *contents) {
|
|
4374
4287
|
// Shallow parse the SCT list for sanity. By the RFC
|
|
4375
4288
|
// (https://tools.ietf.org/html/rfc6962#section-3.3) neither the list nor any
|