grpc 1.40.0.pre1 → 1.42.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +68 -64
- data/etc/roots.pem +335 -326
- data/include/grpc/byte_buffer.h +1 -1
- data/include/grpc/byte_buffer_reader.h +1 -1
- data/include/grpc/event_engine/endpoint_config.h +6 -11
- data/include/grpc/event_engine/event_engine.h +131 -86
- data/include/grpc/event_engine/internal/memory_allocator_impl.h +98 -0
- data/include/grpc/event_engine/memory_allocator.h +210 -0
- data/include/grpc/event_engine/port.h +1 -3
- data/include/grpc/fork.h +1 -1
- data/include/grpc/grpc.h +14 -4
- data/include/grpc/grpc_posix.h +5 -2
- data/include/grpc/grpc_security.h +18 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/atm.h +5 -3
- data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
- data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
- data/include/grpc/impl/codegen/atm_windows.h +2 -0
- data/include/grpc/impl/codegen/byte_buffer.h +2 -0
- data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
- data/include/grpc/impl/codegen/compression_types.h +2 -0
- data/include/grpc/impl/codegen/connectivity_state.h +2 -0
- data/include/grpc/impl/codegen/fork.h +2 -0
- data/include/grpc/impl/codegen/gpr_slice.h +2 -0
- data/include/grpc/impl/codegen/gpr_types.h +2 -0
- data/include/grpc/impl/codegen/grpc_types.h +4 -5
- data/include/grpc/impl/codegen/log.h +2 -0
- data/include/grpc/impl/codegen/port_platform.h +33 -22
- data/include/grpc/impl/codegen/propagation_bits.h +2 -0
- data/include/grpc/impl/codegen/slice.h +2 -0
- data/include/grpc/impl/codegen/status.h +2 -0
- data/include/grpc/impl/codegen/sync.h +8 -5
- data/include/grpc/impl/codegen/sync_abseil.h +2 -0
- data/include/grpc/impl/codegen/sync_custom.h +2 -0
- data/include/grpc/impl/codegen/sync_generic.h +3 -0
- data/include/grpc/impl/codegen/sync_posix.h +4 -2
- data/include/grpc/impl/codegen/sync_windows.h +2 -0
- data/include/grpc/slice.h +1 -1
- data/include/grpc/status.h +1 -1
- data/include/grpc/support/atm.h +1 -1
- data/include/grpc/support/atm_gcc_atomic.h +1 -1
- data/include/grpc/support/atm_gcc_sync.h +1 -1
- data/include/grpc/support/atm_windows.h +1 -1
- data/include/grpc/support/log.h +1 -1
- data/include/grpc/support/port_platform.h +1 -1
- data/include/grpc/support/sync.h +1 -1
- data/include/grpc/support/sync_abseil.h +1 -1
- data/include/grpc/support/sync_custom.h +1 -1
- data/include/grpc/support/sync_generic.h +1 -1
- data/include/grpc/support/sync_posix.h +1 -1
- data/include/grpc/support/sync_windows.h +1 -1
- data/include/grpc/support/time.h +2 -2
- data/src/core/ext/filters/census/grpc_context.cc +1 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +18 -20
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -1
- data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +72 -91
- data/src/core/ext/filters/client_channel/client_channel.cc +196 -289
- data/src/core/ext/filters/client_channel/client_channel.h +75 -28
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
- data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.cc +2 -1
- data/src/core/ext/filters/client_channel/client_channel_factory.h +17 -19
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +16 -15
- data/src/core/ext/filters/client_channel/config_selector.cc +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +4 -5
- data/src/core/ext/filters/client_channel/connector.h +18 -18
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +1 -1
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +0 -1
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +19 -17
- data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -3
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -7
- data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -15
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +168 -90
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +4 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +23 -7
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +29 -33
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2502 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +9 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +21 -20
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +15 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +10 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +9 -19
- data/src/core/ext/filters/client_channel/lb_policy.h +21 -44
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -7
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +139 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +13 -15
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +9 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +26 -58
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +21 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +5 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +5 -5
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +82 -76
- data/src/core/ext/filters/client_channel/resolver.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_factory.h +2 -0
- data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -8
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +3 -4
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +1 -1
- data/src/core/ext/filters/client_channel/retry_filter.cc +64 -89
- data/src/core/ext/filters/client_channel/retry_service_config.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +17 -48
- data/src/core/ext/filters/client_channel/server_address.h +1 -1
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +49 -36
- data/src/core/ext/filters/client_channel/subchannel.cc +85 -143
- data/src/core/ext/filters/client_channel/subchannel.h +29 -49
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +22 -7
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +11 -2
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +29 -206
- data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
- data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
- data/src/core/ext/filters/deadline/deadline_filter.cc +23 -26
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +27 -25
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +6 -14
- data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +44 -46
- data/src/core/ext/filters/http/client_authority_filter.cc +16 -16
- data/src/core/ext/filters/http/http_filters_plugin.cc +53 -71
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +19 -13
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +8 -9
- data/src/core/ext/filters/http/server/http_server_filter.cc +77 -72
- data/src/core/ext/filters/max_age/max_age_filter.cc +24 -26
- data/src/core/ext/filters/message_size/message_size_filter.cc +28 -29
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/{filters/client_channel → service_config}/service_config.cc +2 -2
- data/src/core/ext/{filters/client_channel → service_config}/service_config.h +4 -4
- data/src/core/ext/service_config/service_config_call_data.h +72 -0
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.cc +3 -3
- data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.h +8 -6
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +29 -15
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +21 -27
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +10 -6
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +29 -53
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +74 -53
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -6
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +5 -9
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
- data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +83 -88
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +4 -1
- data/src/core/ext/transport/chttp2/transport/context_list.h +1 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +56 -37
- data/src/core/ext/transport/chttp2/transport/flow_control.h +13 -7
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +11 -11
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +6 -4
- data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +6 -5
- data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +5 -8
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +38 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -0
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +12 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -0
- data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +311 -665
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +240 -70
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +816 -1039
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +75 -177
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +146 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +137 -0
- data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
- data/src/core/{lib/transport/authority_override.h → ext/transport/chttp2/transport/hpack_utils.h} +8 -15
- data/src/core/ext/transport/chttp2/transport/internal.h +6 -5
- data/src/core/ext/transport/chttp2/transport/parsing.cc +50 -203
- data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
- data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
- data/src/core/ext/transport/chttp2/transport/varint.cc +7 -3
- data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
- data/src/core/ext/transport/chttp2/transport/writing.cc +61 -50
- data/src/core/ext/transport/inproc/inproc_transport.cc +111 -113
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +96 -96
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +221 -89
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -48
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +151 -61
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +99 -99
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +171 -69
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +15 -15
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +164 -131
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +368 -102
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +23 -23
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +28 -28
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +71 -29
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +95 -83
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +254 -85
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +24 -24
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +51 -21
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +62 -62
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +131 -53
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +53 -52
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +96 -33
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +71 -66
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +164 -57
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -16
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +56 -22
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +174 -17
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +51 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +37 -37
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +61 -25
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +40 -40
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +71 -29
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +30 -30
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +81 -33
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +41 -29
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +141 -43
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +49 -43
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +105 -29
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +18 -18
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +286 -279
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +618 -267
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +13 -13
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +51 -21
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +23 -23
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +115 -116
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +191 -77
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +46 -32
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +118 -34
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -12
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +44 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +108 -55
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +42 -42
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +61 -25
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +28 -28
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +51 -21
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +8 -8
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +41 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +11 -5
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +9 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
- data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +71 -29
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
- data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +51 -21
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -1
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
- data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +21 -9
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
- data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +31 -13
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
- data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +11 -5
- data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +58 -58
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +111 -45
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +68 -68
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +121 -49
- data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
- data/src/core/ext/upb-generated/google/api/http.upb.h +31 -13
- data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +11 -5
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +153 -153
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +271 -109
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +11 -5
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +11 -5
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +31 -13
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +11 -5
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +91 -37
- data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +11 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -5
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +60 -60
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +101 -41
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +7 -7
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -9
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +21 -9
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +91 -37
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +55 -0
- data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +154 -0
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +31 -13
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -6
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +11 -5
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +11 -5
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
- data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +11 -5
- data/src/core/ext/upb-generated/validate/validate.upb.c +220 -220
- data/src/core/ext/upb-generated/validate/validate.upb.h +231 -93
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +182 -0
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +4 -4
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +11 -5
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +21 -9
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +7 -7
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +11 -5
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +6 -6
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +11 -5
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +12 -12
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +21 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +7 -7
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +11 -5
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +58 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +130 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +83 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +410 -384
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +101 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +59 -56
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +59 -46
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +90 -63
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +30 -19
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +801 -783
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +96 -100
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +133 -115
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +178 -173
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +103 -103
- data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +19 -23
- data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +4 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +5 -3
- data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +5 -4
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +75 -0
- data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +13 -12
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +25 -24
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +16 -15
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +17 -16
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +33 -32
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +19 -18
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
- data/src/core/ext/xds/xds_api.cc +1140 -1314
- data/src/core/ext/xds/xds_api.h +150 -115
- data/src/core/ext/xds/xds_bootstrap.cc +27 -52
- data/src/core/ext/xds/xds_bootstrap.h +10 -0
- data/src/core/ext/xds/xds_certificate_provider.cc +3 -3
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +113 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.h +52 -0
- data/src/core/ext/xds/xds_client.cc +572 -320
- data/src/core/ext/xds/xds_client.h +42 -37
- data/src/core/ext/xds/xds_client_stats.cc +16 -15
- data/src/core/ext/xds/xds_client_stats.h +7 -7
- data/src/core/ext/xds/xds_http_fault_filter.cc +4 -3
- data/src/core/ext/xds/xds_http_fault_filter.h +3 -2
- data/src/core/ext/xds/xds_http_filters.cc +1 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +15 -17
- data/src/core/lib/address_utils/parse_address.cc +6 -8
- data/src/core/lib/address_utils/sockaddr_utils.cc +2 -2
- data/src/core/lib/avl/avl.cc +5 -5
- data/src/core/lib/backoff/backoff.cc +1 -1
- data/src/core/lib/channel/channel_args.cc +26 -7
- data/src/core/lib/channel/channel_args.h +9 -0
- data/src/core/lib/channel/channel_stack.cc +5 -3
- data/src/core/lib/channel/channel_stack_builder.cc +4 -14
- data/src/core/lib/channel/channel_stack_builder.h +0 -8
- data/src/core/lib/channel/channel_trace.cc +5 -4
- data/src/core/lib/channel/channel_trace.h +2 -1
- data/src/core/lib/channel/channelz.cc +43 -39
- data/src/core/lib/channel/channelz.h +29 -29
- data/src/core/lib/channel/channelz_registry.cc +8 -7
- data/src/core/lib/channel/channelz_registry.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +2 -3
- data/src/core/lib/channel/connected_channel.h +1 -2
- data/src/core/lib/channel/handshaker.cc +2 -1
- data/src/core/lib/channel/handshaker.h +1 -2
- data/src/core/lib/channel/handshaker_factory.h +10 -2
- data/src/core/lib/channel/handshaker_registry.cc +15 -70
- data/src/core/lib/channel/handshaker_registry.h +29 -12
- data/src/core/lib/channel/status_util.h +2 -2
- data/src/core/lib/compression/algorithm_metadata.h +1 -0
- data/src/core/lib/compression/compression.cc +2 -2
- data/src/core/lib/compression/compression_args.cc +8 -5
- data/src/core/lib/compression/compression_internal.cc +4 -6
- data/src/core/lib/compression/compression_internal.h +1 -1
- data/src/core/lib/compression/message_compress.cc +2 -2
- data/src/core/lib/compression/stream_compression.cc +2 -1
- data/src/core/lib/compression/stream_compression.h +2 -1
- data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
- data/src/core/lib/compression/stream_compression_identity.cc +2 -1
- data/src/core/lib/config/core_configuration.cc +96 -0
- data/src/core/lib/config/core_configuration.h +146 -0
- data/src/core/lib/debug/stats.cc +1 -1
- data/src/core/lib/debug/stats.h +1 -0
- data/src/core/lib/debug/stats_data.cc +15 -14
- data/src/core/lib/debug/stats_data.h +1 -0
- data/src/core/lib/debug/trace.cc +1 -0
- data/src/core/lib/debug/trace.h +2 -1
- data/src/core/lib/event_engine/endpoint_config.cc +0 -1
- data/src/core/lib/event_engine/event_engine.cc +3 -3
- data/src/core/lib/event_engine/sockaddr.cc +3 -3
- data/src/core/lib/gpr/alloc.cc +4 -3
- data/src/core/lib/gpr/atm.cc +1 -1
- data/src/core/lib/gpr/cpu_posix.cc +1 -1
- data/src/core/lib/gpr/env_linux.cc +1 -2
- data/src/core/lib/gpr/env_posix.cc +2 -3
- data/src/core/lib/gpr/log.cc +3 -3
- data/src/core/lib/gpr/log_android.cc +3 -2
- data/src/core/lib/gpr/log_linux.cc +7 -4
- data/src/core/lib/gpr/log_posix.cc +6 -3
- data/src/core/lib/gpr/string.cc +2 -2
- data/src/core/lib/gpr/string.h +2 -2
- data/src/core/lib/gpr/sync.cc +2 -2
- data/src/core/lib/gpr/sync_abseil.cc +7 -6
- data/src/core/lib/gpr/sync_posix.cc +3 -3
- data/src/core/lib/gpr/time.cc +3 -2
- data/src/core/lib/gpr/time_windows.cc +3 -2
- data/src/core/lib/gpr/tls.h +119 -40
- data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
- data/src/core/lib/gpr/useful.h +79 -32
- data/src/core/lib/gprpp/arena.cc +2 -1
- data/src/core/lib/gprpp/arena.h +15 -5
- data/src/core/lib/gprpp/atomic_utils.h +47 -0
- data/src/core/lib/gprpp/bitset.h +188 -0
- data/src/core/lib/gprpp/chunked_vector.h +211 -0
- data/src/core/lib/{transport/authority_override.cc → gprpp/construct_destruct.h} +16 -17
- data/src/core/lib/gprpp/dual_ref_counted.h +25 -26
- data/src/core/lib/gprpp/fork.cc +14 -12
- data/src/core/lib/gprpp/fork.h +4 -4
- data/src/core/lib/gprpp/global_config.h +1 -2
- data/src/core/lib/gprpp/global_config_env.cc +7 -7
- data/src/core/lib/gprpp/global_config_generic.h +2 -2
- data/src/core/lib/gprpp/manual_constructor.h +8 -5
- data/src/core/lib/gprpp/match.h +73 -0
- data/src/core/lib/gprpp/memory.h +9 -3
- data/src/core/lib/gprpp/mpscq.cc +7 -7
- data/src/core/lib/gprpp/mpscq.h +6 -5
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/overload.h +59 -0
- data/src/core/lib/gprpp/ref_counted.h +18 -18
- data/src/core/lib/gprpp/status_helper.cc +27 -7
- data/src/core/lib/gprpp/status_helper.h +12 -1
- data/src/core/lib/gprpp/sync.h +3 -1
- data/src/core/lib/gprpp/table.h +411 -0
- data/src/core/lib/gprpp/thd_posix.cc +5 -5
- data/src/core/lib/gprpp/thd_windows.cc +4 -11
- data/src/core/lib/gprpp/time_util.cc +2 -2
- data/src/core/lib/gprpp/time_util.h +2 -2
- data/src/core/lib/http/format_request.cc +1 -0
- data/src/core/lib/http/format_request.h +1 -0
- data/src/core/lib/http/httpcli.cc +202 -184
- data/src/core/lib/http/httpcli.h +3 -0
- data/src/core/lib/http/httpcli_security_connector.cc +5 -8
- data/src/core/lib/http/parser.cc +2 -2
- data/src/core/lib/http/parser.h +1 -0
- data/src/core/lib/iomgr/buffer_list.cc +2 -1
- data/src/core/lib/iomgr/buffer_list.h +1 -2
- data/src/core/lib/iomgr/call_combiner.cc +29 -10
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
- data/src/core/lib/iomgr/combiner.cc +9 -23
- data/src/core/lib/iomgr/combiner.h +1 -0
- data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
- data/src/core/lib/iomgr/endpoint.cc +0 -4
- data/src/core/lib/iomgr/endpoint.h +1 -3
- data/src/core/lib/iomgr/endpoint_cfstream.cc +16 -26
- data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
- data/src/core/lib/iomgr/endpoint_pair.h +1 -0
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +1 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
- data/src/core/lib/iomgr/error.cc +113 -52
- data/src/core/lib/iomgr/error.h +73 -18
- data/src/core/lib/iomgr/error_cfstream.cc +7 -2
- data/src/core/lib/iomgr/error_internal.h +1 -0
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +17 -24
- data/src/core/lib/iomgr/ev_epollex_linux.cc +22 -29
- data/src/core/lib/iomgr/ev_poll_posix.cc +42 -45
- data/src/core/lib/iomgr/ev_posix.cc +1 -2
- data/src/core/lib/iomgr/event_engine/closure.cc +41 -18
- data/src/core/lib/iomgr/event_engine/closure.h +10 -1
- data/src/core/lib/iomgr/event_engine/endpoint.cc +6 -25
- data/src/core/lib/iomgr/event_engine/endpoint.h +1 -2
- data/src/core/lib/iomgr/event_engine/iomgr.cc +18 -19
- data/src/core/lib/iomgr/event_engine/iomgr.h +20 -2
- data/src/core/lib/iomgr/event_engine/pollset.cc +5 -4
- data/src/core/lib/iomgr/event_engine/resolver.cc +12 -8
- data/src/core/lib/iomgr/event_engine/tcp.cc +60 -30
- data/src/core/lib/iomgr/event_engine/timer.cc +7 -2
- data/src/core/lib/iomgr/exec_ctx.cc +4 -13
- data/src/core/lib/iomgr/exec_ctx.h +11 -19
- data/src/core/lib/iomgr/executor/mpmcqueue.cc +15 -16
- data/src/core/lib/iomgr/executor/mpmcqueue.h +7 -11
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -2
- data/src/core/lib/iomgr/executor/threadpool.h +2 -1
- data/src/core/lib/iomgr/executor.cc +11 -26
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr.cc +3 -1
- data/src/core/lib/iomgr/iomgr.h +2 -2
- data/src/core/lib/iomgr/iomgr_custom.cc +2 -2
- data/src/core/lib/iomgr/iomgr_custom.h +2 -2
- data/src/core/lib/iomgr/iomgr_internal.cc +6 -10
- data/src/core/lib/iomgr/iomgr_internal.h +3 -2
- data/src/core/lib/iomgr/iomgr_windows.cc +1 -2
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
- data/src/core/lib/iomgr/load_file.cc +2 -2
- data/src/core/lib/iomgr/lockfree_event.cc +18 -0
- data/src/core/lib/iomgr/polling_entity.cc +2 -2
- data/src/core/lib/iomgr/pollset_custom.cc +4 -5
- data/src/core/lib/iomgr/pollset_custom.h +3 -3
- data/src/core/lib/iomgr/pollset_set_custom.cc +1 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
- data/src/core/lib/iomgr/port.h +0 -5
- data/src/core/lib/iomgr/python_util.h +1 -0
- data/src/core/lib/iomgr/resolve_address.cc +2 -1
- data/src/core/lib/iomgr/resolve_address.h +0 -4
- data/src/core/lib/iomgr/resolve_address_custom.cc +4 -4
- data/src/core/lib/iomgr/resolve_address_custom.h +0 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +7 -11
- data/src/core/lib/iomgr/resolve_address_windows.cc +6 -8
- data/src/core/lib/iomgr/resource_quota.cc +136 -49
- data/src/core/lib/iomgr/resource_quota.h +66 -17
- data/src/core/lib/iomgr/sockaddr.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +5 -5
- data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +2 -2
- data/src/core/lib/iomgr/socket_mutator.h +2 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -5
- data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client.cc +4 -2
- data/src/core/lib/iomgr/tcp_client.h +4 -0
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -22
- data/src/core/lib/iomgr/tcp_client_custom.cc +10 -18
- data/src/core/lib/iomgr/tcp_client_posix.cc +33 -27
- data/src/core/lib/iomgr/tcp_client_posix.h +5 -2
- data/src/core/lib/iomgr/tcp_client_windows.cc +16 -9
- data/src/core/lib/iomgr/tcp_custom.cc +11 -23
- data/src/core/lib/iomgr/tcp_custom.h +2 -1
- data/src/core/lib/iomgr/tcp_posix.cc +33 -64
- data/src/core/lib/iomgr/tcp_posix.h +11 -12
- data/src/core/lib/iomgr/tcp_server.cc +6 -4
- data/src/core/lib/iomgr/tcp_server.h +12 -9
- data/src/core/lib/iomgr/tcp_server_custom.cc +17 -34
- data/src/core/lib/iomgr/tcp_server_posix.cc +23 -17
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -2
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
- data/src/core/lib/iomgr/tcp_server_windows.cc +17 -14
- data/src/core/lib/iomgr/tcp_windows.cc +8 -27
- data/src/core/lib/iomgr/tcp_windows.h +2 -1
- data/src/core/lib/iomgr/timer.cc +1 -0
- data/src/core/lib/iomgr/timer.h +1 -2
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/timer_generic.cc +21 -51
- data/src/core/lib/iomgr/timer_generic.h +1 -0
- data/src/core/lib/iomgr/timer_heap.cc +2 -3
- data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -5
- data/src/core/lib/iomgr/unix_sockets_posix.h +2 -3
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -0
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -3
- data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -0
- data/src/core/lib/iomgr/work_serializer.cc +4 -4
- data/src/core/lib/iomgr/work_serializer.h +1 -1
- data/src/core/lib/json/json_reader.cc +9 -17
- data/src/core/lib/json/json_util.cc +68 -0
- data/src/core/lib/json/json_util.h +65 -115
- data/src/core/lib/json/json_writer.cc +0 -3
- data/src/core/lib/matchers/matchers.h +0 -1
- data/src/core/lib/profiling/basic_timers.cc +8 -6
- data/src/core/lib/profiling/stap_timers.cc +2 -2
- data/src/core/lib/security/authorization/authorization_policy_provider.h +5 -4
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +1 -1
- data/src/core/lib/security/authorization/evaluate_args.cc +16 -12
- data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +171 -0
- data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
- data/src/core/lib/security/context/security_context.cc +11 -8
- data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
- data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +5 -4
- data/src/core/lib/security/credentials/credentials.cc +10 -8
- data/src/core/lib/security/credentials/credentials.h +7 -2
- data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +13 -26
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -2
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +3 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +60 -33
- data/src/core/lib/security/credentials/external/external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +2 -4
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +56 -4
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -1
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
- data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +31 -14
- data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -11
- data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -7
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -0
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +4 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +4 -4
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +3 -2
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +10 -6
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +2 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -5
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -2
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +6 -8
- data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -3
- data/src/core/lib/security/security_connector/security_connector.cc +9 -4
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -7
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +10 -14
- data/src/core/lib/security/security_connector/tls/tls_security_connector.h +0 -2
- data/src/core/lib/security/transport/auth_filters.h +1 -0
- data/src/core/lib/security/transport/client_auth_filter.cc +9 -11
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -14
- data/src/core/lib/security/transport/secure_endpoint.h +1 -0
- data/src/core/lib/security/transport/security_handshaker.cc +78 -47
- data/src/core/lib/security/transport/security_handshaker.h +2 -1
- data/src/core/lib/security/transport/server_auth_filter.cc +3 -5
- data/src/core/lib/security/transport/tsi_error.cc +3 -5
- data/src/core/lib/security/util/json_util.cc +6 -8
- data/src/core/lib/slice/percent_encoding.cc +73 -30
- data/src/core/lib/slice/percent_encoding.h +29 -28
- data/src/core/lib/slice/slice.cc +14 -21
- data/src/core/lib/{gpr/tls_pthread.cc → slice/slice_api.cc} +15 -6
- data/src/core/lib/slice/slice_buffer.cc +6 -7
- data/src/core/lib/slice/slice_intern.cc +10 -16
- data/src/core/lib/slice/slice_internal.h +3 -246
- data/src/core/lib/slice/slice_refcount.cc +17 -0
- data/src/core/lib/slice/slice_refcount.h +121 -0
- data/src/core/lib/slice/slice_refcount_base.h +173 -0
- data/src/core/lib/slice/slice_split.cc +100 -0
- data/src/core/lib/slice/slice_split.h +40 -0
- data/src/core/lib/slice/slice_string_helpers.cc +0 -83
- data/src/core/lib/slice/slice_string_helpers.h +0 -11
- data/src/core/lib/slice/static_slice.cc +529 -0
- data/src/core/lib/slice/static_slice.h +331 -0
- data/src/core/lib/surface/api_trace.cc +2 -1
- data/src/core/lib/surface/api_trace.h +1 -0
- data/src/core/lib/surface/builtins.cc +49 -0
- data/src/core/{ext/filters/workarounds/workaround_cronet_compression_filter.h → lib/surface/builtins.h} +8 -9
- data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
- data/src/core/lib/surface/call.cc +112 -128
- data/src/core/lib/surface/call.h +3 -9
- data/src/core/lib/surface/call_details.cc +2 -2
- data/src/core/lib/surface/call_log_batch.cc +2 -2
- data/src/core/lib/surface/channel.cc +41 -41
- data/src/core/lib/surface/channel.h +14 -11
- data/src/core/lib/surface/channel_init.cc +23 -76
- data/src/core/lib/surface/channel_init.h +52 -44
- data/src/core/lib/surface/channel_ping.cc +1 -2
- data/src/core/lib/surface/channel_stack_type.cc +2 -1
- data/src/core/lib/surface/completion_queue.cc +60 -69
- data/src/core/lib/surface/completion_queue_factory.cc +2 -1
- data/src/core/lib/surface/completion_queue_factory.h +1 -0
- data/src/core/lib/surface/event_string.cc +1 -0
- data/src/core/lib/surface/init.cc +4 -48
- data/src/core/lib/surface/init.h +0 -1
- data/src/core/lib/surface/init_secure.cc +36 -14
- data/src/core/lib/surface/lame_client.cc +24 -16
- data/src/core/lib/surface/lame_client.h +1 -1
- data/src/core/lib/surface/metadata_array.cc +2 -2
- data/src/core/lib/surface/server.cc +42 -50
- data/src/core/lib/surface/server.h +28 -23
- data/src/core/lib/surface/validate_metadata.cc +49 -18
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +1 -0
- data/src/core/lib/transport/connectivity_state.cc +8 -5
- data/src/core/lib/transport/connectivity_state.h +2 -2
- data/src/core/lib/transport/error_utils.cc +43 -17
- data/src/core/lib/transport/error_utils.h +1 -1
- data/src/core/lib/transport/metadata.cc +41 -20
- data/src/core/lib/transport/metadata.h +15 -12
- data/src/core/lib/transport/metadata_batch.cc +39 -364
- data/src/core/lib/transport/metadata_batch.h +916 -67
- data/src/core/lib/transport/parsed_metadata.h +263 -0
- data/src/core/lib/transport/pid_controller.cc +4 -4
- data/src/core/lib/transport/static_metadata.cc +714 -846
- data/src/core/lib/transport/static_metadata.h +115 -379
- data/src/core/lib/transport/status_metadata.cc +1 -0
- data/src/core/lib/transport/transport.cc +4 -5
- data/src/core/lib/transport/transport_op_string.cc +40 -20
- data/src/core/plugin_registry/grpc_plugin_registry.cc +76 -41
- data/src/core/tsi/alts/crypt/aes_gcm.cc +6 -3
- data/src/core/tsi/alts/crypt/gsec.h +2 -3
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
- data/src/core/tsi/alts/frame_protector/frame_handler.cc +10 -11
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +3 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +12 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +2 -2
- data/src/core/tsi/fake_transport_security.cc +15 -7
- data/src/core/tsi/local_transport_security.cc +36 -73
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +20 -53
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
- data/src/core/tsi/ssl_transport_security.cc +21 -11
- data/src/core/tsi/ssl_transport_security.h +3 -1
- data/src/core/tsi/transport_security.cc +15 -3
- data/src/core/tsi/transport_security.h +16 -1
- data/src/core/tsi/transport_security_grpc.h +1 -0
- data/src/core/tsi/transport_security_interface.h +26 -0
- data/src/ruby/ext/grpc/extconf.rb +12 -9
- data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
- data/src/ruby/ext/grpc/rb_call.c +5 -5
- data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
- data/src/ruby/ext/grpc/rb_channel.c +10 -8
- data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
- data/src/ruby/ext/grpc/rb_channel_credentials.c +4 -4
- data/src/ruby/ext/grpc/rb_channel_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
- data/src/ruby/ext/grpc/rb_compression_options.c +5 -4
- data/src/ruby/ext/grpc/rb_event_thread.c +4 -4
- data/src/ruby/ext/grpc/rb_grpc.c +5 -4
- data/src/ruby/ext/grpc/rb_grpc.h +1 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
- data/src/ruby/ext/grpc/rb_server.c +6 -5
- data/src/ruby/ext/grpc/rb_server_credentials.c +3 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +8 -5
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +3 -1
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +6 -5
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +3 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
- data/src/ruby/spec/client_server_spec.rb +1 -1
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +4 -4
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +11 -6
- data/third_party/address_sorting/address_sorting_posix.c +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +300 -292
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +21 -22
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +6 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +16 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +14 -7
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +269 -272
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -40
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_locl.h → internal.h} +58 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +290 -199
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +45 -65
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +6 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +26 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +4 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +4 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +5 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +24 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +35 -35
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +10 -37
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
- data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +62 -2
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +151 -12
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +15 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +6 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +25 -22
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +11 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +0 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +9 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +23 -21
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +12 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +16 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +24 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +17 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +76 -31
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +521 -296
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +8 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +25 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
- data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +12 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +12 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +37 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +81 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +713 -146
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -695
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +48 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +9 -16
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +310 -359
- data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +110 -159
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +24 -13
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +145 -142
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +106 -99
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +87 -48
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +11 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +2 -51
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +121 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +6 -12
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +28 -23
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +14 -27
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +210 -212
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +30 -41
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +48 -34
- data/third_party/re2/re2/compile.cc +91 -109
- data/third_party/re2/re2/dfa.cc +27 -39
- data/third_party/re2/re2/filtered_re2.cc +18 -2
- data/third_party/re2/re2/filtered_re2.h +10 -5
- data/third_party/re2/re2/nfa.cc +1 -1
- data/third_party/re2/re2/parse.cc +42 -23
- data/third_party/re2/re2/perl_groups.cc +34 -34
- data/third_party/re2/re2/prefilter.cc +3 -2
- data/third_party/re2/re2/prog.cc +182 -4
- data/third_party/re2/re2/prog.h +28 -9
- data/third_party/re2/re2/re2.cc +87 -118
- data/third_party/re2/re2/re2.h +156 -141
- data/third_party/re2/re2/regexp.cc +12 -5
- data/third_party/re2/re2/regexp.h +8 -2
- data/third_party/re2/re2/set.cc +31 -9
- data/third_party/re2/re2/set.h +9 -4
- data/third_party/re2/re2/simplify.cc +11 -3
- data/third_party/re2/re2/tostring.cc +1 -1
- data/third_party/re2/re2/walker-inl.h +1 -1
- data/third_party/re2/util/mutex.h +2 -2
- data/third_party/re2/util/pcre.h +3 -3
- data/third_party/upb/upb/decode.c +129 -60
- data/third_party/upb/upb/decode.h +32 -4
- data/third_party/upb/upb/decode_fast.c +513 -500
- data/third_party/upb/upb/decode_fast.h +27 -0
- data/third_party/upb/upb/{decode.int.h → decode_internal.h} +38 -8
- data/third_party/upb/upb/def.c +171 -181
- data/third_party/upb/upb/def.h +41 -19
- data/third_party/upb/upb/def.hpp +29 -0
- data/third_party/upb/upb/encode.c +49 -16
- data/third_party/upb/upb/encode.h +29 -2
- data/third_party/upb/upb/msg.c +169 -28
- data/third_party/upb/upb/msg.h +75 -580
- data/third_party/upb/upb/msg_internal.h +687 -0
- data/third_party/upb/upb/port_def.inc +85 -24
- data/third_party/upb/upb/port_undef.inc +38 -1
- data/third_party/upb/upb/reflection.c +29 -37
- data/third_party/upb/upb/reflection.h +36 -8
- data/third_party/upb/upb/reflection.hpp +37 -0
- data/third_party/upb/upb/table.c +211 -86
- data/third_party/upb/upb/{table.int.h → table_internal.h} +56 -180
- data/third_party/upb/upb/text_encode.c +32 -4
- data/third_party/upb/upb/text_encode.h +26 -0
- data/third_party/upb/upb/upb.c +59 -8
- data/third_party/upb/upb/upb.h +36 -6
- data/third_party/upb/upb/upb.hpp +24 -0
- data/third_party/upb/upb/upb_internal.h +58 -0
- metadata +102 -87
- data/include/grpc/event_engine/slice_allocator.h +0 -66
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
- data/src/core/ext/filters/client_channel/service_config_call_data.h +0 -126
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -211
- data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
- data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
- data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
- data/src/core/ext/transport/chttp2/client/authority.h +0 -36
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +0 -66
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +0 -74
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -243
- data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
- data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -124
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +0 -33
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +0 -77
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +0 -44
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +0 -35
- data/src/core/lib/gpr/tls_gcc.h +0 -52
- data/src/core/lib/gpr/tls_msvc.h +0 -54
- data/src/core/lib/gpr/tls_pthread.h +0 -56
- data/src/core/lib/gpr/tls_stdcpp.h +0 -48
- data/src/core/lib/gprpp/atomic.h +0 -104
- data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
- data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
- data/src/core/lib/iomgr/pollset_uv.cc +0 -95
- data/src/core/lib/iomgr/pollset_uv.h +0 -36
- data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
- data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
- data/src/core/lib/iomgr/tcp_uv.cc +0 -421
- data/src/core/lib/iomgr/timer_uv.cc +0 -66
- data/src/core/lib/iomgr/udp_server.cc +0 -748
- data/src/core/lib/iomgr/udp_server.h +0 -103
- data/third_party/upb/third_party/wyhash/wyhash.h +0 -145
- data/third_party/upb/upb/upb.int.h +0 -29
|
@@ -31,16 +31,11 @@
|
|
|
31
31
|
#include "internal.h"
|
|
32
32
|
|
|
33
33
|
|
|
34
|
-
#if defined(OPENSSL_MSAN)
|
|
35
|
-
#define NO_SANITIZE_MEMORY __attribute__((no_sanitize("memory")))
|
|
36
|
-
#else
|
|
37
|
-
#define NO_SANITIZE_MEMORY
|
|
38
|
-
#endif
|
|
39
|
-
|
|
40
34
|
BSSL_NAMESPACE_BEGIN
|
|
41
35
|
|
|
42
36
|
// ECH reuses the extension code point for the version number.
|
|
43
|
-
static
|
|
37
|
+
static constexpr uint16_t kECHConfigVersion =
|
|
38
|
+
TLSEXT_TYPE_encrypted_client_hello;
|
|
44
39
|
|
|
45
40
|
static const decltype(&EVP_hpke_aes_128_gcm) kSupportedAEADs[] = {
|
|
46
41
|
&EVP_hpke_aes_128_gcm,
|
|
@@ -83,16 +78,71 @@ static bool ssl_client_hello_write_without_extensions(
|
|
|
83
78
|
return true;
|
|
84
79
|
}
|
|
85
80
|
|
|
81
|
+
static bool is_valid_client_hello_inner(SSL *ssl, uint8_t *out_alert,
|
|
82
|
+
Span<const uint8_t> body) {
|
|
83
|
+
// See draft-ietf-tls-esni-13, section 7.1.
|
|
84
|
+
SSL_CLIENT_HELLO client_hello;
|
|
85
|
+
CBS extension;
|
|
86
|
+
if (!ssl_client_hello_init(ssl, &client_hello, body) ||
|
|
87
|
+
!ssl_client_hello_get_extension(&client_hello, &extension,
|
|
88
|
+
TLSEXT_TYPE_encrypted_client_hello) ||
|
|
89
|
+
CBS_len(&extension) != 1 || //
|
|
90
|
+
CBS_data(&extension)[0] != ECH_CLIENT_INNER ||
|
|
91
|
+
!ssl_client_hello_get_extension(&client_hello, &extension,
|
|
92
|
+
TLSEXT_TYPE_supported_versions)) {
|
|
93
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
94
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
95
|
+
return false;
|
|
96
|
+
}
|
|
97
|
+
// Parse supported_versions and reject TLS versions prior to TLS 1.3. Older
|
|
98
|
+
// versions are incompatible with ECH.
|
|
99
|
+
CBS versions;
|
|
100
|
+
if (!CBS_get_u8_length_prefixed(&extension, &versions) ||
|
|
101
|
+
CBS_len(&extension) != 0 || //
|
|
102
|
+
CBS_len(&versions) == 0) {
|
|
103
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
104
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
105
|
+
return false;
|
|
106
|
+
}
|
|
107
|
+
while (CBS_len(&versions) != 0) {
|
|
108
|
+
uint16_t version;
|
|
109
|
+
if (!CBS_get_u16(&versions, &version)) {
|
|
110
|
+
*out_alert = SSL_AD_DECODE_ERROR;
|
|
111
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
if (version == SSL3_VERSION || version == TLS1_VERSION ||
|
|
115
|
+
version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
|
|
116
|
+
version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
|
|
117
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
118
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
119
|
+
return false;
|
|
120
|
+
}
|
|
121
|
+
}
|
|
122
|
+
return true;
|
|
123
|
+
}
|
|
124
|
+
|
|
86
125
|
bool ssl_decode_client_hello_inner(
|
|
87
126
|
SSL *ssl, uint8_t *out_alert, Array<uint8_t> *out_client_hello_inner,
|
|
88
127
|
Span<const uint8_t> encoded_client_hello_inner,
|
|
89
128
|
const SSL_CLIENT_HELLO *client_hello_outer) {
|
|
90
129
|
SSL_CLIENT_HELLO client_hello_inner;
|
|
91
|
-
|
|
92
|
-
|
|
130
|
+
CBS cbs = encoded_client_hello_inner;
|
|
131
|
+
if (!ssl_parse_client_hello_with_trailing_data(ssl, &cbs,
|
|
132
|
+
&client_hello_inner)) {
|
|
93
133
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
94
134
|
return false;
|
|
95
135
|
}
|
|
136
|
+
// The remaining data is padding.
|
|
137
|
+
uint8_t padding;
|
|
138
|
+
while (CBS_get_u8(&cbs, &padding)) {
|
|
139
|
+
if (padding != 0) {
|
|
140
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
141
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
142
|
+
return false;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
|
|
96
146
|
// TLS 1.3 ClientHellos must have extensions, and EncodedClientHelloInners use
|
|
97
147
|
// ClientHelloOuter's session_id.
|
|
98
148
|
if (client_hello_inner.extensions_len == 0 ||
|
|
@@ -105,120 +155,84 @@ bool ssl_decode_client_hello_inner(
|
|
|
105
155
|
|
|
106
156
|
// Begin serializing a message containing the ClientHelloInner in |cbb|.
|
|
107
157
|
ScopedCBB cbb;
|
|
108
|
-
CBB body,
|
|
158
|
+
CBB body, extensions_cbb;
|
|
109
159
|
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO) ||
|
|
110
160
|
!ssl_client_hello_write_without_extensions(&client_hello_inner, &body) ||
|
|
111
|
-
!CBB_add_u16_length_prefixed(&body, &
|
|
161
|
+
!CBB_add_u16_length_prefixed(&body, &extensions_cbb)) {
|
|
112
162
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
113
163
|
return false;
|
|
114
164
|
}
|
|
115
165
|
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
// MSan's libc interceptors do not handle |bsearch|. See b/182583130.
|
|
125
|
-
auto compare_extension = [](const void *a, const void *b)
|
|
126
|
-
NO_SANITIZE_MEMORY -> int {
|
|
127
|
-
const Extension *extension_a = reinterpret_cast<const Extension *>(a);
|
|
128
|
-
const Extension *extension_b = reinterpret_cast<const Extension *>(b);
|
|
129
|
-
if (extension_a->extension < extension_b->extension) {
|
|
130
|
-
return -1;
|
|
131
|
-
} else if (extension_a->extension > extension_b->extension) {
|
|
132
|
-
return 1;
|
|
133
|
-
}
|
|
134
|
-
return 0;
|
|
135
|
-
};
|
|
136
|
-
GrowableArray<Extension> sorted_extensions;
|
|
137
|
-
CBS unsorted_extensions(MakeConstSpan(client_hello_outer->extensions,
|
|
138
|
-
client_hello_outer->extensions_len));
|
|
139
|
-
while (CBS_len(&unsorted_extensions) > 0) {
|
|
140
|
-
Extension extension;
|
|
141
|
-
CBS extension_body;
|
|
142
|
-
if (!CBS_get_u16(&unsorted_extensions, &extension.extension) ||
|
|
143
|
-
!CBS_get_u16_length_prefixed(&unsorted_extensions, &extension_body)) {
|
|
166
|
+
auto inner_extensions = MakeConstSpan(client_hello_inner.extensions,
|
|
167
|
+
client_hello_inner.extensions_len);
|
|
168
|
+
CBS ext_list_wrapper;
|
|
169
|
+
if (!ssl_client_hello_get_extension(&client_hello_inner, &ext_list_wrapper,
|
|
170
|
+
TLSEXT_TYPE_ech_outer_extensions)) {
|
|
171
|
+
// No ech_outer_extensions. Copy everything.
|
|
172
|
+
if (!CBB_add_bytes(&extensions_cbb, inner_extensions.data(),
|
|
173
|
+
inner_extensions.size())) {
|
|
144
174
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
145
175
|
return false;
|
|
146
176
|
}
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
CBS inner_extensions(MakeConstSpan(client_hello_inner.extensions,
|
|
157
|
-
client_hello_inner.extensions_len));
|
|
158
|
-
while (CBS_len(&inner_extensions) > 0) {
|
|
159
|
-
uint16_t extension_id;
|
|
160
|
-
CBS extension_body;
|
|
161
|
-
if (!CBS_get_u16(&inner_extensions, &extension_id) ||
|
|
162
|
-
!CBS_get_u16_length_prefixed(&inner_extensions, &extension_body)) {
|
|
163
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
177
|
+
} else {
|
|
178
|
+
const size_t offset = CBS_data(&ext_list_wrapper) - inner_extensions.data();
|
|
179
|
+
auto inner_extensions_before =
|
|
180
|
+
inner_extensions.subspan(0, offset - 4 /* extension header */);
|
|
181
|
+
auto inner_extensions_after =
|
|
182
|
+
inner_extensions.subspan(offset + CBS_len(&ext_list_wrapper));
|
|
183
|
+
if (!CBB_add_bytes(&extensions_cbb, inner_extensions_before.data(),
|
|
184
|
+
inner_extensions_before.size())) {
|
|
185
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
164
186
|
return false;
|
|
165
187
|
}
|
|
166
|
-
if (extension_id != TLSEXT_TYPE_ech_outer_extensions) {
|
|
167
|
-
if (!CBB_add_u16(&extensions, extension_id) ||
|
|
168
|
-
!CBB_add_u16(&extensions, CBS_len(&extension_body)) ||
|
|
169
|
-
!CBB_add_bytes(&extensions, CBS_data(&extension_body),
|
|
170
|
-
CBS_len(&extension_body))) {
|
|
171
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
172
|
-
return false;
|
|
173
|
-
}
|
|
174
|
-
continue;
|
|
175
|
-
}
|
|
176
188
|
|
|
177
|
-
//
|
|
178
|
-
CBS
|
|
179
|
-
if (!CBS_get_u8_length_prefixed(&
|
|
180
|
-
CBS_len(&
|
|
189
|
+
// Expand ech_outer_extensions. See draft-ietf-tls-esni-13, Appendix B.
|
|
190
|
+
CBS ext_list;
|
|
191
|
+
if (!CBS_get_u8_length_prefixed(&ext_list_wrapper, &ext_list) ||
|
|
192
|
+
CBS_len(&ext_list) == 0 || CBS_len(&ext_list_wrapper) != 0) {
|
|
181
193
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
182
194
|
return false;
|
|
183
195
|
}
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
if (
|
|
191
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
196
|
+
CBS outer_extensions;
|
|
197
|
+
CBS_init(&outer_extensions, client_hello_outer->extensions,
|
|
198
|
+
client_hello_outer->extensions_len);
|
|
199
|
+
while (CBS_len(&ext_list) != 0) {
|
|
200
|
+
// Find the next extension to copy.
|
|
201
|
+
uint16_t want;
|
|
202
|
+
if (!CBS_get_u16(&ext_list, &want)) {
|
|
192
203
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
193
204
|
return false;
|
|
194
205
|
}
|
|
195
|
-
//
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
206
|
+
// Seek to |want| in |outer_extensions|. |ext_list| is required to match
|
|
207
|
+
// ClientHelloOuter in order.
|
|
208
|
+
uint16_t found;
|
|
209
|
+
CBS ext_body;
|
|
210
|
+
do {
|
|
211
|
+
if (CBS_len(&outer_extensions) == 0) {
|
|
212
|
+
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
213
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_OUTER_EXTENSION_NOT_FOUND);
|
|
214
|
+
return false;
|
|
215
|
+
}
|
|
216
|
+
if (!CBS_get_u16(&outer_extensions, &found) ||
|
|
217
|
+
!CBS_get_u16_length_prefixed(&outer_extensions, &ext_body)) {
|
|
218
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
219
|
+
return false;
|
|
220
|
+
}
|
|
221
|
+
} while (found != want);
|
|
222
|
+
// Copy the extension.
|
|
223
|
+
if (!CBB_add_u16(&extensions_cbb, found) ||
|
|
224
|
+
!CBB_add_u16(&extensions_cbb, CBS_len(&ext_body)) ||
|
|
225
|
+
!CBB_add_bytes(&extensions_cbb, CBS_data(&ext_body),
|
|
226
|
+
CBS_len(&ext_body))) {
|
|
203
227
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
204
228
|
return false;
|
|
205
229
|
}
|
|
230
|
+
}
|
|
206
231
|
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
return false;
|
|
212
|
-
}
|
|
213
|
-
result->copied = true;
|
|
214
|
-
|
|
215
|
-
if (!CBB_add_u16(&extensions, extension_needed) ||
|
|
216
|
-
!CBB_add_u16(&extensions, result->body.size()) ||
|
|
217
|
-
!CBB_add_bytes(&extensions, result->body.data(),
|
|
218
|
-
result->body.size())) {
|
|
219
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
220
|
-
return false;
|
|
221
|
-
}
|
|
232
|
+
if (!CBB_add_bytes(&extensions_cbb, inner_extensions_after.data(),
|
|
233
|
+
inner_extensions_after.size())) {
|
|
234
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
235
|
+
return false;
|
|
222
236
|
}
|
|
223
237
|
}
|
|
224
238
|
if (!CBB_flush(&body)) {
|
|
@@ -226,46 +240,10 @@ bool ssl_decode_client_hello_inner(
|
|
|
226
240
|
return false;
|
|
227
241
|
}
|
|
228
242
|
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
if (!ssl_client_hello_init(ssl, &client_hello_inner,
|
|
232
|
-
MakeConstSpan(CBB_data(&body), CBB_len(&body))) ||
|
|
233
|
-
!ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
234
|
-
TLSEXT_TYPE_ech_is_inner) ||
|
|
235
|
-
CBS_len(&extension) != 0 ||
|
|
236
|
-
ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
237
|
-
TLSEXT_TYPE_encrypted_client_hello) ||
|
|
238
|
-
!ssl_client_hello_get_extension(&client_hello_inner, &extension,
|
|
239
|
-
TLSEXT_TYPE_supported_versions)) {
|
|
240
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
241
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
243
|
+
if (!is_valid_client_hello_inner(
|
|
244
|
+
ssl, out_alert, MakeConstSpan(CBB_data(&body), CBB_len(&body)))) {
|
|
242
245
|
return false;
|
|
243
246
|
}
|
|
244
|
-
// Parse supported_versions and reject TLS versions prior to TLS 1.3. Older
|
|
245
|
-
// versions are incompatible with ECH.
|
|
246
|
-
CBS versions;
|
|
247
|
-
if (!CBS_get_u8_length_prefixed(&extension, &versions) ||
|
|
248
|
-
CBS_len(&extension) != 0 || //
|
|
249
|
-
CBS_len(&versions) == 0) {
|
|
250
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
251
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
252
|
-
return false;
|
|
253
|
-
}
|
|
254
|
-
while (CBS_len(&versions) != 0) {
|
|
255
|
-
uint16_t version;
|
|
256
|
-
if (!CBS_get_u16(&versions, &version)) {
|
|
257
|
-
*out_alert = SSL_AD_DECODE_ERROR;
|
|
258
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_DECODE_ERROR);
|
|
259
|
-
return false;
|
|
260
|
-
}
|
|
261
|
-
if (version == SSL3_VERSION || version == TLS1_VERSION ||
|
|
262
|
-
version == TLS1_1_VERSION || version == TLS1_2_VERSION ||
|
|
263
|
-
version == DTLS1_VERSION || version == DTLS1_2_VERSION) {
|
|
264
|
-
*out_alert = SSL_AD_ILLEGAL_PARAMETER;
|
|
265
|
-
OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_CLIENT_HELLO_INNER);
|
|
266
|
-
return false;
|
|
267
|
-
}
|
|
268
|
-
}
|
|
269
247
|
|
|
270
248
|
if (!ssl->method->finish_message(ssl, cbb.get(), out_client_hello_inner)) {
|
|
271
249
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
@@ -274,56 +252,31 @@ bool ssl_decode_client_hello_inner(
|
|
|
274
252
|
return true;
|
|
275
253
|
}
|
|
276
254
|
|
|
277
|
-
bool ssl_client_hello_decrypt(
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
Span<const uint8_t> enc, Span<const uint8_t> payload) {
|
|
255
|
+
bool ssl_client_hello_decrypt(EVP_HPKE_CTX *hpke_ctx, Array<uint8_t> *out,
|
|
256
|
+
bool *out_is_decrypt_error,
|
|
257
|
+
const SSL_CLIENT_HELLO *client_hello_outer,
|
|
258
|
+
Span<const uint8_t> payload) {
|
|
282
259
|
*out_is_decrypt_error = false;
|
|
283
260
|
|
|
284
|
-
//
|
|
285
|
-
//
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
if (!
|
|
289
|
-
|
|
290
|
-
!CBB_add_u16(aad.get(), aead_id) ||
|
|
291
|
-
!CBB_add_u8(aad.get(), config_id) ||
|
|
292
|
-
!CBB_add_u16_length_prefixed(aad.get(), &enc_cbb) ||
|
|
293
|
-
!CBB_add_bytes(&enc_cbb, enc.data(), enc.size()) ||
|
|
294
|
-
!CBB_add_u24_length_prefixed(aad.get(), &outer_hello_cbb) ||
|
|
295
|
-
!ssl_client_hello_write_without_extensions(client_hello_outer,
|
|
296
|
-
&outer_hello_cbb) ||
|
|
297
|
-
!CBB_add_u16_length_prefixed(&outer_hello_cbb, &extensions_cbb)) {
|
|
298
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
261
|
+
// The ClientHelloOuterAAD is |client_hello_outer| with |payload| (which must
|
|
262
|
+
// point within |client_hello_outer->extensions|) replaced with zeros. See
|
|
263
|
+
// draft-ietf-tls-esni-13, section 5.2.
|
|
264
|
+
Array<uint8_t> aad;
|
|
265
|
+
if (!aad.CopyFrom(MakeConstSpan(client_hello_outer->client_hello,
|
|
266
|
+
client_hello_outer->client_hello_len))) {
|
|
299
267
|
return false;
|
|
300
268
|
}
|
|
301
269
|
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
if (extension_id == TLSEXT_TYPE_encrypted_client_hello) {
|
|
313
|
-
continue;
|
|
314
|
-
}
|
|
315
|
-
if (!CBB_add_u16(&extensions_cbb, extension_id) ||
|
|
316
|
-
!CBB_add_u16(&extensions_cbb, CBS_len(&extension_body)) ||
|
|
317
|
-
!CBB_add_bytes(&extensions_cbb, CBS_data(&extension_body),
|
|
318
|
-
CBS_len(&extension_body))) {
|
|
319
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
320
|
-
return false;
|
|
321
|
-
}
|
|
322
|
-
}
|
|
323
|
-
if (!CBB_flush(aad.get())) {
|
|
324
|
-
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
325
|
-
return false;
|
|
326
|
-
}
|
|
270
|
+
// We assert with |uintptr_t| because the comparison would be UB if they
|
|
271
|
+
// didn't alias.
|
|
272
|
+
assert(reinterpret_cast<uintptr_t>(client_hello_outer->extensions) <=
|
|
273
|
+
reinterpret_cast<uintptr_t>(payload.data()));
|
|
274
|
+
assert(reinterpret_cast<uintptr_t>(client_hello_outer->extensions +
|
|
275
|
+
client_hello_outer->extensions_len) >=
|
|
276
|
+
reinterpret_cast<uintptr_t>(payload.data() + payload.size()));
|
|
277
|
+
Span<uint8_t> payload_aad = MakeSpan(aad).subspan(
|
|
278
|
+
payload.data() - client_hello_outer->client_hello, payload.size());
|
|
279
|
+
OPENSSL_memset(payload_aad.data(), 0, payload_aad.size());
|
|
327
280
|
|
|
328
281
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
329
282
|
// In fuzzer mode, disable encryption to improve coverage. We reserve a short
|
|
@@ -335,124 +288,75 @@ bool ssl_client_hello_decrypt(
|
|
|
335
288
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
|
|
336
289
|
return false;
|
|
337
290
|
}
|
|
338
|
-
if (!
|
|
291
|
+
if (!out->CopyFrom(payload)) {
|
|
339
292
|
return false;
|
|
340
293
|
}
|
|
341
294
|
#else
|
|
342
|
-
// Attempt to decrypt into |
|
|
343
|
-
if (!
|
|
295
|
+
// Attempt to decrypt into |out|.
|
|
296
|
+
if (!out->Init(payload.size())) {
|
|
344
297
|
OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
|
|
345
298
|
return false;
|
|
346
299
|
}
|
|
347
|
-
size_t
|
|
348
|
-
if (!EVP_HPKE_CTX_open(hpke_ctx,
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
payload.size(), CBB_data(aad.get()),
|
|
352
|
-
CBB_len(aad.get()))) {
|
|
300
|
+
size_t len;
|
|
301
|
+
if (!EVP_HPKE_CTX_open(hpke_ctx, out->data(), &len, out->size(),
|
|
302
|
+
payload.data(), payload.size(), aad.data(),
|
|
303
|
+
aad.size())) {
|
|
353
304
|
*out_is_decrypt_error = true;
|
|
354
305
|
OPENSSL_PUT_ERROR(SSL, SSL_R_DECRYPTION_FAILED);
|
|
355
306
|
return false;
|
|
356
307
|
}
|
|
357
|
-
|
|
308
|
+
out->Shrink(len);
|
|
358
309
|
#endif
|
|
359
310
|
return true;
|
|
360
311
|
}
|
|
361
312
|
|
|
362
|
-
static bool
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
in = in.subspan(1);
|
|
370
|
-
base = 8;
|
|
371
|
-
}
|
|
372
|
-
*out = 0;
|
|
373
|
-
for (uint8_t c : in) {
|
|
374
|
-
uint32_t d;
|
|
375
|
-
if ('0' <= c && c <= '9') {
|
|
376
|
-
d = c - '0';
|
|
377
|
-
} else if ('a' <= c && c <= 'f') {
|
|
378
|
-
d = c - 'a' + 10;
|
|
379
|
-
} else if ('A' <= c && c <= 'F') {
|
|
380
|
-
d = c - 'A' + 10;
|
|
381
|
-
} else {
|
|
382
|
-
return false;
|
|
383
|
-
}
|
|
384
|
-
if (d >= base ||
|
|
385
|
-
*out > UINT32_MAX / base) {
|
|
386
|
-
return false;
|
|
387
|
-
}
|
|
388
|
-
*out *= base;
|
|
389
|
-
if (*out > UINT32_MAX - d) {
|
|
313
|
+
static bool is_hex_component(Span<const uint8_t> in) {
|
|
314
|
+
if (in.size() < 2 || in[0] != '0' || (in[1] != 'x' && in[1] != 'X')) {
|
|
315
|
+
return false;
|
|
316
|
+
}
|
|
317
|
+
for (uint8_t b : in.subspan(2)) {
|
|
318
|
+
if (!('0' <= b && b <= '9') && !('a' <= b && b <= 'f') &&
|
|
319
|
+
!('A' <= b && b <= 'F')) {
|
|
390
320
|
return false;
|
|
391
321
|
}
|
|
392
|
-
*out += d;
|
|
393
322
|
}
|
|
394
323
|
return true;
|
|
395
324
|
}
|
|
396
325
|
|
|
397
|
-
static bool
|
|
398
|
-
|
|
399
|
-
uint32_t numbers[4];
|
|
400
|
-
size_t num_numbers = 0;
|
|
401
|
-
while (!in.empty()) {
|
|
402
|
-
if (num_numbers == 4) {
|
|
403
|
-
// Too many components.
|
|
404
|
-
return false;
|
|
405
|
-
}
|
|
406
|
-
// Find the next dot-separated component.
|
|
407
|
-
auto dot = std::find(in.begin(), in.end(), '.');
|
|
408
|
-
if (dot == in.begin()) {
|
|
409
|
-
// Empty components are not allowed.
|
|
410
|
-
return false;
|
|
411
|
-
}
|
|
412
|
-
Span<const uint8_t> component;
|
|
413
|
-
if (dot == in.end()) {
|
|
414
|
-
component = in;
|
|
415
|
-
in = Span<const uint8_t>();
|
|
416
|
-
} else {
|
|
417
|
-
component = in.subspan(0, dot - in.begin());
|
|
418
|
-
in = in.subspan(dot - in.begin() + 1); // Skip the dot.
|
|
419
|
-
}
|
|
420
|
-
if (!parse_ipv4_number(component, &numbers[num_numbers])) {
|
|
421
|
-
return false;
|
|
422
|
-
}
|
|
423
|
-
num_numbers++;
|
|
424
|
-
}
|
|
425
|
-
if (num_numbers == 0) {
|
|
326
|
+
static bool is_decimal_component(Span<const uint8_t> in) {
|
|
327
|
+
if (in.empty()) {
|
|
426
328
|
return false;
|
|
427
329
|
}
|
|
428
|
-
for (
|
|
429
|
-
if (
|
|
330
|
+
for (uint8_t b : in) {
|
|
331
|
+
if (!('0' <= b && b <= '9')) {
|
|
430
332
|
return false;
|
|
431
333
|
}
|
|
432
334
|
}
|
|
433
|
-
return
|
|
434
|
-
numbers[num_numbers - 1] < 1u << (8 * (5 - num_numbers));
|
|
335
|
+
return true;
|
|
435
336
|
}
|
|
436
337
|
|
|
437
338
|
bool ssl_is_valid_ech_public_name(Span<const uint8_t> public_name) {
|
|
438
|
-
// See draft-ietf-tls-esni-
|
|
339
|
+
// See draft-ietf-tls-esni-13, Section 4 and RFC 5890, Section 2.3.1. The
|
|
439
340
|
// public name must be a dot-separated sequence of LDH labels and not begin or
|
|
440
341
|
// end with a dot.
|
|
441
|
-
auto
|
|
442
|
-
if (
|
|
342
|
+
auto remaining = public_name;
|
|
343
|
+
if (remaining.empty()) {
|
|
443
344
|
return false;
|
|
444
345
|
}
|
|
445
|
-
|
|
346
|
+
Span<const uint8_t> last;
|
|
347
|
+
while (!remaining.empty()) {
|
|
446
348
|
// Find the next dot-separated component.
|
|
447
|
-
auto dot = std::find(
|
|
349
|
+
auto dot = std::find(remaining.begin(), remaining.end(), '.');
|
|
448
350
|
Span<const uint8_t> component;
|
|
449
|
-
if (dot ==
|
|
450
|
-
component =
|
|
451
|
-
|
|
351
|
+
if (dot == remaining.end()) {
|
|
352
|
+
component = remaining;
|
|
353
|
+
last = component;
|
|
354
|
+
remaining = Span<const uint8_t>();
|
|
452
355
|
} else {
|
|
453
|
-
component =
|
|
454
|
-
|
|
455
|
-
|
|
356
|
+
component = remaining.subspan(0, dot - remaining.begin());
|
|
357
|
+
// Skip the dot.
|
|
358
|
+
remaining = remaining.subspan(dot - remaining.begin() + 1);
|
|
359
|
+
if (remaining.empty()) {
|
|
456
360
|
// Trailing dots are not allowed.
|
|
457
361
|
return false;
|
|
458
362
|
}
|
|
@@ -471,7 +375,15 @@ bool ssl_is_valid_ech_public_name(Span<const uint8_t> public_name) {
|
|
|
471
375
|
}
|
|
472
376
|
}
|
|
473
377
|
|
|
474
|
-
|
|
378
|
+
// The WHATWG URL parser additionally does not allow any DNS names that end in
|
|
379
|
+
// a numeric component. See:
|
|
380
|
+
// https://url.spec.whatwg.org/#concept-host-parser
|
|
381
|
+
// https://url.spec.whatwg.org/#ends-in-a-number-checker
|
|
382
|
+
//
|
|
383
|
+
// The WHATWG parser is formulated in terms of parsing decimal, octal, and
|
|
384
|
+
// hex, along with a separate ASCII digits check. The ASCII digits check
|
|
385
|
+
// subsumes the decimal and octal check, so we only need to check two cases.
|
|
386
|
+
return !is_hex_component(last) && !is_decimal_component(last);
|
|
475
387
|
}
|
|
476
388
|
|
|
477
389
|
static bool parse_ech_config(CBS *cbs, ECHConfig *out, bool *out_supported,
|
|
@@ -507,8 +419,8 @@ static bool parse_ech_config(CBS *cbs, ECHConfig *out, bool *out_supported,
|
|
|
507
419
|
CBS_len(&public_key) == 0 ||
|
|
508
420
|
!CBS_get_u16_length_prefixed(&contents, &cipher_suites) ||
|
|
509
421
|
CBS_len(&cipher_suites) == 0 || CBS_len(&cipher_suites) % 4 != 0 ||
|
|
510
|
-
!
|
|
511
|
-
!
|
|
422
|
+
!CBS_get_u8(&contents, &out->maximum_name_length) ||
|
|
423
|
+
!CBS_get_u8_length_prefixed(&contents, &public_name) ||
|
|
512
424
|
CBS_len(&public_name) == 0 ||
|
|
513
425
|
!CBS_get_u16_length_prefixed(&contents, &extensions) ||
|
|
514
426
|
CBS_len(&contents) != 0) {
|
|
@@ -772,15 +684,6 @@ static size_t aead_overhead(const EVP_HPKE_AEAD *aead) {
|
|
|
772
684
|
#endif
|
|
773
685
|
}
|
|
774
686
|
|
|
775
|
-
static size_t compute_extension_length(const EVP_HPKE_AEAD *aead,
|
|
776
|
-
size_t enc_len, size_t in_len) {
|
|
777
|
-
size_t ret = 4; // HpkeSymmetricCipherSuite cipher_suite
|
|
778
|
-
ret++; // uint8 config_id
|
|
779
|
-
ret += 2 + enc_len; // opaque enc<1..2^16-1>
|
|
780
|
-
ret += 2 + in_len + aead_overhead(aead); // opaque payload<1..2^16-1>
|
|
781
|
-
return ret;
|
|
782
|
-
}
|
|
783
|
-
|
|
784
687
|
// random_size returns a random value between |min| and |max|, inclusive.
|
|
785
688
|
static size_t random_size(size_t min, size_t max) {
|
|
786
689
|
assert(min < max);
|
|
@@ -813,38 +716,32 @@ static bool setup_ech_grease(SSL_HANDSHAKE *hs) {
|
|
|
813
716
|
// 2+32+1+2 version, random, legacy_session_id, legacy_compression_methods
|
|
814
717
|
// 2+4*2 cipher_suites (three TLS 1.3 ciphers, GREASE)
|
|
815
718
|
// 2 extensions prefix
|
|
816
|
-
//
|
|
719
|
+
// 5 inner encrypted_client_hello
|
|
817
720
|
// 4+1+2*2 supported_versions (TLS 1.3, GREASE)
|
|
818
721
|
// 4+1+10*2 outer_extensions (key_share, sigalgs, sct, alpn,
|
|
819
722
|
// supported_groups, status_request, psk_key_exchange_modes,
|
|
820
723
|
// compress_certificate, GREASE x2)
|
|
821
724
|
//
|
|
822
725
|
// The server_name extension has an overhead of 9 bytes. For now, arbitrarily
|
|
823
|
-
// estimate maximum_name_length to be between 32 and 100 bytes.
|
|
824
|
-
//
|
|
825
|
-
|
|
826
|
-
|
|
827
|
-
// https://github.com/tlswg/draft-ietf-tls-esni/issues/433
|
|
828
|
-
const size_t overhead = aead_overhead(aead);
|
|
829
|
-
const size_t in_len = random_size(128, 196);
|
|
830
|
-
const size_t extension_len =
|
|
831
|
-
compute_extension_length(aead, sizeof(enc), in_len);
|
|
726
|
+
// estimate maximum_name_length to be between 32 and 100 bytes. Then round up
|
|
727
|
+
// to a multiple of 32, to match draft-ietf-tls-esni-13, section 6.1.3.
|
|
728
|
+
const size_t payload_len =
|
|
729
|
+
32 * random_size(128 / 32, 224 / 32) + aead_overhead(aead);
|
|
832
730
|
bssl::ScopedCBB cbb;
|
|
833
731
|
CBB enc_cbb, payload_cbb;
|
|
834
732
|
uint8_t *payload;
|
|
835
|
-
if (!CBB_init(cbb.get(),
|
|
733
|
+
if (!CBB_init(cbb.get(), 256) ||
|
|
836
734
|
!CBB_add_u16(cbb.get(), kdf_id) ||
|
|
837
735
|
!CBB_add_u16(cbb.get(), EVP_HPKE_AEAD_id(aead)) ||
|
|
838
736
|
!CBB_add_u8(cbb.get(), config_id) ||
|
|
839
737
|
!CBB_add_u16_length_prefixed(cbb.get(), &enc_cbb) ||
|
|
840
738
|
!CBB_add_bytes(&enc_cbb, enc, sizeof(enc)) ||
|
|
841
739
|
!CBB_add_u16_length_prefixed(cbb.get(), &payload_cbb) ||
|
|
842
|
-
!CBB_add_space(&payload_cbb, &payload,
|
|
843
|
-
!RAND_bytes(payload,
|
|
844
|
-
!CBBFinishArray(cbb.get(), &hs->
|
|
740
|
+
!CBB_add_space(&payload_cbb, &payload, payload_len) ||
|
|
741
|
+
!RAND_bytes(payload, payload_len) ||
|
|
742
|
+
!CBBFinishArray(cbb.get(), &hs->ech_client_outer)) {
|
|
845
743
|
return false;
|
|
846
744
|
}
|
|
847
|
-
assert(hs->ech_client_bytes.size() == extension_len);
|
|
848
745
|
return true;
|
|
849
746
|
}
|
|
850
747
|
|
|
@@ -855,22 +752,22 @@ bool ssl_encrypt_client_hello(SSL_HANDSHAKE *hs, Span<const uint8_t> enc) {
|
|
|
855
752
|
}
|
|
856
753
|
|
|
857
754
|
// Construct ClientHelloInner and EncodedClientHelloInner. See
|
|
858
|
-
// draft-ietf-tls-esni-
|
|
859
|
-
|
|
755
|
+
// draft-ietf-tls-esni-13, sections 5.1 and 6.1.
|
|
756
|
+
ScopedCBB cbb, encoded_cbb;
|
|
860
757
|
CBB body;
|
|
861
758
|
bool needs_psk_binder;
|
|
862
|
-
|
|
759
|
+
Array<uint8_t> hello_inner;
|
|
863
760
|
if (!ssl->method->init_message(ssl, cbb.get(), &body, SSL3_MT_CLIENT_HELLO) ||
|
|
864
|
-
!CBB_init(
|
|
761
|
+
!CBB_init(encoded_cbb.get(), 256) ||
|
|
865
762
|
!ssl_write_client_hello_without_extensions(hs, &body,
|
|
866
763
|
ssl_client_hello_inner,
|
|
867
764
|
/*empty_session_id=*/false) ||
|
|
868
|
-
!ssl_write_client_hello_without_extensions(hs,
|
|
765
|
+
!ssl_write_client_hello_without_extensions(hs, encoded_cbb.get(),
|
|
869
766
|
ssl_client_hello_inner,
|
|
870
767
|
/*empty_session_id=*/true) ||
|
|
871
|
-
!ssl_add_clienthello_tlsext(hs, &body,
|
|
872
|
-
|
|
873
|
-
|
|
768
|
+
!ssl_add_clienthello_tlsext(hs, &body, encoded_cbb.get(),
|
|
769
|
+
&needs_psk_binder, ssl_client_hello_inner,
|
|
770
|
+
CBB_len(&body)) ||
|
|
874
771
|
!ssl->method->finish_message(ssl, cbb.get(), &hello_inner)) {
|
|
875
772
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
876
773
|
return false;
|
|
@@ -883,13 +780,12 @@ bool ssl_encrypt_client_hello(SSL_HANDSHAKE *hs, Span<const uint8_t> enc) {
|
|
|
883
780
|
return false;
|
|
884
781
|
}
|
|
885
782
|
// Also update the EncodedClientHelloInner.
|
|
886
|
-
|
|
887
|
-
|
|
888
|
-
|
|
889
|
-
|
|
890
|
-
|
|
891
|
-
|
|
892
|
-
hello_inner.data() + hello_inner.size() - binder_len,
|
|
783
|
+
auto encoded_binder =
|
|
784
|
+
MakeSpan(const_cast<uint8_t *>(CBB_data(encoded_cbb.get())),
|
|
785
|
+
CBB_len(encoded_cbb.get()))
|
|
786
|
+
.last(binder_len);
|
|
787
|
+
auto hello_inner_binder = MakeConstSpan(hello_inner).last(binder_len);
|
|
788
|
+
OPENSSL_memcpy(encoded_binder.data(), hello_inner_binder.data(),
|
|
893
789
|
binder_len);
|
|
894
790
|
}
|
|
895
791
|
|
|
@@ -897,74 +793,82 @@ bool ssl_encrypt_client_hello(SSL_HANDSHAKE *hs, Span<const uint8_t> enc) {
|
|
|
897
793
|
return false;
|
|
898
794
|
}
|
|
899
795
|
|
|
900
|
-
//
|
|
901
|
-
|
|
902
|
-
|
|
903
|
-
|
|
796
|
+
// Pad the EncodedClientHelloInner. See draft-ietf-tls-esni-13, section 6.1.3.
|
|
797
|
+
size_t padding_len = 0;
|
|
798
|
+
size_t maximum_name_length = hs->selected_ech_config->maximum_name_length;
|
|
799
|
+
if (ssl->hostname) {
|
|
800
|
+
size_t hostname_len = strlen(ssl->hostname.get());
|
|
801
|
+
if (hostname_len <= maximum_name_length) {
|
|
802
|
+
padding_len = maximum_name_length - hostname_len;
|
|
803
|
+
}
|
|
804
|
+
} else {
|
|
805
|
+
// No SNI. Pad up to |maximum_name_length|, including server_name extension
|
|
806
|
+
// overhead.
|
|
807
|
+
padding_len = 9 + maximum_name_length;
|
|
808
|
+
}
|
|
809
|
+
// Pad the whole thing to a multiple of 32 bytes.
|
|
810
|
+
padding_len += 31 - ((CBB_len(encoded_cbb.get()) + padding_len - 1) % 32);
|
|
811
|
+
Array<uint8_t> encoded;
|
|
812
|
+
if (!CBB_add_zeros(encoded_cbb.get(), padding_len) ||
|
|
813
|
+
!CBBFinishArray(encoded_cbb.get(), &encoded)) {
|
|
814
|
+
return false;
|
|
815
|
+
}
|
|
816
|
+
|
|
817
|
+
// Encrypt |encoded|. See draft-ietf-tls-esni-13, section 6.1.1. First,
|
|
818
|
+
// assemble the extension with a placeholder value for ClientHelloOuterAAD.
|
|
819
|
+
// See draft-ietf-tls-esni-13, section 5.2.
|
|
904
820
|
const EVP_HPKE_KDF *kdf = EVP_HPKE_CTX_kdf(hs->ech_hpke_ctx.get());
|
|
905
821
|
const EVP_HPKE_AEAD *aead = EVP_HPKE_CTX_aead(hs->ech_hpke_ctx.get());
|
|
906
|
-
|
|
907
|
-
|
|
822
|
+
size_t payload_len = encoded.size() + aead_overhead(aead);
|
|
823
|
+
CBB enc_cbb, payload_cbb;
|
|
824
|
+
if (!CBB_init(cbb.get(), 256) ||
|
|
825
|
+
!CBB_add_u16(cbb.get(), EVP_HPKE_KDF_id(kdf)) ||
|
|
826
|
+
!CBB_add_u16(cbb.get(), EVP_HPKE_AEAD_id(aead)) ||
|
|
827
|
+
!CBB_add_u8(cbb.get(), hs->selected_ech_config->config_id) ||
|
|
828
|
+
!CBB_add_u16_length_prefixed(cbb.get(), &enc_cbb) ||
|
|
829
|
+
!CBB_add_bytes(&enc_cbb, enc.data(), enc.size()) ||
|
|
830
|
+
!CBB_add_u16_length_prefixed(cbb.get(), &payload_cbb) ||
|
|
831
|
+
!CBB_add_zeros(&payload_cbb, payload_len) ||
|
|
832
|
+
!CBBFinishArray(cbb.get(), &hs->ech_client_outer)) {
|
|
833
|
+
return false;
|
|
834
|
+
}
|
|
835
|
+
|
|
836
|
+
// Construct ClientHelloOuterAAD.
|
|
837
|
+
// TODO(https://crbug.com/boringssl/275): This ends up constructing the
|
|
838
|
+
// ClientHelloOuter twice. Instead, reuse |aad| for the ClientHello, now that
|
|
839
|
+
// draft-12 made the length prefixes match.
|
|
908
840
|
bssl::ScopedCBB aad;
|
|
909
|
-
CBB outer_hello;
|
|
910
|
-
CBB enc_cbb;
|
|
911
841
|
if (!CBB_init(aad.get(), 256) ||
|
|
912
|
-
!
|
|
913
|
-
!CBB_add_u16(aad.get(), EVP_HPKE_AEAD_id(aead)) ||
|
|
914
|
-
!CBB_add_u8(aad.get(), hs->selected_ech_config->config_id) ||
|
|
915
|
-
!CBB_add_u16_length_prefixed(aad.get(), &enc_cbb) ||
|
|
916
|
-
!CBB_add_bytes(&enc_cbb, enc.data(), enc.size()) ||
|
|
917
|
-
!CBB_add_u24_length_prefixed(aad.get(), &outer_hello) ||
|
|
918
|
-
!ssl_write_client_hello_without_extensions(hs, &outer_hello,
|
|
842
|
+
!ssl_write_client_hello_without_extensions(hs, aad.get(),
|
|
919
843
|
ssl_client_hello_outer,
|
|
920
844
|
/*empty_session_id=*/false) ||
|
|
921
|
-
!ssl_add_clienthello_tlsext(hs,
|
|
845
|
+
!ssl_add_clienthello_tlsext(hs, aad.get(), /*out_encoded=*/nullptr,
|
|
922
846
|
&needs_psk_binder, ssl_client_hello_outer,
|
|
923
|
-
CBB_len(
|
|
924
|
-
/*omit_ech_len=*/4 + extension_len) ||
|
|
925
|
-
!CBB_flush(aad.get())) {
|
|
847
|
+
CBB_len(aad.get()))) {
|
|
926
848
|
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
927
849
|
return false;
|
|
928
850
|
}
|
|
851
|
+
|
|
929
852
|
// ClientHelloOuter may not require a PSK binder. Otherwise, we have a
|
|
930
853
|
// circular dependency.
|
|
931
854
|
assert(!needs_psk_binder);
|
|
932
855
|
|
|
933
|
-
|
|
934
|
-
|
|
935
|
-
!CBB_add_u16(cbb.get(), EVP_HPKE_KDF_id(kdf)) ||
|
|
936
|
-
!CBB_add_u16(cbb.get(), EVP_HPKE_AEAD_id(aead)) ||
|
|
937
|
-
!CBB_add_u8(cbb.get(), hs->selected_ech_config->config_id) ||
|
|
938
|
-
!CBB_add_u16_length_prefixed(cbb.get(), &enc_cbb) ||
|
|
939
|
-
!CBB_add_bytes(&enc_cbb, enc.data(), enc.size()) ||
|
|
940
|
-
!CBB_add_u16_length_prefixed(cbb.get(), &payload_cbb)) {
|
|
941
|
-
return false;
|
|
942
|
-
}
|
|
856
|
+
// Replace the payload in |hs->ech_client_outer| with the encrypted value.
|
|
857
|
+
auto payload_span = MakeSpan(hs->ech_client_outer).last(payload_len);
|
|
943
858
|
#if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
|
|
944
859
|
// In fuzzer mode, the server expects a cleartext payload.
|
|
945
|
-
|
|
946
|
-
|
|
947
|
-
return false;
|
|
948
|
-
}
|
|
860
|
+
assert(payload_span.size() == encoded.size());
|
|
861
|
+
OPENSSL_memcpy(payload_span.data(), encoded.data(), encoded.size());
|
|
949
862
|
#else
|
|
950
|
-
|
|
951
|
-
|
|
952
|
-
|
|
953
|
-
if (!CBB_reserve(&payload_cbb, &payload, payload_len) ||
|
|
954
|
-
!EVP_HPKE_CTX_seal(hs->ech_hpke_ctx.get(), payload, &payload_len,
|
|
955
|
-
payload_len, CBB_data(encoded.get()),
|
|
956
|
-
CBB_len(encoded.get()), CBB_data(aad.get()),
|
|
863
|
+
if (!EVP_HPKE_CTX_seal(hs->ech_hpke_ctx.get(), payload_span.data(),
|
|
864
|
+
&payload_len, payload_span.size(), encoded.data(),
|
|
865
|
+
encoded.size(), CBB_data(aad.get()),
|
|
957
866
|
CBB_len(aad.get())) ||
|
|
958
|
-
|
|
867
|
+
payload_len != payload_span.size()) {
|
|
959
868
|
return false;
|
|
960
869
|
}
|
|
961
870
|
#endif // BORINGSSL_UNSAFE_FUZZER_MODE
|
|
962
|
-
if (!CBBFinishArray(cbb.get(), &hs->ech_client_bytes)) {
|
|
963
|
-
return false;
|
|
964
|
-
}
|
|
965
871
|
|
|
966
|
-
// The |aad| calculation relies on |extension_length| being correct.
|
|
967
|
-
assert(hs->ech_client_bytes.size() == extension_len);
|
|
968
872
|
return true;
|
|
969
873
|
}
|
|
970
874
|
|
|
@@ -993,6 +897,47 @@ int SSL_set1_ech_config_list(SSL *ssl, const uint8_t *ech_config_list,
|
|
|
993
897
|
return ssl->config->client_ech_config_list.CopyFrom(span);
|
|
994
898
|
}
|
|
995
899
|
|
|
900
|
+
void SSL_get0_ech_name_override(const SSL *ssl, const char **out_name,
|
|
901
|
+
size_t *out_name_len) {
|
|
902
|
+
// When ECH is rejected, we use the public name. Note that, if
|
|
903
|
+
// |SSL_CTX_set_reverify_on_resume| is enabled, we reverify the certificate
|
|
904
|
+
// before the 0-RTT point. If also offering ECH, we verify as if
|
|
905
|
+
// ClientHelloInner was accepted and do not override. This works because, at
|
|
906
|
+
// this point, |ech_status| will be |ssl_ech_none|. See the
|
|
907
|
+
// ECH-Client-Reject-EarlyDataReject-OverrideNameOnRetry tests in runner.go.
|
|
908
|
+
const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
909
|
+
if (!ssl->server && hs && ssl->s3->ech_status == ssl_ech_rejected) {
|
|
910
|
+
*out_name = reinterpret_cast<const char *>(
|
|
911
|
+
hs->selected_ech_config->public_name.data());
|
|
912
|
+
*out_name_len = hs->selected_ech_config->public_name.size();
|
|
913
|
+
} else {
|
|
914
|
+
*out_name = nullptr;
|
|
915
|
+
*out_name_len = 0;
|
|
916
|
+
}
|
|
917
|
+
}
|
|
918
|
+
|
|
919
|
+
void SSL_get0_ech_retry_configs(
|
|
920
|
+
const SSL *ssl, const uint8_t **out_retry_configs,
|
|
921
|
+
size_t *out_retry_configs_len) {
|
|
922
|
+
const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
|
|
923
|
+
if (!hs || !hs->ech_authenticated_reject) {
|
|
924
|
+
// It is an error to call this function except in response to
|
|
925
|
+
// |SSL_R_ECH_REJECTED|. Returning an empty string risks the caller
|
|
926
|
+
// mistakenly believing the server has disabled ECH. Instead, return a
|
|
927
|
+
// non-empty ECHConfigList with a syntax error, so the subsequent
|
|
928
|
+
// |SSL_set1_ech_config_list| call will fail.
|
|
929
|
+
assert(0);
|
|
930
|
+
static const uint8_t kPlaceholder[] = {
|
|
931
|
+
kECHConfigVersion >> 8, kECHConfigVersion & 0xff, 0xff, 0xff, 0xff};
|
|
932
|
+
*out_retry_configs = kPlaceholder;
|
|
933
|
+
*out_retry_configs_len = sizeof(kPlaceholder);
|
|
934
|
+
return;
|
|
935
|
+
}
|
|
936
|
+
|
|
937
|
+
*out_retry_configs = hs->ech_retry_configs.data();
|
|
938
|
+
*out_retry_configs_len = hs->ech_retry_configs.size();
|
|
939
|
+
}
|
|
940
|
+
|
|
996
941
|
int SSL_marshal_ech_config(uint8_t **out, size_t *out_len, uint8_t config_id,
|
|
997
942
|
const EVP_HPKE_KEY *key, const char *public_name,
|
|
998
943
|
size_t max_name_len) {
|
|
@@ -1003,7 +948,13 @@ int SSL_marshal_ech_config(uint8_t **out, size_t *out_len, uint8_t config_id,
|
|
|
1003
948
|
return 0;
|
|
1004
949
|
}
|
|
1005
950
|
|
|
1006
|
-
//
|
|
951
|
+
// The maximum name length is encoded in one byte.
|
|
952
|
+
if (max_name_len > 0xff) {
|
|
953
|
+
OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_LENGTH);
|
|
954
|
+
return 0;
|
|
955
|
+
}
|
|
956
|
+
|
|
957
|
+
// See draft-ietf-tls-esni-13, section 4.
|
|
1007
958
|
ScopedCBB cbb;
|
|
1008
959
|
CBB contents, child;
|
|
1009
960
|
uint8_t *public_key;
|
|
@@ -1024,8 +975,8 @@ int SSL_marshal_ech_config(uint8_t **out, size_t *out_len, uint8_t config_id,
|
|
|
1024
975
|
!CBB_add_u16(&child, EVP_HPKE_AES_128_GCM) ||
|
|
1025
976
|
!CBB_add_u16(&child, EVP_HPKE_HKDF_SHA256) ||
|
|
1026
977
|
!CBB_add_u16(&child, EVP_HPKE_CHACHA20_POLY1305) ||
|
|
1027
|
-
!
|
|
1028
|
-
!
|
|
978
|
+
!CBB_add_u8(&contents, max_name_len) ||
|
|
979
|
+
!CBB_add_u8_length_prefixed(&contents, &child) ||
|
|
1029
980
|
!CBB_add_bytes(&child, public_name_u8.data(), public_name_u8.size()) ||
|
|
1030
981
|
// TODO(https://crbug.com/boringssl/275): Reserve some GREASE extensions
|
|
1031
982
|
// and include some.
|
|
@@ -1129,5 +1080,5 @@ int SSL_ech_accepted(const SSL *ssl) {
|
|
|
1129
1080
|
return ssl->s3->hs->selected_ech_config != nullptr;
|
|
1130
1081
|
}
|
|
1131
1082
|
|
|
1132
|
-
return ssl->s3->
|
|
1083
|
+
return ssl->s3->ech_status == ssl_ech_accepted;
|
|
1133
1084
|
}
|