grpc 1.37.1 → 1.40.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (738) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +112 -59
  3. data/include/grpc/event_engine/README.md +38 -0
  4. data/include/grpc/event_engine/endpoint_config.h +48 -0
  5. data/include/grpc/event_engine/event_engine.h +330 -0
  6. data/include/grpc/event_engine/port.h +41 -0
  7. data/include/grpc/event_engine/slice_allocator.h +66 -0
  8. data/include/grpc/grpc.h +11 -4
  9. data/include/grpc/grpc_security.h +32 -0
  10. data/include/grpc/grpc_security_constants.h +15 -0
  11. data/include/grpc/impl/codegen/grpc_types.h +44 -19
  12. data/include/grpc/impl/codegen/port_platform.h +46 -0
  13. data/include/grpc/module.modulemap +14 -14
  14. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  15. data/src/core/ext/filters/client_channel/channel_connectivity.cc +177 -202
  16. data/src/core/ext/filters/client_channel/client_channel.cc +975 -3282
  17. data/src/core/ext/filters/client_channel/client_channel.h +513 -55
  18. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  19. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +4 -1
  20. data/src/core/ext/filters/client_channel/config_selector.h +20 -7
  21. data/src/core/ext/filters/client_channel/connector.h +1 -1
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -10
  23. data/src/core/ext/filters/client_channel/dynamic_filters.h +3 -3
  24. data/src/core/ext/filters/client_channel/health/health_check_client.cc +28 -27
  25. data/src/core/ext/filters/client_channel/health/health_check_client.h +30 -29
  26. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +24 -21
  27. data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -6
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +53 -51
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -1
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -23
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +16 -16
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +734 -0
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -17
  37. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +1 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +17 -20
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +53 -65
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +36 -44
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +33 -55
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +151 -163
  43. data/src/core/ext/filters/client_channel/lb_policy.cc +2 -16
  44. data/src/core/ext/filters/client_channel/lb_policy.h +70 -46
  45. data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -1
  46. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -4
  47. data/src/core/ext/filters/client_channel/lb_policy_registry.h +1 -1
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +24 -18
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -1
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +3 -3
  52. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  53. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +14 -14
  54. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -24
  55. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  56. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
  57. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  58. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  59. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +18 -12
  60. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +20 -28
  61. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +7 -5
  62. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +20 -13
  63. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
  64. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +158 -102
  65. data/src/core/ext/filters/client_channel/resolver.h +2 -2
  66. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +32 -239
  67. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +20 -49
  68. data/src/core/ext/filters/client_channel/retry_filter.cc +2598 -0
  69. data/src/core/ext/filters/client_channel/retry_filter.h +30 -0
  70. data/src/core/ext/filters/client_channel/retry_service_config.cc +316 -0
  71. data/src/core/ext/filters/client_channel/retry_service_config.h +96 -0
  72. data/src/core/ext/filters/client_channel/server_address.cc +1 -1
  73. data/src/core/ext/filters/client_channel/service_config.cc +15 -14
  74. data/src/core/ext/filters/client_channel/service_config.h +7 -6
  75. data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
  76. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +5 -4
  77. data/src/core/ext/filters/client_channel/service_config_parser.cc +6 -6
  78. data/src/core/ext/filters/client_channel/service_config_parser.h +7 -4
  79. data/src/core/ext/filters/client_channel/subchannel.cc +17 -16
  80. data/src/core/ext/filters/client_channel/subchannel.h +7 -6
  81. data/src/core/ext/filters/client_idle/client_idle_filter.cc +17 -16
  82. data/src/core/ext/filters/deadline/deadline_filter.cc +10 -10
  83. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -18
  84. data/src/core/ext/filters/fault_injection/service_config_parser.cc +5 -5
  85. data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
  86. data/src/core/ext/filters/http/client/http_client_filter.cc +33 -23
  87. data/src/core/ext/filters/http/client_authority_filter.cc +3 -3
  88. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +23 -22
  89. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +21 -21
  90. data/src/core/ext/filters/http/server/http_server_filter.cc +27 -23
  91. data/src/core/ext/filters/max_age/max_age_filter.cc +12 -10
  92. data/src/core/ext/filters/message_size/message_size_filter.cc +14 -11
  93. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  94. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +4 -3
  95. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +7 -7
  96. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +7 -7
  97. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -2
  98. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +3 -2
  99. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -3
  100. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +49 -46
  101. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -2
  102. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -4
  103. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +5 -4
  104. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -4
  105. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
  106. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +66 -0
  107. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
  108. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +141 -126
  109. data/src/core/ext/transport/chttp2/transport/context_list.cc +4 -5
  110. data/src/core/ext/transport/chttp2/transport/context_list.h +4 -4
  111. data/src/core/ext/transport/chttp2/transport/flow_control.cc +3 -3
  112. data/src/core/ext/transport/chttp2/transport/flow_control.h +9 -9
  113. data/src/core/ext/transport/chttp2/transport/frame_data.cc +12 -12
  114. data/src/core/ext/transport/chttp2/transport/frame_data.h +10 -10
  115. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +15 -16
  116. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +6 -6
  117. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -8
  118. data/src/core/ext/transport/chttp2/transport/frame_ping.h +7 -6
  119. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +7 -7
  120. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +6 -6
  121. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +11 -10
  122. data/src/core/ext/transport/chttp2/transport/frame_settings.h +6 -6
  123. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -6
  124. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +4 -6
  125. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +652 -736
  126. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +195 -74
  127. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +4 -3
  128. data/src/core/ext/transport/chttp2/transport/hpack_table.h +4 -4
  129. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  130. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +2 -2
  131. data/src/core/ext/transport/chttp2/transport/internal.h +33 -28
  132. data/src/core/ext/transport/chttp2/transport/parsing.cc +129 -106
  133. data/src/core/ext/transport/chttp2/transport/varint.cc +6 -4
  134. data/src/core/ext/transport/chttp2/transport/writing.cc +7 -3
  135. data/src/core/ext/transport/inproc/inproc_transport.cc +72 -60
  136. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +56 -35
  137. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +180 -76
  138. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +35 -27
  139. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +97 -48
  140. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -9
  141. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +67 -7
  142. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +66 -9
  143. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +227 -0
  144. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
  145. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +121 -0
  146. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -0
  147. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
  148. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +90 -0
  149. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +32 -24
  150. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -73
  151. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +4 -2
  152. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +15 -0
  153. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
  154. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -0
  155. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +8 -6
  156. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +27 -19
  157. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +1 -0
  158. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +24 -7
  159. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +57 -0
  160. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +29 -17
  161. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +72 -0
  162. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +3 -2
  163. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +4 -0
  164. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +6 -5
  165. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +15 -11
  166. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +85 -43
  167. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +274 -91
  168. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +11 -8
  169. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +30 -13
  170. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +33 -5
  171. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +115 -0
  172. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
  173. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +181 -0
  174. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +1 -0
  175. data/src/core/ext/upb-generated/validate/validate.upb.c +82 -66
  176. data/src/core/ext/upb-generated/validate/validate.upb.h +220 -124
  177. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
  178. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
  179. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
  180. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
  181. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +437 -410
  182. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
  183. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  184. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
  185. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
  186. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
  187. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
  188. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
  189. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
  190. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
  191. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
  192. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
  193. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
  194. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
  195. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
  196. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
  197. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
  198. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
  199. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
  200. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +684 -664
  201. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  202. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
  203. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
  204. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +441 -375
  205. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
  206. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +122 -114
  207. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +1 -1
  208. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
  209. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
  210. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
  211. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
  212. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
  213. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
  214. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
  215. data/src/core/ext/xds/certificate_provider_factory.h +1 -1
  216. data/src/core/ext/xds/certificate_provider_store.h +3 -3
  217. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +3 -3
  218. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +2 -2
  219. data/src/core/ext/xds/xds_api.cc +665 -317
  220. data/src/core/ext/xds/xds_api.h +52 -14
  221. data/src/core/ext/xds/xds_bootstrap.cc +101 -160
  222. data/src/core/ext/xds/xds_bootstrap.h +19 -24
  223. data/src/core/ext/xds/xds_certificate_provider.cc +4 -4
  224. data/src/core/ext/xds/xds_certificate_provider.h +4 -4
  225. data/src/core/ext/xds/xds_channel_args.h +5 -2
  226. data/src/core/ext/xds/xds_client.cc +370 -215
  227. data/src/core/ext/xds/xds_client.h +38 -28
  228. data/src/core/ext/xds/xds_client_stats.h +3 -2
  229. data/src/core/ext/xds/xds_http_filters.cc +3 -2
  230. data/src/core/ext/xds/xds_http_filters.h +3 -0
  231. data/src/core/ext/xds/xds_server_config_fetcher.cc +34 -20
  232. data/src/core/lib/{iomgr → address_utils}/parse_address.cc +17 -17
  233. data/src/core/lib/{iomgr → address_utils}/parse_address.h +7 -7
  234. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.cc +16 -20
  235. data/src/core/lib/{iomgr → address_utils}/sockaddr_utils.h +16 -11
  236. data/src/core/lib/channel/call_tracer.h +85 -0
  237. data/src/core/lib/channel/channel_stack.cc +10 -9
  238. data/src/core/lib/channel/channel_stack.h +11 -10
  239. data/src/core/lib/channel/channel_stack_builder.cc +2 -2
  240. data/src/core/lib/channel/channel_stack_builder.h +1 -1
  241. data/src/core/lib/channel/channelz.cc +21 -13
  242. data/src/core/lib/channel/channelz.h +3 -0
  243. data/src/core/lib/channel/connected_channel.cc +4 -4
  244. data/src/core/lib/channel/context.h +3 -0
  245. data/src/core/lib/channel/handshaker.cc +7 -6
  246. data/src/core/lib/channel/handshaker.h +5 -5
  247. data/src/core/lib/channel/status_util.h +4 -0
  248. data/src/core/lib/compression/stream_compression.h +1 -1
  249. data/src/core/lib/compression/stream_compression_gzip.h +1 -1
  250. data/src/core/lib/compression/stream_compression_identity.h +1 -1
  251. data/src/core/lib/debug/stats.h +1 -1
  252. data/src/core/lib/event_engine/endpoint_config.cc +46 -0
  253. data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
  254. data/src/core/lib/event_engine/event_engine.cc +50 -0
  255. data/src/core/lib/event_engine/sockaddr.cc +40 -0
  256. data/src/core/lib/event_engine/sockaddr.h +44 -0
  257. data/src/core/lib/gpr/murmur_hash.cc +4 -2
  258. data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
  259. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  260. data/src/core/lib/gprpp/orphanable.h +3 -3
  261. data/src/core/lib/gprpp/ref_counted.h +28 -14
  262. data/src/core/lib/gprpp/status_helper.cc +407 -0
  263. data/src/core/lib/gprpp/status_helper.h +183 -0
  264. data/src/core/lib/gprpp/sync.h +2 -30
  265. data/src/core/lib/http/httpcli.cc +11 -11
  266. data/src/core/lib/http/httpcli_security_connector.cc +11 -7
  267. data/src/core/lib/http/parser.cc +16 -16
  268. data/src/core/lib/http/parser.h +4 -4
  269. data/src/core/lib/iomgr/buffer_list.cc +8 -10
  270. data/src/core/lib/iomgr/buffer_list.h +4 -5
  271. data/src/core/lib/iomgr/call_combiner.cc +15 -12
  272. data/src/core/lib/iomgr/call_combiner.h +12 -14
  273. data/src/core/lib/iomgr/cfstream_handle.cc +3 -3
  274. data/src/core/lib/iomgr/cfstream_handle.h +1 -1
  275. data/src/core/lib/iomgr/closure.h +7 -6
  276. data/src/core/lib/iomgr/combiner.cc +14 -12
  277. data/src/core/lib/iomgr/combiner.h +2 -2
  278. data/src/core/lib/iomgr/endpoint.cc +1 -1
  279. data/src/core/lib/iomgr/endpoint.h +2 -2
  280. data/src/core/lib/iomgr/endpoint_cfstream.cc +11 -13
  281. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
  282. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  283. data/src/core/lib/iomgr/error.cc +168 -61
  284. data/src/core/lib/iomgr/error.h +217 -106
  285. data/src/core/lib/iomgr/error_cfstream.cc +3 -2
  286. data/src/core/lib/iomgr/error_cfstream.h +2 -2
  287. data/src/core/lib/iomgr/error_internal.h +5 -1
  288. data/src/core/lib/iomgr/ev_apple.cc +5 -5
  289. data/src/core/lib/iomgr/ev_apple.h +1 -1
  290. data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -19
  291. data/src/core/lib/iomgr/ev_epollex_linux.cc +48 -45
  292. data/src/core/lib/iomgr/ev_poll_posix.cc +26 -23
  293. data/src/core/lib/iomgr/ev_posix.cc +9 -8
  294. data/src/core/lib/iomgr/ev_posix.h +9 -9
  295. data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
  296. data/src/core/lib/iomgr/event_engine/closure.h +33 -0
  297. data/src/core/lib/iomgr/event_engine/endpoint.cc +192 -0
  298. data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
  299. data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
  300. data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
  301. data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
  302. data/src/core/lib/iomgr/event_engine/pollset.h +25 -0
  303. data/src/core/lib/iomgr/event_engine/promise.h +51 -0
  304. data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
  305. data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
  306. data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
  307. data/src/core/lib/iomgr/event_engine/tcp.cc +263 -0
  308. data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
  309. data/src/core/lib/iomgr/exec_ctx.cc +12 -4
  310. data/src/core/lib/iomgr/exec_ctx.h +4 -5
  311. data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
  312. data/src/core/lib/iomgr/executor/threadpool.h +2 -2
  313. data/src/core/lib/iomgr/executor.cc +8 -8
  314. data/src/core/lib/iomgr/executor.h +2 -2
  315. data/src/core/lib/iomgr/iomgr.cc +2 -2
  316. data/src/core/lib/iomgr/iomgr.h +1 -1
  317. data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
  318. data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
  319. data/src/core/lib/iomgr/iomgr_internal.h +3 -3
  320. data/src/core/lib/iomgr/iomgr_posix.cc +3 -1
  321. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +42 -12
  322. data/src/core/lib/iomgr/iomgr_windows.cc +1 -1
  323. data/src/core/lib/iomgr/load_file.cc +4 -4
  324. data/src/core/lib/iomgr/load_file.h +2 -2
  325. data/src/core/lib/iomgr/lockfree_event.cc +5 -5
  326. data/src/core/lib/iomgr/lockfree_event.h +1 -1
  327. data/src/core/lib/iomgr/pollset.cc +5 -5
  328. data/src/core/lib/iomgr/pollset.h +9 -9
  329. data/src/core/lib/iomgr/pollset_custom.cc +7 -7
  330. data/src/core/lib/iomgr/pollset_custom.h +3 -1
  331. data/src/core/lib/iomgr/pollset_uv.cc +3 -1
  332. data/src/core/lib/iomgr/pollset_uv.h +5 -1
  333. data/src/core/lib/iomgr/pollset_windows.cc +5 -5
  334. data/src/core/lib/iomgr/port.h +7 -5
  335. data/src/core/lib/iomgr/python_util.h +2 -2
  336. data/src/core/lib/iomgr/resolve_address.cc +8 -4
  337. data/src/core/lib/iomgr/resolve_address.h +12 -6
  338. data/src/core/lib/iomgr/resolve_address_custom.cc +10 -9
  339. data/src/core/lib/iomgr/resolve_address_custom.h +3 -3
  340. data/src/core/lib/iomgr/resolve_address_posix.cc +3 -3
  341. data/src/core/lib/iomgr/resolve_address_windows.cc +4 -4
  342. data/src/core/lib/iomgr/resource_quota.cc +13 -10
  343. data/src/core/lib/iomgr/sockaddr.h +1 -0
  344. data/src/core/lib/iomgr/socket_mutator.cc +15 -2
  345. data/src/core/lib/iomgr/socket_mutator.h +26 -2
  346. data/src/core/lib/iomgr/socket_utils_common_posix.cc +24 -22
  347. data/src/core/lib/iomgr/socket_utils_posix.h +20 -20
  348. data/src/core/lib/iomgr/tcp_client_cfstream.cc +4 -4
  349. data/src/core/lib/iomgr/tcp_client_custom.cc +5 -6
  350. data/src/core/lib/iomgr/tcp_client_posix.cc +22 -19
  351. data/src/core/lib/iomgr/tcp_client_posix.h +3 -4
  352. data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
  353. data/src/core/lib/iomgr/tcp_custom.cc +14 -16
  354. data/src/core/lib/iomgr/tcp_custom.h +13 -12
  355. data/src/core/lib/iomgr/tcp_posix.cc +78 -73
  356. data/src/core/lib/iomgr/tcp_posix.h +8 -0
  357. data/src/core/lib/iomgr/tcp_server.cc +6 -6
  358. data/src/core/lib/iomgr/tcp_server.h +12 -11
  359. data/src/core/lib/iomgr/tcp_server_custom.cc +26 -25
  360. data/src/core/lib/iomgr/tcp_server_posix.cc +29 -21
  361. data/src/core/lib/iomgr/tcp_server_utils_posix.h +13 -12
  362. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +21 -18
  363. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +9 -9
  364. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  365. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -25
  366. data/src/core/lib/iomgr/tcp_uv.cc +25 -23
  367. data/src/core/lib/iomgr/tcp_windows.cc +13 -13
  368. data/src/core/lib/iomgr/tcp_windows.h +2 -2
  369. data/src/core/lib/iomgr/timer.h +6 -1
  370. data/src/core/lib/iomgr/timer_custom.cc +2 -1
  371. data/src/core/lib/iomgr/timer_custom.h +1 -1
  372. data/src/core/lib/iomgr/timer_generic.cc +6 -6
  373. data/src/core/lib/iomgr/timer_manager.cc +1 -1
  374. data/src/core/lib/iomgr/udp_server.cc +21 -20
  375. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -3
  376. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -2
  377. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +10 -7
  378. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +3 -3
  379. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +4 -4
  380. data/src/core/lib/iomgr/wakeup_fd_posix.cc +3 -3
  381. data/src/core/lib/iomgr/wakeup_fd_posix.h +8 -6
  382. data/src/core/lib/iomgr/work_serializer.h +17 -1
  383. data/src/core/lib/json/json.h +1 -1
  384. data/src/core/lib/json/json_reader.cc +5 -6
  385. data/src/core/lib/matchers/matchers.cc +46 -58
  386. data/src/core/lib/matchers/matchers.h +30 -29
  387. data/src/core/lib/security/authorization/authorization_engine.h +44 -0
  388. data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
  389. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
  390. data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
  391. data/src/core/lib/security/authorization/evaluate_args.h +91 -0
  392. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -4
  393. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  394. data/src/core/lib/security/credentials/credentials.h +2 -2
  395. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +17 -13
  396. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +13 -11
  397. data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -1
  398. data/src/core/lib/security/credentials/external/aws_request_signer.h +1 -1
  399. data/src/core/lib/security/credentials/external/external_account_credentials.cc +15 -12
  400. data/src/core/lib/security/credentials/external/external_account_credentials.h +9 -8
  401. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -4
  402. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -3
  403. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +8 -8
  404. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +9 -7
  405. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
  406. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  407. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -10
  408. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -2
  409. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  410. data/src/core/lib/security/credentials/jwt/json_token.cc +2 -2
  411. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +3 -3
  412. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  413. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +7 -5
  414. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +21 -19
  415. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +5 -5
  416. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +5 -5
  417. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  418. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +8 -7
  419. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +9 -9
  420. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +68 -13
  421. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -0
  422. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +4 -0
  423. data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
  424. data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
  425. data/src/core/lib/security/credentials/xds/xds_credentials.cc +3 -3
  426. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +13 -3
  427. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +13 -3
  428. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  429. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +12 -2
  430. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +1 -1
  431. data/src/core/lib/security/security_connector/local/local_security_connector.cc +22 -9
  432. data/src/core/lib/security/security_connector/security_connector.h +9 -4
  433. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +16 -6
  434. data/src/core/lib/security/security_connector/ssl_utils.cc +27 -4
  435. data/src/core/lib/security/security_connector/ssl_utils.h +4 -4
  436. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +60 -76
  437. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +66 -48
  438. data/src/core/lib/security/transport/client_auth_filter.cc +18 -10
  439. data/src/core/lib/security/transport/secure_endpoint.cc +4 -4
  440. data/src/core/lib/security/transport/security_handshaker.cc +45 -36
  441. data/src/core/lib/security/transport/server_auth_filter.cc +17 -18
  442. data/src/core/lib/security/transport/tsi_error.cc +2 -1
  443. data/src/core/lib/security/transport/tsi_error.h +2 -1
  444. data/src/core/lib/security/util/json_util.cc +2 -2
  445. data/src/core/lib/security/util/json_util.h +1 -1
  446. data/src/core/lib/slice/slice_internal.h +1 -0
  447. data/src/core/lib/surface/call.cc +72 -52
  448. data/src/core/lib/surface/call.h +13 -2
  449. data/src/core/lib/surface/channel.cc +6 -6
  450. data/src/core/lib/surface/channel.h +3 -2
  451. data/src/core/lib/surface/channel_ping.cc +1 -1
  452. data/src/core/lib/surface/completion_queue.cc +68 -69
  453. data/src/core/lib/surface/completion_queue.h +3 -2
  454. data/src/core/lib/surface/completion_queue_factory.cc +1 -2
  455. data/src/core/lib/surface/init.cc +1 -3
  456. data/src/core/lib/surface/init.h +10 -1
  457. data/src/core/lib/surface/lame_client.cc +11 -11
  458. data/src/core/lib/surface/lame_client.h +1 -1
  459. data/src/core/lib/surface/server.cc +31 -23
  460. data/src/core/lib/surface/server.h +19 -18
  461. data/src/core/lib/surface/validate_metadata.cc +7 -7
  462. data/src/core/lib/surface/validate_metadata.h +3 -2
  463. data/src/core/lib/surface/version.cc +2 -2
  464. data/src/core/lib/transport/byte_stream.cc +5 -5
  465. data/src/core/lib/transport/byte_stream.h +8 -8
  466. data/src/core/lib/transport/connectivity_state.cc +1 -1
  467. data/src/core/lib/transport/error_utils.cc +21 -10
  468. data/src/core/lib/transport/error_utils.h +11 -5
  469. data/src/core/lib/transport/metadata_batch.cc +37 -37
  470. data/src/core/lib/transport/metadata_batch.h +19 -18
  471. data/src/core/lib/transport/transport.cc +4 -3
  472. data/src/core/lib/transport/transport.h +6 -4
  473. data/src/core/lib/transport/transport_op_string.cc +6 -6
  474. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
  475. data/src/core/tsi/alts/crypt/gsec.h +6 -0
  476. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +5 -4
  477. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +7 -6
  478. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +2 -1
  479. data/src/core/tsi/ssl_transport_security.cc +32 -14
  480. data/src/core/tsi/ssl_transport_security.h +3 -4
  481. data/src/ruby/bin/math_services_pb.rb +1 -1
  482. data/src/ruby/ext/grpc/extconf.rb +2 -0
  483. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
  484. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +11 -2
  485. data/src/ruby/lib/grpc/version.rb +1 -1
  486. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +1 -1
  487. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +6 -6
  488. data/third_party/abseil-cpp/absl/algorithm/container.h +3 -3
  489. data/third_party/abseil-cpp/absl/base/attributes.h +24 -4
  490. data/third_party/abseil-cpp/absl/base/call_once.h +2 -9
  491. data/third_party/abseil-cpp/absl/base/config.h +37 -9
  492. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +24 -10
  493. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +4 -1
  494. data/third_party/abseil-cpp/absl/base/internal/endian.h +61 -0
  495. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +2 -3
  496. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +34 -32
  497. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +16 -6
  498. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +11 -2
  499. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +14 -5
  500. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +2 -2
  501. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +3 -3
  502. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +2 -2
  503. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +11 -11
  504. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +5 -5
  505. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +1 -1
  506. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +5 -2
  507. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +43 -42
  508. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +111 -7
  509. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +0 -76
  510. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +1 -3
  511. data/third_party/abseil-cpp/absl/base/log_severity.h +4 -4
  512. data/third_party/abseil-cpp/absl/base/macros.h +11 -0
  513. data/third_party/abseil-cpp/absl/base/optimization.h +10 -7
  514. data/third_party/abseil-cpp/absl/base/options.h +1 -1
  515. data/third_party/abseil-cpp/absl/base/port.h +0 -1
  516. data/third_party/abseil-cpp/absl/base/thread_annotations.h +1 -1
  517. data/third_party/abseil-cpp/absl/container/fixed_array.h +2 -2
  518. data/third_party/abseil-cpp/absl/container/inlined_vector.h +5 -3
  519. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +1 -1
  520. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +5 -1
  521. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -1
  522. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +2 -1
  523. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +141 -66
  524. data/third_party/abseil-cpp/absl/container/internal/layout.h +4 -4
  525. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +14 -1
  526. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +136 -136
  527. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +16 -12
  528. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +5 -2
  529. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +3 -12
  530. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +6 -1
  531. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +3 -5
  532. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +2 -2
  533. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +2 -2
  534. data/third_party/abseil-cpp/absl/hash/internal/city.cc +15 -12
  535. data/third_party/abseil-cpp/absl/hash/internal/city.h +1 -19
  536. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +25 -10
  537. data/third_party/abseil-cpp/absl/hash/internal/hash.h +86 -37
  538. data/third_party/abseil-cpp/absl/hash/internal/wyhash.cc +111 -0
  539. data/third_party/abseil-cpp/absl/hash/internal/wyhash.h +48 -0
  540. data/third_party/abseil-cpp/absl/meta/type_traits.h +16 -2
  541. data/third_party/abseil-cpp/absl/numeric/bits.h +177 -0
  542. data/third_party/abseil-cpp/absl/numeric/int128.cc +3 -3
  543. data/third_party/abseil-cpp/absl/numeric/internal/bits.h +358 -0
  544. data/third_party/abseil-cpp/absl/numeric/internal/representation.h +55 -0
  545. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +18 -0
  546. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +4 -7
  547. data/third_party/abseil-cpp/absl/status/status.cc +29 -22
  548. data/third_party/abseil-cpp/absl/status/status.h +81 -20
  549. data/third_party/abseil-cpp/absl/status/statusor.h +3 -3
  550. data/third_party/abseil-cpp/absl/strings/charconv.cc +5 -5
  551. data/third_party/abseil-cpp/absl/strings/cord.cc +326 -371
  552. data/third_party/abseil-cpp/absl/strings/cord.h +182 -64
  553. data/third_party/abseil-cpp/absl/strings/escaping.cc +4 -4
  554. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +6 -6
  555. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +83 -0
  556. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +387 -17
  557. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_flat.h +146 -0
  558. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +897 -0
  559. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +589 -0
  560. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +114 -0
  561. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +14 -0
  562. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +14 -0
  563. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +15 -1
  564. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +19 -4
  565. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +14 -0
  566. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +36 -18
  567. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +14 -0
  568. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +14 -0
  569. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +14 -0
  570. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +15 -40
  571. data/third_party/abseil-cpp/absl/strings/internal/string_constant.h +64 -0
  572. data/third_party/abseil-cpp/absl/strings/match.cc +6 -3
  573. data/third_party/abseil-cpp/absl/strings/match.h +16 -6
  574. data/third_party/abseil-cpp/absl/strings/numbers.cc +132 -4
  575. data/third_party/abseil-cpp/absl/strings/numbers.h +10 -10
  576. data/third_party/abseil-cpp/absl/strings/str_join.h +1 -1
  577. data/third_party/abseil-cpp/absl/strings/str_split.h +38 -4
  578. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +154 -0
  579. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +2 -1
  580. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +2 -2
  581. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +4 -4
  582. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +1 -65
  583. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -6
  584. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +71 -59
  585. data/third_party/abseil-cpp/absl/synchronization/mutex.h +79 -62
  586. data/third_party/abseil-cpp/absl/time/clock.cc +146 -130
  587. data/third_party/abseil-cpp/absl/time/clock.h +2 -2
  588. data/third_party/abseil-cpp/absl/time/duration.cc +3 -2
  589. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +7 -11
  590. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +7 -1
  591. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +4 -4
  592. data/third_party/abseil-cpp/absl/time/time.cc +4 -3
  593. data/third_party/abseil-cpp/absl/time/time.h +26 -24
  594. data/third_party/abseil-cpp/absl/types/internal/variant.h +1 -1
  595. data/third_party/abseil-cpp/absl/types/variant.h +9 -4
  596. data/third_party/boringssl-with-bazel/err_data.c +483 -461
  597. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +1 -1
  598. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +9 -7
  599. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +18 -8
  600. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -2
  601. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +5 -0
  602. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  603. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  604. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
  605. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +1 -88
  606. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -3
  607. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +119 -273
  608. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
  609. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
  610. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +87 -80
  611. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +1 -1
  614. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
  615. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -3
  616. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +25 -2
  617. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
  618. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +10 -2
  619. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -160
  620. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +4 -0
  621. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +0 -1
  622. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +0 -4
  623. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +104 -93
  624. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +39 -0
  625. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +52 -65
  626. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +52 -66
  627. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +33 -22
  628. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +9 -8
  629. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +9 -8
  630. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +17 -13
  631. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +1 -22
  632. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -1
  633. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
  634. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
  635. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +26 -7
  636. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
  637. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
  638. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +79 -0
  639. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +14 -9
  640. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +61 -75
  641. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +80 -103
  642. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +40 -49
  643. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +367 -315
  644. data/third_party/boringssl-with-bazel/src/crypto/internal.h +65 -0
  645. data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -0
  646. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +3 -3
  647. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +5 -3
  648. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +95 -48
  649. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
  650. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +1 -1
  651. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
  652. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +0 -28
  653. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +120 -11
  654. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +2 -0
  655. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
  656. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +19 -25
  657. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +3 -2
  658. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +42 -89
  659. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +9 -16
  660. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
  661. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
  662. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
  663. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
  664. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
  665. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +21 -17
  666. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
  667. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +7 -25
  668. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +5 -0
  669. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +25 -22
  670. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
  671. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
  672. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +2 -0
  673. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
  674. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
  675. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -4
  676. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
  677. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -0
  678. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
  679. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -4
  680. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
  681. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +120 -41
  682. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +47 -7
  683. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
  684. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
  685. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +0 -8
  686. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +24 -4
  687. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
  688. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +5 -2
  689. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +33 -0
  690. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +3 -2
  691. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +20 -49
  692. data/third_party/boringssl-with-bazel/src/{crypto/x509/x509_r2x.c → include/openssl/evp_errors.h} +41 -58
  693. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
  694. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +24 -5
  695. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +25 -7
  696. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +9 -1
  697. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +2 -2
  698. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
  699. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +283 -85
  700. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +13 -19
  701. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +445 -152
  702. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
  703. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +2 -1
  704. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +7 -2
  705. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
  706. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +1133 -0
  707. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +298 -22
  708. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +66 -30
  709. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
  710. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +154 -24
  711. data/third_party/boringssl-with-bazel/src/ssl/internal.h +414 -135
  712. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +9 -3
  713. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  714. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
  715. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +4 -6
  716. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +23 -26
  717. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +51 -60
  718. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
  719. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
  720. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
  721. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
  722. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
  723. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +664 -702
  724. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +65 -7
  725. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
  726. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
  727. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +213 -118
  728. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +4 -2
  729. data/third_party/xxhash/xxhash.h +77 -195
  730. metadata +116 -51
  731. data/src/core/lib/gpr/arena.h +0 -47
  732. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +0 -88
  733. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +0 -88
  734. data/third_party/abseil-cpp/absl/base/internal/bits.h +0 -219
  735. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +0 -249
  736. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +0 -29
  737. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -246
  738. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -15,6 +15,7 @@
15
15
  #include <openssl/ssl.h>
16
16
 
17
17
  #include <openssl/bytestring.h>
18
+ #include <openssl/err.h>
18
19
 
19
20
  #include "internal.h"
20
21
 
@@ -93,7 +94,7 @@ bool SSL_serialize_handoff(const SSL *ssl, CBB *out,
93
94
  !serialize_features(&seq) ||
94
95
  !CBB_flush(out) ||
95
96
  !ssl->method->get_message(ssl, &msg) ||
96
- !ssl_client_hello_init(ssl, out_hello, msg)) {
97
+ !ssl_client_hello_init(ssl, out_hello, msg.body)) {
97
98
  return false;
98
99
  }
99
100
 
@@ -231,7 +232,7 @@ static bool apply_remote_features(SSL *ssl, CBS *in) {
231
232
  // disqualifies it for split handshakes.
232
233
  static bool uses_disallowed_feature(const SSL *ssl) {
233
234
  return ssl->method->is_dtls || (ssl->config->cert && ssl->config->cert->dc) ||
234
- ssl->config->quic_transport_params.size() > 0;
235
+ ssl->config->quic_transport_params.size() > 0 || ssl->ctx->ech_keys;
235
236
  }
236
237
 
237
238
  bool SSL_apply_handoff(SSL *ssl, Span<const uint8_t> handoff) {
@@ -337,6 +338,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
337
338
  } else {
338
339
  session = s3->session_reused ? ssl->session.get() : hs->new_session.get();
339
340
  }
341
+ static const uint8_t kUnusedChannelID[64] = {0};
340
342
  if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
341
343
  !CBB_add_asn1_uint64(&seq, kHandbackVersion) ||
342
344
  !CBB_add_asn1_uint64(&seq, type) ||
@@ -351,7 +353,7 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
351
353
  !CBB_add_asn1_octet_string(&seq, read_iv, read_iv_len) ||
352
354
  !CBB_add_asn1_octet_string(&seq, write_iv, write_iv_len) ||
353
355
  !CBB_add_asn1_bool(&seq, s3->session_reused) ||
354
- !CBB_add_asn1_bool(&seq, s3->channel_id_valid) ||
356
+ !CBB_add_asn1_bool(&seq, hs->channel_id_negotiated) ||
355
357
  !ssl_session_serialize(session, &seq) ||
356
358
  !CBB_add_asn1_octet_string(&seq, s3->next_proto_negotiated.data(),
357
359
  s3->next_proto_negotiated.size()) ||
@@ -360,10 +362,12 @@ bool SSL_serialize_handback(const SSL *ssl, CBB *out) {
360
362
  !CBB_add_asn1_octet_string(
361
363
  &seq, reinterpret_cast<uint8_t *>(s3->hostname.get()),
362
364
  hostname_len) ||
363
- !CBB_add_asn1_octet_string(&seq, s3->channel_id,
364
- sizeof(s3->channel_id)) ||
365
- !CBB_add_asn1_bool(&seq, ssl->s3->token_binding_negotiated) ||
366
- !CBB_add_asn1_uint64(&seq, ssl->s3->negotiated_token_binding_param) ||
365
+ !CBB_add_asn1_octet_string(&seq, kUnusedChannelID,
366
+ sizeof(kUnusedChannelID)) ||
367
+ // These two fields were historically |token_binding_negotiated| and
368
+ // |negotiated_token_binding_param|.
369
+ !CBB_add_asn1_bool(&seq, 0) ||
370
+ !CBB_add_asn1_uint64(&seq, 0) ||
367
371
  !CBB_add_asn1_bool(&seq, s3->hs->next_proto_neg_seen) ||
368
372
  !CBB_add_asn1_bool(&seq, s3->hs->cert_request) ||
369
373
  !CBB_add_asn1_bool(&seq, s3->hs->extended_master_secret) ||
@@ -442,12 +446,13 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
442
446
  }
443
447
 
444
448
  SSL3_STATE *const s3 = ssl->s3;
445
- uint64_t handback_version, negotiated_token_binding_param, cipher, type_u64;
449
+ uint64_t handback_version, unused_token_binding_param, cipher, type_u64;
446
450
 
447
451
  CBS seq, read_seq, write_seq, server_rand, client_rand, read_iv, write_iv,
448
- next_proto, alpn, hostname, channel_id, transcript, key_share;
449
- int session_reused, channel_id_valid, cert_request, extended_master_secret,
450
- ticket_expected, token_binding_negotiated, next_proto_neg_seen;
452
+ next_proto, alpn, hostname, unused_channel_id, transcript, key_share;
453
+ int session_reused, channel_id_negotiated, cert_request,
454
+ extended_master_secret, ticket_expected, unused_token_binding,
455
+ next_proto_neg_seen;
451
456
  SSL_SESSION *session = nullptr;
452
457
 
453
458
  CBS handback_cbs(handback);
@@ -475,7 +480,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
475
480
  !CBS_get_asn1(&seq, &read_iv, CBS_ASN1_OCTETSTRING) ||
476
481
  !CBS_get_asn1(&seq, &write_iv, CBS_ASN1_OCTETSTRING) ||
477
482
  !CBS_get_asn1_bool(&seq, &session_reused) ||
478
- !CBS_get_asn1_bool(&seq, &channel_id_valid)) {
483
+ !CBS_get_asn1_bool(&seq, &channel_id_negotiated)) {
479
484
  return false;
480
485
  }
481
486
 
@@ -494,12 +499,9 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
494
499
  if (!session || !CBS_get_asn1(&seq, &next_proto, CBS_ASN1_OCTETSTRING) ||
495
500
  !CBS_get_asn1(&seq, &alpn, CBS_ASN1_OCTETSTRING) ||
496
501
  !CBS_get_asn1(&seq, &hostname, CBS_ASN1_OCTETSTRING) ||
497
- !CBS_get_asn1(&seq, &channel_id, CBS_ASN1_OCTETSTRING) ||
498
- CBS_len(&channel_id) != sizeof(s3->channel_id) ||
499
- !CBS_copy_bytes(&channel_id, s3->channel_id,
500
- sizeof(s3->channel_id)) ||
501
- !CBS_get_asn1_bool(&seq, &token_binding_negotiated) ||
502
- !CBS_get_asn1_uint64(&seq, &negotiated_token_binding_param) ||
502
+ !CBS_get_asn1(&seq, &unused_channel_id, CBS_ASN1_OCTETSTRING) ||
503
+ !CBS_get_asn1_bool(&seq, &unused_token_binding) ||
504
+ !CBS_get_asn1_uint64(&seq, &unused_token_binding_param) ||
503
505
  !CBS_get_asn1_bool(&seq, &next_proto_neg_seen) ||
504
506
  !CBS_get_asn1_bool(&seq, &cert_request) ||
505
507
  !CBS_get_asn1_bool(&seq, &extended_master_secret) ||
@@ -613,7 +615,7 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
613
615
  return false;
614
616
  }
615
617
  s3->session_reused = session_reused;
616
- s3->channel_id_valid = channel_id_valid;
618
+ hs->channel_id_negotiated = channel_id_negotiated;
617
619
  s3->next_proto_negotiated.CopyFrom(next_proto);
618
620
  s3->alpn_selected.CopyFrom(alpn);
619
621
 
@@ -628,9 +630,6 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
628
630
  s3->hostname.reset(hostname_str);
629
631
  }
630
632
 
631
- s3->token_binding_negotiated = token_binding_negotiated;
632
- s3->negotiated_token_binding_param =
633
- static_cast<uint8_t>(negotiated_token_binding_param);
634
633
  hs->next_proto_neg_seen = next_proto_neg_seen;
635
634
  hs->wait = ssl_hs_flush;
636
635
  hs->extended_master_secret = extended_master_secret;
@@ -708,3 +707,280 @@ bool SSL_apply_handback(SSL *ssl, Span<const uint8_t> handback) {
708
707
  }
709
708
 
710
709
  BSSL_NAMESPACE_END
710
+
711
+ using namespace bssl;
712
+
713
+ int SSL_serialize_capabilities(const SSL *ssl, CBB *out) {
714
+ CBB seq;
715
+ if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE) ||
716
+ !serialize_features(&seq) || //
717
+ !CBB_flush(out)) {
718
+ return 0;
719
+ }
720
+
721
+ return 1;
722
+ }
723
+
724
+ int SSL_request_handshake_hints(SSL *ssl, const uint8_t *client_hello,
725
+ size_t client_hello_len,
726
+ const uint8_t *capabilities,
727
+ size_t capabilities_len) {
728
+ if (SSL_is_dtls(ssl)) {
729
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
730
+ return 0;
731
+ }
732
+
733
+ CBS cbs, seq;
734
+ CBS_init(&cbs, capabilities, capabilities_len);
735
+ UniquePtr<SSL_HANDSHAKE_HINTS> hints = MakeUnique<SSL_HANDSHAKE_HINTS>();
736
+ if (hints == nullptr ||
737
+ !CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) ||
738
+ !apply_remote_features(ssl, &seq)) {
739
+ return 0;
740
+ }
741
+
742
+ SSL3_STATE *const s3 = ssl->s3;
743
+ s3->v2_hello_done = true;
744
+ s3->has_message = true;
745
+
746
+ Array<uint8_t> client_hello_msg;
747
+ ScopedCBB client_hello_cbb;
748
+ CBB client_hello_body;
749
+ if (!ssl->method->init_message(ssl, client_hello_cbb.get(),
750
+ &client_hello_body, SSL3_MT_CLIENT_HELLO) ||
751
+ !CBB_add_bytes(&client_hello_body, client_hello, client_hello_len) ||
752
+ !ssl->method->finish_message(ssl, client_hello_cbb.get(),
753
+ &client_hello_msg)) {
754
+ return 0;
755
+ }
756
+
757
+ s3->hs_buf.reset(BUF_MEM_new());
758
+ if (!s3->hs_buf || !BUF_MEM_append(s3->hs_buf.get(), client_hello_msg.data(),
759
+ client_hello_msg.size())) {
760
+ return 0;
761
+ }
762
+
763
+ s3->hs->hints_requested = true;
764
+ s3->hs->hints = std::move(hints);
765
+ return 1;
766
+ }
767
+
768
+ // |SSL_HANDSHAKE_HINTS| is serialized as the following ASN.1 structure. We use
769
+ // implicit tagging to make it a little more compact.
770
+ //
771
+ // HandshakeHints ::= SEQUENCE {
772
+ // serverRandom [0] IMPLICIT OCTET STRING OPTIONAL,
773
+ // keyShareHint [1] IMPLICIT KeyShareHint OPTIONAL,
774
+ // signatureHint [2] IMPLICIT SignatureHint OPTIONAL,
775
+ // -- At most one of decryptedPSKHint or ignorePSKHint may be present. It
776
+ // -- corresponds to the first entry in pre_shared_keys. TLS 1.2 session
777
+ // -- tickets will use a separate hint, to ensure the caller does not mix
778
+ // -- them up.
779
+ // decryptedPSKHint [3] IMPLICIT OCTET STRING OPTIONAL,
780
+ // ignorePSKHint [4] IMPLICIT NULL OPTIONAL,
781
+ // compressCertificateHint [5] IMPLICIT CompressCertificateHint OPTIONAL,
782
+ // }
783
+ //
784
+ // KeyShareHint ::= SEQUENCE {
785
+ // groupId INTEGER,
786
+ // publicKey OCTET STRING,
787
+ // secret OCTET STRING,
788
+ // }
789
+ //
790
+ // SignatureHint ::= SEQUENCE {
791
+ // algorithm INTEGER,
792
+ // input OCTET STRING,
793
+ // subjectPublicKeyInfo OCTET STRING,
794
+ // signature OCTET STRING,
795
+ // }
796
+ //
797
+ // CompressCertificateHint ::= SEQUENCE {
798
+ // algorithm INTEGER,
799
+ // input OCTET STRING,
800
+ // compressed OCTET STRING,
801
+ // }
802
+
803
+ // HandshakeHints tags.
804
+ static const unsigned kServerRandomTag = CBS_ASN1_CONTEXT_SPECIFIC | 0;
805
+ static const unsigned kKeyShareHintTag =
806
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 1;
807
+ static const unsigned kSignatureHintTag =
808
+ CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 2;
809
+ static const unsigned kDecryptedPSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 3;
810
+ static const unsigned kIgnorePSKTag = CBS_ASN1_CONTEXT_SPECIFIC | 4;
811
+ static const unsigned kCompressCertificateTag = CBS_ASN1_CONTEXT_SPECIFIC | 5;
812
+
813
+ int SSL_serialize_handshake_hints(const SSL *ssl, CBB *out) {
814
+ const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
815
+ if (!ssl->server || !hs->hints_requested) {
816
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
817
+ return 0;
818
+ }
819
+
820
+ const SSL_HANDSHAKE_HINTS *hints = hs->hints.get();
821
+ CBB seq, child;
822
+ if (!CBB_add_asn1(out, &seq, CBS_ASN1_SEQUENCE)) {
823
+ return 0;
824
+ }
825
+
826
+ if (!hints->server_random.empty()) {
827
+ if (!CBB_add_asn1(&seq, &child, kServerRandomTag) ||
828
+ !CBB_add_bytes(&child, hints->server_random.data(),
829
+ hints->server_random.size())) {
830
+ return 0;
831
+ }
832
+ }
833
+
834
+ if (hints->key_share_group_id != 0 && !hints->key_share_public_key.empty() &&
835
+ !hints->key_share_secret.empty()) {
836
+ if (!CBB_add_asn1(&seq, &child, kKeyShareHintTag) ||
837
+ !CBB_add_asn1_uint64(&child, hints->key_share_group_id) ||
838
+ !CBB_add_asn1_octet_string(&child, hints->key_share_public_key.data(),
839
+ hints->key_share_public_key.size()) ||
840
+ !CBB_add_asn1_octet_string(&child, hints->key_share_secret.data(),
841
+ hints->key_share_secret.size())) {
842
+ return 0;
843
+ }
844
+ }
845
+
846
+ if (hints->signature_algorithm != 0 && !hints->signature_input.empty() &&
847
+ !hints->signature.empty()) {
848
+ if (!CBB_add_asn1(&seq, &child, kSignatureHintTag) ||
849
+ !CBB_add_asn1_uint64(&child, hints->signature_algorithm) ||
850
+ !CBB_add_asn1_octet_string(&child, hints->signature_input.data(),
851
+ hints->signature_input.size()) ||
852
+ !CBB_add_asn1_octet_string(&child, hints->signature_spki.data(),
853
+ hints->signature_spki.size()) ||
854
+ !CBB_add_asn1_octet_string(&child, hints->signature.data(),
855
+ hints->signature.size())) {
856
+ return 0;
857
+ }
858
+ }
859
+
860
+ if (!hints->decrypted_psk.empty()) {
861
+ if (!CBB_add_asn1(&seq, &child, kDecryptedPSKTag) ||
862
+ !CBB_add_bytes(&child, hints->decrypted_psk.data(),
863
+ hints->decrypted_psk.size())) {
864
+ return 0;
865
+ }
866
+ }
867
+
868
+ if (hints->ignore_psk && //
869
+ !CBB_add_asn1(&seq, &child, kIgnorePSKTag)) {
870
+ return 0;
871
+ }
872
+
873
+ if (hints->cert_compression_alg_id != 0 &&
874
+ !hints->cert_compression_input.empty() &&
875
+ !hints->cert_compression_output.empty()) {
876
+ if (!CBB_add_asn1(&seq, &child, kCompressCertificateTag) ||
877
+ !CBB_add_asn1_uint64(&child, hints->cert_compression_alg_id) ||
878
+ !CBB_add_asn1_octet_string(&child, hints->cert_compression_input.data(),
879
+ hints->cert_compression_input.size()) ||
880
+ !CBB_add_asn1_octet_string(&child,
881
+ hints->cert_compression_output.data(),
882
+ hints->cert_compression_output.size())) {
883
+ return 0;
884
+ }
885
+ }
886
+
887
+ return CBB_flush(out);
888
+ }
889
+
890
+ int SSL_set_handshake_hints(SSL *ssl, const uint8_t *hints, size_t hints_len) {
891
+ if (SSL_is_dtls(ssl)) {
892
+ OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
893
+ return 0;
894
+ }
895
+
896
+ UniquePtr<SSL_HANDSHAKE_HINTS> hints_obj = MakeUnique<SSL_HANDSHAKE_HINTS>();
897
+ if (hints_obj == nullptr) {
898
+ return 0;
899
+ }
900
+
901
+ CBS cbs, seq, server_random, key_share, signature_hint, ticket, ignore_psk,
902
+ cert_compression;
903
+ int has_server_random, has_key_share, has_signature_hint, has_ticket,
904
+ has_ignore_psk, has_cert_compression;
905
+ CBS_init(&cbs, hints, hints_len);
906
+ if (!CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) ||
907
+ !CBS_get_optional_asn1(&seq, &server_random, &has_server_random,
908
+ kServerRandomTag) ||
909
+ !CBS_get_optional_asn1(&seq, &key_share, &has_key_share,
910
+ kKeyShareHintTag) ||
911
+ !CBS_get_optional_asn1(&seq, &signature_hint, &has_signature_hint,
912
+ kSignatureHintTag) ||
913
+ !CBS_get_optional_asn1(&seq, &ticket, &has_ticket, kDecryptedPSKTag) ||
914
+ !CBS_get_optional_asn1(&seq, &ignore_psk, &has_ignore_psk,
915
+ kIgnorePSKTag) ||
916
+ !CBS_get_optional_asn1(&seq, &cert_compression, &has_cert_compression,
917
+ kCompressCertificateTag)) {
918
+ OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
919
+ return 0;
920
+ }
921
+
922
+ if (has_server_random && !hints_obj->server_random.CopyFrom(server_random)) {
923
+ return 0;
924
+ }
925
+
926
+ if (has_key_share) {
927
+ uint64_t group_id;
928
+ CBS public_key, secret;
929
+ if (!CBS_get_asn1_uint64(&key_share, &group_id) || //
930
+ group_id == 0 || group_id > 0xffff ||
931
+ !CBS_get_asn1(&key_share, &public_key, CBS_ASN1_OCTETSTRING) ||
932
+ !hints_obj->key_share_public_key.CopyFrom(public_key) ||
933
+ !CBS_get_asn1(&key_share, &secret, CBS_ASN1_OCTETSTRING) ||
934
+ !hints_obj->key_share_secret.CopyFrom(secret)) {
935
+ OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
936
+ return 0;
937
+ }
938
+ hints_obj->key_share_group_id = static_cast<uint16_t>(group_id);
939
+ }
940
+
941
+ if (has_signature_hint) {
942
+ uint64_t sig_alg;
943
+ CBS input, spki, signature;
944
+ if (!CBS_get_asn1_uint64(&signature_hint, &sig_alg) || //
945
+ sig_alg == 0 || sig_alg > 0xffff ||
946
+ !CBS_get_asn1(&signature_hint, &input, CBS_ASN1_OCTETSTRING) ||
947
+ !hints_obj->signature_input.CopyFrom(input) ||
948
+ !CBS_get_asn1(&signature_hint, &spki, CBS_ASN1_OCTETSTRING) ||
949
+ !hints_obj->signature_spki.CopyFrom(spki) ||
950
+ !CBS_get_asn1(&signature_hint, &signature, CBS_ASN1_OCTETSTRING) ||
951
+ !hints_obj->signature.CopyFrom(signature)) {
952
+ OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
953
+ return 0;
954
+ }
955
+ hints_obj->signature_algorithm = static_cast<uint16_t>(sig_alg);
956
+ }
957
+
958
+ if (has_ticket && !hints_obj->decrypted_psk.CopyFrom(ticket)) {
959
+ return 0;
960
+ }
961
+
962
+ if (has_ignore_psk) {
963
+ if (CBS_len(&ignore_psk) != 0) {
964
+ return 0;
965
+ }
966
+ hints_obj->ignore_psk = true;
967
+ }
968
+
969
+ if (has_cert_compression) {
970
+ uint64_t alg;
971
+ CBS input, output;
972
+ if (!CBS_get_asn1_uint64(&cert_compression, &alg) || //
973
+ alg == 0 || alg > 0xffff ||
974
+ !CBS_get_asn1(&cert_compression, &input, CBS_ASN1_OCTETSTRING) ||
975
+ !hints_obj->cert_compression_input.CopyFrom(input) ||
976
+ !CBS_get_asn1(&cert_compression, &output, CBS_ASN1_OCTETSTRING) ||
977
+ !hints_obj->cert_compression_output.CopyFrom(output)) {
978
+ OPENSSL_PUT_ERROR(SSL, SSL_R_COULD_NOT_PARSE_HINTS);
979
+ return 0;
980
+ }
981
+ hints_obj->cert_compression_alg_id = static_cast<uint16_t>(alg);
982
+ }
983
+
984
+ ssl->s3->hs->hints = std::move(hints_obj);
985
+ return 1;
986
+ }
@@ -129,7 +129,6 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
129
129
  ech_present(false),
130
130
  ech_is_inner_present(false),
131
131
  scts_requested(false),
132
- needs_psk_binder(false),
133
132
  handshake_finalized(false),
134
133
  accept_psk_mode(false),
135
134
  cert_request(false),
@@ -146,11 +145,19 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
146
145
  ticket_expected(false),
147
146
  extended_master_secret(false),
148
147
  pending_private_key_op(false),
149
- grease_seeded(false),
150
148
  handback(false),
149
+ hints_requested(false),
151
150
  cert_compression_negotiated(false),
152
- apply_jdk11_workaround(false) {
151
+ apply_jdk11_workaround(false),
152
+ can_release_private_key(false),
153
+ channel_id_negotiated(false) {
153
154
  assert(ssl);
155
+
156
+ // Draw entropy for all GREASE values at once. This avoids calling
157
+ // |RAND_bytes| repeatedly and makes the values consistent within a
158
+ // connection. The latter is so the second ClientHello matches after
159
+ // HelloRetryRequest and so supported_groups and key_shares are consistent.
160
+ RAND_bytes(grease_seed, sizeof(grease_seed));
154
161
  }
155
162
 
156
163
  SSL_HANDSHAKE::~SSL_HANDSHAKE() {
@@ -164,6 +171,28 @@ void SSL_HANDSHAKE::ResizeSecrets(size_t hash_len) {
164
171
  hash_len_ = hash_len;
165
172
  }
166
173
 
174
+ bool SSL_HANDSHAKE::GetClientHello(SSLMessage *out_msg,
175
+ SSL_CLIENT_HELLO *out_client_hello) {
176
+ if (!ech_client_hello_buf.empty()) {
177
+ // If the backing buffer is non-empty, the ClientHelloInner has been set.
178
+ out_msg->is_v2_hello = false;
179
+ out_msg->type = SSL3_MT_CLIENT_HELLO;
180
+ out_msg->raw = CBS(ech_client_hello_buf);
181
+ out_msg->body = MakeConstSpan(ech_client_hello_buf).subspan(4);
182
+ } else if (!ssl->method->get_message(ssl, out_msg)) {
183
+ // The message has already been read, so this cannot fail.
184
+ OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
185
+ return false;
186
+ }
187
+
188
+ if (!ssl_client_hello_init(ssl, out_client_hello, out_msg->body)) {
189
+ OPENSSL_PUT_ERROR(SSL, SSL_R_CLIENTHELLO_PARSE_FAILED);
190
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
191
+ return false;
192
+ }
193
+ return true;
194
+ }
195
+
167
196
  UniquePtr<SSL_HANDSHAKE> ssl_handshake_new(SSL *ssl) {
168
197
  UniquePtr<SSL_HANDSHAKE> hs = MakeUnique<SSL_HANDSHAKE>(ssl);
169
198
  if (!hs || !hs->transcript.Init()) {
@@ -410,17 +439,8 @@ enum ssl_verify_result_t ssl_reverify_peer_cert(SSL_HANDSHAKE *hs,
410
439
  return ret;
411
440
  }
412
441
 
413
- uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs,
414
- enum ssl_grease_index_t index) {
415
- // Draw entropy for all GREASE values at once. This avoids calling
416
- // |RAND_bytes| repeatedly and makes the values consistent within a
417
- // connection. The latter is so the second ClientHello matches after
418
- // HelloRetryRequest and so supported_groups and key_shares are consistent.
419
- if (!hs->grease_seeded) {
420
- RAND_bytes(hs->grease_seed, sizeof(hs->grease_seed));
421
- hs->grease_seeded = true;
422
- }
423
-
442
+ static uint16_t grease_index_to_value(const SSL_HANDSHAKE *hs,
443
+ enum ssl_grease_index_t index) {
424
444
  // This generates a random value of the form 0xωaωa, for all 0 ≤ ω < 16.
425
445
  uint16_t ret = hs->grease_seed[index];
426
446
  ret = (ret & 0xf0) | 0x0a;
@@ -428,6 +448,19 @@ uint16_t ssl_get_grease_value(SSL_HANDSHAKE *hs,
428
448
  return ret;
429
449
  }
430
450
 
451
+ uint16_t ssl_get_grease_value(const SSL_HANDSHAKE *hs,
452
+ enum ssl_grease_index_t index) {
453
+ uint16_t ret = grease_index_to_value(hs, index);
454
+ if (index == ssl_grease_extension2 &&
455
+ ret == grease_index_to_value(hs, ssl_grease_extension1)) {
456
+ // The two fake extensions must not have the same value. GREASE values are
457
+ // of the form 0x1a1a, 0x2a2a, 0x3a3a, etc., so XOR to generate a different
458
+ // one.
459
+ ret ^= 0x1010;
460
+ }
461
+ return ret;
462
+ }
463
+
431
464
  enum ssl_hs_wait_t ssl_get_finished(SSL_HANDSHAKE *hs) {
432
465
  SSL *const ssl = hs->ssl;
433
466
  SSLMessage msg;
@@ -552,7 +585,11 @@ const SSL_SESSION *ssl_handshake_session(const SSL_HANDSHAKE *hs) {
552
585
  int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
553
586
  SSL *const ssl = hs->ssl;
554
587
  for (;;) {
555
- // Resolve the operation the handshake was waiting on.
588
+ // Resolve the operation the handshake was waiting on. Each condition may
589
+ // halt the handshake by returning, or continue executing if the handshake
590
+ // may immediately proceed. Cases which halt the handshake can clear
591
+ // |hs->wait| to re-enter the state machine on the next iteration, or leave
592
+ // it set to keep the condition sticky.
556
593
  switch (hs->wait) {
557
594
  case ssl_hs_error:
558
595
  ERR_restore_state(hs->error.get());
@@ -570,13 +607,13 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
570
607
  case ssl_hs_read_message:
571
608
  case ssl_hs_read_change_cipher_spec: {
572
609
  if (ssl->quic_method) {
610
+ // QUIC has no ChangeCipherSpec messages.
611
+ assert(hs->wait != ssl_hs_read_change_cipher_spec);
612
+ // The caller should call |SSL_provide_quic_data|. Clear |hs->wait| so
613
+ // the handshake can check if there is sufficient data next iteration.
614
+ ssl->s3->rwstate = SSL_ERROR_WANT_READ;
573
615
  hs->wait = ssl_hs_ok;
574
- // The change cipher spec is omitted in QUIC.
575
- if (hs->wait != ssl_hs_read_change_cipher_spec) {
576
- ssl->s3->rwstate = SSL_ERROR_WANT_READ;
577
- return -1;
578
- }
579
- break;
616
+ return -1;
580
617
  }
581
618
 
582
619
  uint8_t alert = SSL_AD_DECODE_ERROR;
@@ -646,31 +683,26 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
646
683
  return -1;
647
684
  }
648
685
 
686
+ // The following cases are associated with callback APIs which expect to
687
+ // be called each time the state machine runs. Thus they set |hs->wait|
688
+ // to |ssl_hs_ok| so that, next time, we re-enter the state machine and
689
+ // call the callback again.
649
690
  case ssl_hs_x509_lookup:
650
691
  ssl->s3->rwstate = SSL_ERROR_WANT_X509_LOOKUP;
651
692
  hs->wait = ssl_hs_ok;
652
693
  return -1;
653
-
654
- case ssl_hs_channel_id_lookup:
655
- ssl->s3->rwstate = SSL_ERROR_WANT_CHANNEL_ID_LOOKUP;
656
- hs->wait = ssl_hs_ok;
657
- return -1;
658
-
659
694
  case ssl_hs_private_key_operation:
660
695
  ssl->s3->rwstate = SSL_ERROR_WANT_PRIVATE_KEY_OPERATION;
661
696
  hs->wait = ssl_hs_ok;
662
697
  return -1;
663
-
664
698
  case ssl_hs_pending_session:
665
699
  ssl->s3->rwstate = SSL_ERROR_PENDING_SESSION;
666
700
  hs->wait = ssl_hs_ok;
667
701
  return -1;
668
-
669
702
  case ssl_hs_pending_ticket:
670
703
  ssl->s3->rwstate = SSL_ERROR_PENDING_TICKET;
671
704
  hs->wait = ssl_hs_ok;
672
705
  return -1;
673
-
674
706
  case ssl_hs_certificate_verify:
675
707
  ssl->s3->rwstate = SSL_ERROR_WANT_CERTIFICATE_VERIFY;
676
708
  hs->wait = ssl_hs_ok;
@@ -687,6 +719,10 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
687
719
  hs->wait = ssl_hs_ok;
688
720
  return 1;
689
721
 
722
+ case ssl_hs_hints_ready:
723
+ ssl->s3->rwstate = SSL_ERROR_HANDSHAKE_HINTS_READY;
724
+ return -1;
725
+
690
726
  case ssl_hs_ok:
691
727
  break;
692
728
  }