grpc 1.40.0 → 1.41.0.pre2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (827) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +27 -36
  3. data/include/grpc/byte_buffer.h +1 -1
  4. data/include/grpc/byte_buffer_reader.h +1 -1
  5. data/include/grpc/event_engine/endpoint_config.h +6 -11
  6. data/include/grpc/event_engine/event_engine.h +63 -58
  7. data/include/grpc/event_engine/port.h +1 -3
  8. data/include/grpc/event_engine/slice_allocator.h +6 -1
  9. data/include/grpc/fork.h +1 -1
  10. data/include/grpc/grpc.h +10 -4
  11. data/include/grpc/grpc_posix.h +5 -2
  12. data/include/grpc/impl/codegen/atm.h +5 -3
  13. data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
  14. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  15. data/include/grpc/impl/codegen/atm_windows.h +2 -0
  16. data/include/grpc/impl/codegen/byte_buffer.h +2 -0
  17. data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
  18. data/include/grpc/impl/codegen/compression_types.h +2 -0
  19. data/include/grpc/impl/codegen/connectivity_state.h +2 -0
  20. data/include/grpc/impl/codegen/fork.h +2 -0
  21. data/include/grpc/impl/codegen/gpr_slice.h +2 -0
  22. data/include/grpc/impl/codegen/gpr_types.h +2 -0
  23. data/include/grpc/impl/codegen/grpc_types.h +4 -5
  24. data/include/grpc/impl/codegen/log.h +2 -0
  25. data/include/grpc/impl/codegen/port_platform.h +26 -22
  26. data/include/grpc/impl/codegen/propagation_bits.h +2 -0
  27. data/include/grpc/impl/codegen/slice.h +2 -0
  28. data/include/grpc/impl/codegen/status.h +2 -0
  29. data/include/grpc/impl/codegen/sync.h +8 -5
  30. data/include/grpc/impl/codegen/sync_abseil.h +2 -0
  31. data/include/grpc/impl/codegen/sync_custom.h +2 -0
  32. data/include/grpc/impl/codegen/sync_generic.h +3 -0
  33. data/include/grpc/impl/codegen/sync_posix.h +4 -2
  34. data/include/grpc/impl/codegen/sync_windows.h +2 -0
  35. data/include/grpc/slice.h +1 -1
  36. data/include/grpc/status.h +1 -1
  37. data/include/grpc/support/atm.h +1 -1
  38. data/include/grpc/support/atm_gcc_atomic.h +1 -1
  39. data/include/grpc/support/atm_gcc_sync.h +1 -1
  40. data/include/grpc/support/atm_windows.h +1 -1
  41. data/include/grpc/support/log.h +1 -1
  42. data/include/grpc/support/port_platform.h +1 -1
  43. data/include/grpc/support/sync.h +1 -1
  44. data/include/grpc/support/sync_abseil.h +1 -1
  45. data/include/grpc/support/sync_custom.h +1 -1
  46. data/include/grpc/support/sync_generic.h +1 -1
  47. data/include/grpc/support/sync_posix.h +1 -1
  48. data/include/grpc/support/sync_windows.h +1 -1
  49. data/include/grpc/support/time.h +2 -2
  50. data/src/core/ext/filters/census/grpc_context.cc +1 -0
  51. data/src/core/ext/filters/client_channel/backend_metric.cc +0 -1
  52. data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
  53. data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -2
  54. data/src/core/ext/filters/client_channel/client_channel.cc +24 -52
  55. data/src/core/ext/filters/client_channel/client_channel.h +3 -3
  56. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
  57. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  58. data/src/core/ext/filters/client_channel/client_channel_factory.cc +1 -0
  59. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +8 -1
  60. data/src/core/ext/filters/client_channel/config_selector.cc +1 -0
  61. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -6
  62. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -3
  63. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -7
  64. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
  65. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -2
  66. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +2 -8
  67. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  68. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
  69. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -2
  70. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -1
  71. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -23
  72. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +1 -0
  73. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -2
  74. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +2 -8
  75. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +15 -18
  76. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +10 -7
  77. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -8
  78. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +2 -3
  79. data/src/core/ext/filters/client_channel/lb_policy.h +11 -44
  80. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -7
  81. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -10
  82. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -0
  83. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
  84. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +6 -5
  85. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +14 -19
  86. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -0
  87. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  88. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +5 -5
  89. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +5 -8
  90. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +2 -3
  91. data/src/core/ext/filters/client_idle/client_idle_filter.cc +36 -30
  92. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -6
  93. data/src/core/ext/filters/fault_injection/service_config_parser.cc +6 -13
  94. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -2
  95. data/src/core/ext/filters/http/client_authority_filter.cc +2 -1
  96. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +2 -1
  97. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +7 -8
  98. data/src/core/ext/filters/http/server/http_server_filter.cc +5 -3
  99. data/src/core/ext/filters/message_size/message_size_filter.cc +9 -13
  100. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  101. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +29 -12
  102. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
  103. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -3
  104. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +10 -6
  105. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +2 -3
  106. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +60 -37
  107. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -1
  108. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -6
  109. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +5 -9
  110. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
  111. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
  112. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
  113. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +4 -3
  114. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +2 -2
  115. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +24 -30
  116. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +4 -1
  117. data/src/core/ext/transport/chttp2/transport/context_list.h +1 -2
  118. data/src/core/ext/transport/chttp2/transport/flow_control.cc +39 -23
  119. data/src/core/ext/transport/chttp2/transport/flow_control.h +9 -3
  120. data/src/core/ext/transport/chttp2/transport/frame_data.cc +7 -7
  121. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -0
  122. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -3
  123. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -0
  124. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -4
  125. data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -0
  126. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -5
  127. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -0
  128. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +36 -5
  129. data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -0
  130. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +12 -7
  131. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -0
  132. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
  133. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +272 -666
  134. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +236 -70
  135. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
  136. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
  137. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
  138. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +776 -1037
  139. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +48 -169
  140. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +159 -0
  141. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +130 -0
  142. data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
  143. data/src/core/ext/transport/chttp2/transport/hpack_utils.h +30 -0
  144. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  145. data/src/core/ext/transport/chttp2/transport/internal.h +2 -2
  146. data/src/core/ext/transport/chttp2/transport/parsing.cc +20 -30
  147. data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
  148. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
  149. data/src/core/ext/transport/chttp2/transport/varint.cc +7 -3
  150. data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
  151. data/src/core/ext/transport/chttp2/transport/writing.cc +32 -28
  152. data/src/core/ext/transport/inproc/inproc_transport.cc +6 -4
  153. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +96 -96
  154. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +221 -89
  155. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
  156. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -1
  157. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
  158. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +11 -5
  159. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -48
  160. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +151 -61
  161. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +99 -99
  162. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +171 -69
  163. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +15 -15
  164. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +31 -13
  165. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +126 -127
  166. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +229 -101
  167. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
  168. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +11 -5
  169. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +23 -23
  170. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +11 -5
  171. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +28 -28
  172. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +71 -29
  173. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
  174. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +11 -5
  175. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +82 -82
  176. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +201 -81
  177. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +24 -24
  178. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +51 -21
  179. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
  180. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +11 -5
  181. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
  182. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +21 -9
  183. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +62 -62
  184. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +131 -53
  185. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +51 -51
  186. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +81 -33
  187. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
  188. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +11 -5
  189. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +62 -62
  190. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +141 -57
  191. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -3
  192. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +11 -5
  193. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +7 -7
  194. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +21 -9
  195. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
  196. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +11 -5
  197. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +8 -8
  198. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +11 -5
  199. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +4 -4
  200. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +11 -5
  201. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -16
  202. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +31 -13
  203. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +57 -22
  204. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +174 -17
  205. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
  206. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +51 -21
  207. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
  208. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -5
  209. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +37 -37
  210. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +61 -25
  211. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +40 -40
  212. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +71 -29
  213. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +9 -9
  214. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +11 -5
  215. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +5 -5
  216. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +21 -9
  217. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +30 -30
  218. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +81 -33
  219. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +41 -29
  220. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +141 -43
  221. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +46 -43
  222. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +88 -29
  223. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +18 -18
  224. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +31 -13
  225. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +281 -277
  226. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +569 -248
  227. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
  228. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +31 -13
  229. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -6
  230. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +21 -9
  231. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +3 -3
  232. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +11 -5
  233. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +13 -13
  234. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +51 -21
  235. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +23 -23
  236. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +31 -13
  237. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +9 -9
  238. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +11 -5
  239. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +115 -116
  240. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +191 -77
  241. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -1
  242. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -1
  243. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +46 -32
  244. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +118 -34
  245. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -12
  246. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +31 -13
  247. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +44 -42
  248. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +108 -55
  249. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
  250. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +11 -5
  251. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
  252. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +11 -5
  253. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +42 -42
  254. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +61 -25
  255. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -2
  256. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +11 -5
  257. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -2
  258. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +11 -5
  259. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -9
  260. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +21 -9
  261. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -2
  262. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +11 -5
  263. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
  264. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +11 -5
  265. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +28 -28
  266. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +51 -21
  267. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +8 -8
  268. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +41 -17
  269. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
  270. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -9
  271. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +4 -4
  272. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +11 -5
  273. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
  274. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +11 -5
  275. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
  276. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +11 -5
  277. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +9 -9
  278. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +31 -13
  279. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -10
  280. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +21 -9
  281. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +6 -6
  282. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +21 -9
  283. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
  284. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +31 -13
  285. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
  286. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +71 -29
  287. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
  288. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +51 -21
  289. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
  290. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -1
  291. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
  292. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +21 -9
  293. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
  294. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +31 -13
  295. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
  296. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +11 -5
  297. data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
  298. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -1
  299. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +58 -58
  300. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +111 -45
  301. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +68 -68
  302. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +121 -49
  303. data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
  304. data/src/core/ext/upb-generated/google/api/http.upb.h +31 -13
  305. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
  306. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +11 -5
  307. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +153 -153
  308. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +271 -109
  309. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
  310. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +11 -5
  311. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
  312. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +11 -5
  313. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
  314. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +31 -13
  315. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
  316. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +11 -5
  317. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
  318. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +91 -37
  319. data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
  320. data/src/core/ext/upb-generated/google/rpc/status.upb.h +11 -5
  321. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
  322. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -5
  323. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +60 -60
  324. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +101 -41
  325. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +7 -7
  326. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -9
  327. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
  328. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +21 -9
  329. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
  330. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +91 -37
  331. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
  332. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +31 -13
  333. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -4
  334. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +11 -5
  335. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
  336. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -1
  337. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
  338. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +11 -5
  339. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
  340. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +11 -5
  341. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +13 -13
  342. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +11 -5
  343. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +4 -4
  344. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +11 -5
  345. data/src/core/ext/upb-generated/validate/validate.upb.c +220 -220
  346. data/src/core/ext/upb-generated/validate/validate.upb.h +231 -93
  347. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +3 -3
  348. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +11 -5
  349. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +8 -8
  350. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +21 -9
  351. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +6 -6
  352. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +11 -5
  353. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +5 -5
  354. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +11 -5
  355. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +11 -11
  356. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +21 -9
  357. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +6 -6
  358. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +11 -5
  359. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +384 -382
  360. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +94 -63
  361. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
  362. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +30 -19
  363. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
  364. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +791 -780
  365. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +96 -100
  366. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +133 -115
  367. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
  368. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +178 -173
  369. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
  370. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +103 -103
  371. data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
  372. data/src/core/ext/xds/xds_api.cc +788 -910
  373. data/src/core/ext/xds/xds_api.h +16 -33
  374. data/src/core/ext/xds/xds_bootstrap.cc +27 -52
  375. data/src/core/ext/xds/xds_client.cc +69 -30
  376. data/src/core/ext/xds/xds_client_stats.cc +16 -15
  377. data/src/core/ext/xds/xds_client_stats.h +6 -6
  378. data/src/core/ext/xds/xds_http_fault_filter.cc +4 -3
  379. data/src/core/ext/xds/xds_http_fault_filter.h +3 -2
  380. data/src/core/ext/xds/xds_http_filters.cc +1 -0
  381. data/src/core/ext/xds/xds_server_config_fetcher.cc +10 -10
  382. data/src/core/lib/address_utils/parse_address.cc +4 -8
  383. data/src/core/lib/address_utils/sockaddr_utils.cc +2 -2
  384. data/src/core/lib/channel/channel_args.cc +2 -1
  385. data/src/core/lib/channel/channel_stack.cc +5 -3
  386. data/src/core/lib/channel/channel_stack_builder.cc +1 -11
  387. data/src/core/lib/channel/channel_stack_builder.h +0 -8
  388. data/src/core/lib/channel/channel_trace.cc +4 -3
  389. data/src/core/lib/channel/channel_trace.h +1 -0
  390. data/src/core/lib/channel/channelz.cc +40 -36
  391. data/src/core/lib/channel/channelz.h +27 -27
  392. data/src/core/lib/channel/channelz_registry.cc +7 -6
  393. data/src/core/lib/channel/connected_channel.cc +1 -0
  394. data/src/core/lib/channel/handshaker.cc +2 -1
  395. data/src/core/lib/channel/handshaker.h +1 -2
  396. data/src/core/lib/channel/handshaker_factory.h +10 -2
  397. data/src/core/lib/channel/handshaker_registry.cc +15 -70
  398. data/src/core/lib/channel/handshaker_registry.h +29 -12
  399. data/src/core/lib/channel/status_util.h +2 -2
  400. data/src/core/lib/compression/algorithm_metadata.h +1 -0
  401. data/src/core/lib/compression/compression_args.cc +2 -1
  402. data/src/core/lib/compression/compression_internal.cc +2 -4
  403. data/src/core/lib/compression/message_compress.cc +2 -2
  404. data/src/core/lib/compression/stream_compression.cc +2 -1
  405. data/src/core/lib/compression/stream_compression.h +2 -1
  406. data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
  407. data/src/core/lib/compression/stream_compression_identity.cc +2 -1
  408. data/src/core/lib/config/core_configuration.cc +54 -0
  409. data/src/core/lib/config/core_configuration.h +108 -0
  410. data/src/core/lib/debug/stats.h +1 -0
  411. data/src/core/lib/debug/stats_data.cc +2 -1
  412. data/src/core/lib/debug/stats_data.h +1 -0
  413. data/src/core/lib/debug/trace.cc +1 -0
  414. data/src/core/lib/debug/trace.h +2 -1
  415. data/src/core/lib/event_engine/endpoint_config.cc +0 -1
  416. data/src/core/lib/event_engine/event_engine.cc +3 -3
  417. data/src/core/lib/event_engine/sockaddr.cc +3 -3
  418. data/src/core/lib/gpr/alloc.cc +4 -3
  419. data/src/core/lib/gpr/env_linux.cc +1 -2
  420. data/src/core/lib/gpr/env_posix.cc +2 -3
  421. data/src/core/lib/gpr/log.cc +3 -3
  422. data/src/core/lib/gpr/log_android.cc +3 -2
  423. data/src/core/lib/gpr/log_linux.cc +7 -4
  424. data/src/core/lib/gpr/log_posix.cc +6 -3
  425. data/src/core/lib/gpr/string.h +2 -2
  426. data/src/core/lib/gpr/sync.cc +2 -2
  427. data/src/core/lib/gpr/sync_abseil.cc +7 -6
  428. data/src/core/lib/gpr/sync_posix.cc +3 -3
  429. data/src/core/lib/gpr/time.cc +3 -2
  430. data/src/core/lib/gpr/time_windows.cc +3 -2
  431. data/src/core/lib/gpr/tls.h +120 -41
  432. data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
  433. data/src/core/lib/gprpp/arena.cc +2 -1
  434. data/src/core/lib/gprpp/arena.h +5 -5
  435. data/src/core/lib/gprpp/atomic_utils.h +47 -0
  436. data/src/core/lib/gprpp/bitset.h +166 -0
  437. data/src/core/lib/gprpp/construct_destruct.h +39 -0
  438. data/src/core/lib/gprpp/dual_ref_counted.h +25 -26
  439. data/src/core/lib/gprpp/fork.cc +14 -12
  440. data/src/core/lib/gprpp/fork.h +4 -4
  441. data/src/core/lib/gprpp/global_config.h +1 -2
  442. data/src/core/lib/gprpp/global_config_env.cc +7 -7
  443. data/src/core/lib/gprpp/global_config_generic.h +2 -2
  444. data/src/core/lib/gprpp/manual_constructor.h +8 -5
  445. data/src/core/lib/gprpp/match.h +73 -0
  446. data/src/core/lib/gprpp/memory.h +3 -3
  447. data/src/core/lib/gprpp/mpscq.cc +7 -7
  448. data/src/core/lib/gprpp/mpscq.h +6 -5
  449. data/src/core/lib/gprpp/orphanable.h +3 -3
  450. data/src/core/lib/gprpp/overload.h +59 -0
  451. data/src/core/lib/gprpp/ref_counted.h +18 -18
  452. data/src/core/lib/gprpp/status_helper.cc +4 -4
  453. data/src/core/lib/gprpp/sync.h +3 -1
  454. data/src/core/lib/gprpp/thd_posix.cc +5 -5
  455. data/src/core/lib/gprpp/thd_windows.cc +4 -11
  456. data/src/core/lib/gprpp/time_util.cc +2 -2
  457. data/src/core/lib/gprpp/time_util.h +2 -2
  458. data/src/core/lib/http/format_request.cc +1 -0
  459. data/src/core/lib/http/format_request.h +1 -0
  460. data/src/core/lib/http/httpcli.cc +9 -9
  461. data/src/core/lib/http/httpcli.h +3 -0
  462. data/src/core/lib/http/httpcli_security_connector.cc +5 -8
  463. data/src/core/lib/http/parser.h +1 -0
  464. data/src/core/lib/iomgr/buffer_list.cc +2 -1
  465. data/src/core/lib/iomgr/buffer_list.h +1 -2
  466. data/src/core/lib/iomgr/call_combiner.cc +1 -0
  467. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  468. data/src/core/lib/iomgr/combiner.cc +3 -2
  469. data/src/core/lib/iomgr/combiner.h +1 -0
  470. data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
  471. data/src/core/lib/iomgr/endpoint.cc +0 -4
  472. data/src/core/lib/iomgr/endpoint.h +1 -3
  473. data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -20
  474. data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
  475. data/src/core/lib/iomgr/endpoint_pair.h +1 -0
  476. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +1 -2
  477. data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
  478. data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
  479. data/src/core/lib/iomgr/error.h +23 -9
  480. data/src/core/lib/iomgr/error_cfstream.cc +2 -2
  481. data/src/core/lib/iomgr/error_internal.h +1 -0
  482. data/src/core/lib/iomgr/ev_epoll1_linux.cc +14 -22
  483. data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -22
  484. data/src/core/lib/iomgr/ev_poll_posix.cc +13 -25
  485. data/src/core/lib/iomgr/ev_posix.cc +1 -2
  486. data/src/core/lib/iomgr/event_engine/endpoint.cc +3 -22
  487. data/src/core/lib/iomgr/event_engine/endpoint.h +1 -2
  488. data/src/core/lib/iomgr/event_engine/iomgr.cc +17 -18
  489. data/src/core/lib/iomgr/event_engine/iomgr.h +20 -2
  490. data/src/core/lib/iomgr/event_engine/resolver.cc +2 -1
  491. data/src/core/lib/iomgr/event_engine/tcp.cc +53 -24
  492. data/src/core/lib/iomgr/exec_ctx.cc +3 -4
  493. data/src/core/lib/iomgr/exec_ctx.h +11 -19
  494. data/src/core/lib/iomgr/executor/mpmcqueue.cc +10 -9
  495. data/src/core/lib/iomgr/executor/mpmcqueue.h +4 -3
  496. data/src/core/lib/iomgr/executor/threadpool.cc +2 -2
  497. data/src/core/lib/iomgr/executor/threadpool.h +2 -1
  498. data/src/core/lib/iomgr/executor.cc +5 -6
  499. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  500. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  501. data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
  502. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  503. data/src/core/lib/iomgr/iomgr.h +2 -2
  504. data/src/core/lib/iomgr/iomgr_custom.cc +2 -2
  505. data/src/core/lib/iomgr/iomgr_custom.h +2 -2
  506. data/src/core/lib/iomgr/iomgr_internal.cc +2 -1
  507. data/src/core/lib/iomgr/iomgr_windows.cc +1 -2
  508. data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
  509. data/src/core/lib/iomgr/polling_entity.cc +2 -2
  510. data/src/core/lib/iomgr/pollset_custom.cc +3 -4
  511. data/src/core/lib/iomgr/pollset_custom.h +2 -2
  512. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -2
  513. data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
  514. data/src/core/lib/iomgr/port.h +0 -5
  515. data/src/core/lib/iomgr/python_util.h +1 -0
  516. data/src/core/lib/iomgr/resolve_address.cc +2 -1
  517. data/src/core/lib/iomgr/resolve_address.h +0 -4
  518. data/src/core/lib/iomgr/resolve_address_custom.cc +4 -4
  519. data/src/core/lib/iomgr/resolve_address_custom.h +0 -1
  520. data/src/core/lib/iomgr/resolve_address_posix.cc +2 -4
  521. data/src/core/lib/iomgr/resolve_address_windows.cc +6 -8
  522. data/src/core/lib/iomgr/resource_quota.cc +127 -42
  523. data/src/core/lib/iomgr/resource_quota.h +66 -17
  524. data/src/core/lib/iomgr/sockaddr.h +1 -1
  525. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -3
  526. data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
  527. data/src/core/lib/iomgr/socket_mutator.h +2 -2
  528. data/src/core/lib/iomgr/socket_utils_common_posix.cc +3 -3
  529. data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
  530. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  531. data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
  532. data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
  533. data/src/core/lib/iomgr/tcp_client.cc +4 -2
  534. data/src/core/lib/iomgr/tcp_client.h +4 -0
  535. data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -19
  536. data/src/core/lib/iomgr/tcp_client_custom.cc +9 -17
  537. data/src/core/lib/iomgr/tcp_client_posix.cc +24 -9
  538. data/src/core/lib/iomgr/tcp_client_posix.h +5 -2
  539. data/src/core/lib/iomgr/tcp_client_windows.cc +14 -6
  540. data/src/core/lib/iomgr/tcp_custom.cc +11 -23
  541. data/src/core/lib/iomgr/tcp_custom.h +2 -1
  542. data/src/core/lib/iomgr/tcp_posix.cc +29 -59
  543. data/src/core/lib/iomgr/tcp_posix.h +11 -12
  544. data/src/core/lib/iomgr/tcp_server.cc +6 -4
  545. data/src/core/lib/iomgr/tcp_server.h +12 -9
  546. data/src/core/lib/iomgr/tcp_server_custom.cc +15 -33
  547. data/src/core/lib/iomgr/tcp_server_posix.cc +20 -13
  548. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
  549. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -2
  550. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +3 -4
  551. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  552. data/src/core/lib/iomgr/tcp_server_windows.cc +13 -9
  553. data/src/core/lib/iomgr/tcp_windows.cc +6 -25
  554. data/src/core/lib/iomgr/tcp_windows.h +2 -1
  555. data/src/core/lib/iomgr/timer.cc +1 -0
  556. data/src/core/lib/iomgr/timer.h +1 -2
  557. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  558. data/src/core/lib/iomgr/timer_generic.cc +8 -38
  559. data/src/core/lib/iomgr/timer_generic.h +1 -0
  560. data/src/core/lib/iomgr/timer_heap.cc +1 -2
  561. data/src/core/lib/iomgr/udp_server.cc +1 -2
  562. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -5
  563. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -3
  564. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -0
  565. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -3
  566. data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -0
  567. data/src/core/lib/iomgr/work_serializer.cc +4 -4
  568. data/src/core/lib/iomgr/work_serializer.h +1 -1
  569. data/src/core/lib/json/json_reader.cc +9 -17
  570. data/src/core/lib/json/json_util.h +18 -26
  571. data/src/core/lib/matchers/matchers.h +0 -1
  572. data/src/core/lib/profiling/basic_timers.cc +8 -6
  573. data/src/core/lib/profiling/stap_timers.cc +2 -2
  574. data/src/core/lib/security/authorization/authorization_policy_provider.h +5 -4
  575. data/src/core/lib/security/authorization/evaluate_args.cc +2 -0
  576. data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +159 -0
  577. data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
  578. data/src/core/lib/security/context/security_context.cc +7 -6
  579. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
  580. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  581. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
  582. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -3
  583. data/src/core/lib/security/credentials/credentials.cc +6 -6
  584. data/src/core/lib/security/credentials/credentials.h +1 -1
  585. data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
  586. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +13 -26
  587. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -2
  588. data/src/core/lib/security/credentials/external/aws_request_signer.cc +3 -3
  589. data/src/core/lib/security/credentials/external/external_account_credentials.cc +13 -22
  590. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +2 -4
  591. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
  592. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +55 -3
  593. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -1
  594. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  595. data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
  596. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +31 -14
  597. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -3
  598. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -2
  599. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
  600. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -7
  601. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -0
  602. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -4
  603. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +4 -4
  604. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  605. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +3 -2
  606. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +10 -6
  607. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +2 -1
  608. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -5
  609. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -2
  610. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +4 -6
  611. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
  612. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -3
  613. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -7
  614. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
  615. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -3
  616. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +9 -14
  617. data/src/core/lib/security/transport/auth_filters.h +1 -0
  618. data/src/core/lib/security/transport/client_auth_filter.cc +4 -6
  619. data/src/core/lib/security/transport/secure_endpoint.cc +4 -14
  620. data/src/core/lib/security/transport/secure_endpoint.h +1 -0
  621. data/src/core/lib/security/transport/security_handshaker.cc +5 -4
  622. data/src/core/lib/security/transport/security_handshaker.h +2 -1
  623. data/src/core/lib/security/util/json_util.cc +6 -8
  624. data/src/core/lib/slice/percent_encoding.cc +73 -30
  625. data/src/core/lib/slice/percent_encoding.h +29 -28
  626. data/src/core/lib/slice/slice.cc +2 -3
  627. data/src/core/lib/slice/slice_buffer.cc +1 -2
  628. data/src/core/lib/slice/slice_intern.cc +2 -3
  629. data/src/core/lib/slice/slice_internal.h +2 -2
  630. data/src/core/lib/surface/api_trace.cc +2 -1
  631. data/src/core/lib/surface/api_trace.h +1 -0
  632. data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
  633. data/src/core/lib/surface/call.cc +9 -8
  634. data/src/core/lib/surface/call.h +3 -3
  635. data/src/core/lib/surface/call_details.cc +2 -2
  636. data/src/core/lib/surface/call_log_batch.cc +2 -2
  637. data/src/core/lib/surface/channel.cc +22 -9
  638. data/src/core/lib/surface/channel.h +14 -2
  639. data/src/core/lib/surface/channel_ping.cc +1 -2
  640. data/src/core/lib/surface/channel_stack_type.cc +2 -1
  641. data/src/core/lib/surface/completion_queue.cc +54 -64
  642. data/src/core/lib/surface/completion_queue_factory.cc +2 -1
  643. data/src/core/lib/surface/completion_queue_factory.h +1 -0
  644. data/src/core/lib/surface/event_string.cc +1 -0
  645. data/src/core/lib/surface/init.cc +4 -9
  646. data/src/core/lib/surface/init.h +0 -1
  647. data/src/core/lib/surface/init_secure.cc +23 -4
  648. data/src/core/lib/surface/lame_client.cc +6 -5
  649. data/src/core/lib/surface/metadata_array.cc +2 -2
  650. data/src/core/lib/surface/server.cc +17 -33
  651. data/src/core/lib/surface/server.h +11 -13
  652. data/src/core/lib/surface/validate_metadata.cc +44 -16
  653. data/src/core/lib/surface/version.cc +2 -2
  654. data/src/core/lib/transport/byte_stream.h +1 -0
  655. data/src/core/lib/transport/connectivity_state.cc +8 -5
  656. data/src/core/lib/transport/connectivity_state.h +2 -2
  657. data/src/core/lib/transport/error_utils.cc +1 -0
  658. data/src/core/lib/transport/metadata.cc +10 -10
  659. data/src/core/lib/transport/metadata.h +13 -11
  660. data/src/core/lib/transport/metadata_batch.h +8 -0
  661. data/src/core/lib/transport/transport_op_string.cc +2 -2
  662. data/src/core/plugin_registry/grpc_plugin_registry.cc +14 -0
  663. data/src/core/tsi/alts/crypt/aes_gcm.cc +3 -2
  664. data/src/core/tsi/alts/crypt/gsec.h +2 -3
  665. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +2 -2
  666. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
  667. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
  668. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +4 -3
  669. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
  670. data/src/core/tsi/ssl_transport_security.cc +11 -9
  671. data/src/core/tsi/ssl_transport_security.h +3 -1
  672. data/src/core/tsi/transport_security.cc +3 -3
  673. data/src/core/tsi/transport_security_grpc.h +1 -0
  674. data/src/ruby/ext/grpc/extconf.rb +1 -1
  675. data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
  676. data/src/ruby/ext/grpc/rb_call.c +5 -5
  677. data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
  678. data/src/ruby/ext/grpc/rb_channel.c +10 -8
  679. data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
  680. data/src/ruby/ext/grpc/rb_channel_credentials.c +4 -4
  681. data/src/ruby/ext/grpc/rb_channel_credentials.h +1 -0
  682. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
  683. data/src/ruby/ext/grpc/rb_compression_options.c +5 -4
  684. data/src/ruby/ext/grpc/rb_event_thread.c +4 -4
  685. data/src/ruby/ext/grpc/rb_grpc.c +5 -4
  686. data/src/ruby/ext/grpc/rb_grpc.h +1 -0
  687. data/src/ruby/ext/grpc/rb_server.c +6 -5
  688. data/src/ruby/ext/grpc/rb_server_credentials.c +3 -3
  689. data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
  690. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +8 -5
  691. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +3 -1
  692. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +6 -5
  693. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +3 -1
  694. data/src/ruby/lib/grpc/version.rb +1 -1
  695. data/third_party/boringssl-with-bazel/err_data.c +294 -292
  696. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +52 -47
  697. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  698. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +1 -1
  699. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -0
  700. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  701. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  702. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  703. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
  704. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_locl.h → internal.h} +20 -1
  705. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +1 -1
  706. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  707. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  708. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +1 -1
  709. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +1 -1
  710. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
  711. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
  712. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +5 -3
  713. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +5 -6
  714. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  715. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +5 -9
  716. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +1 -1
  717. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +4 -6
  718. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +34 -0
  719. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
  720. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
  721. data/third_party/boringssl-with-bazel/src/crypto/internal.h +23 -2
  722. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
  723. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
  724. data/third_party/boringssl-with-bazel/src/crypto/mem.c +2 -0
  725. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +7 -3
  726. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +1 -1
  727. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
  728. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
  729. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
  730. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
  731. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +2 -2
  732. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
  733. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
  734. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
  735. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +45 -2
  736. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +4 -2
  737. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -3
  738. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +6 -23
  739. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +2 -2
  740. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -0
  741. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +25 -22
  742. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +0 -4
  743. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +1 -0
  744. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +1 -3
  745. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +9 -11
  746. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
  747. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +1 -3
  748. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -3
  749. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +1 -0
  750. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +0 -2
  751. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -0
  752. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -11
  753. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -5
  754. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +160 -74
  755. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +0 -1
  756. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
  757. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +3 -0
  758. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +6 -0
  759. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +25 -0
  760. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
  761. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
  762. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +3 -0
  763. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -4
  764. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +58 -6
  765. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +184 -55
  766. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -5
  767. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +9 -16
  768. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +44 -2
  769. data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +24 -11
  770. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -0
  771. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +75 -68
  772. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +17 -9
  773. data/third_party/boringssl-with-bazel/src/ssl/internal.h +25 -6
  774. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +1 -2
  775. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +11 -5
  776. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +0 -49
  777. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +121 -65
  778. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +14 -6
  779. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +9 -11
  780. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
  781. data/third_party/upb/upb/decode.c +129 -60
  782. data/third_party/upb/upb/decode.h +32 -4
  783. data/third_party/upb/upb/decode_fast.c +513 -500
  784. data/third_party/upb/upb/decode_fast.h +27 -0
  785. data/third_party/upb/upb/{decode.int.h → decode_internal.h} +38 -8
  786. data/third_party/upb/upb/def.c +171 -181
  787. data/third_party/upb/upb/def.h +41 -19
  788. data/third_party/upb/upb/def.hpp +29 -0
  789. data/third_party/upb/upb/encode.c +49 -16
  790. data/third_party/upb/upb/encode.h +29 -2
  791. data/third_party/upb/upb/msg.c +169 -28
  792. data/third_party/upb/upb/msg.h +75 -580
  793. data/third_party/upb/upb/msg_internal.h +687 -0
  794. data/third_party/upb/upb/port_def.inc +85 -24
  795. data/third_party/upb/upb/port_undef.inc +38 -1
  796. data/third_party/upb/upb/reflection.c +29 -37
  797. data/third_party/upb/upb/reflection.h +36 -8
  798. data/third_party/upb/upb/reflection.hpp +37 -0
  799. data/third_party/upb/upb/table.c +211 -86
  800. data/third_party/upb/upb/{table.int.h → table_internal.h} +56 -180
  801. data/third_party/upb/upb/text_encode.c +32 -4
  802. data/third_party/upb/upb/text_encode.h +26 -0
  803. data/third_party/upb/upb/upb.c +59 -8
  804. data/third_party/upb/upb/upb.h +36 -6
  805. data/third_party/upb/upb/upb.hpp +24 -0
  806. data/third_party/upb/upb/upb_internal.h +58 -0
  807. metadata +64 -62
  808. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
  809. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
  810. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -243
  811. data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
  812. data/src/core/lib/gpr/tls_gcc.h +0 -52
  813. data/src/core/lib/gpr/tls_msvc.h +0 -54
  814. data/src/core/lib/gpr/tls_pthread.cc +0 -30
  815. data/src/core/lib/gpr/tls_pthread.h +0 -56
  816. data/src/core/lib/gpr/tls_stdcpp.h +0 -48
  817. data/src/core/lib/gprpp/atomic.h +0 -104
  818. data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
  819. data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
  820. data/src/core/lib/iomgr/pollset_uv.cc +0 -95
  821. data/src/core/lib/iomgr/pollset_uv.h +0 -36
  822. data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
  823. data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
  824. data/src/core/lib/iomgr/tcp_uv.cc +0 -421
  825. data/src/core/lib/iomgr/timer_uv.cc +0 -66
  826. data/third_party/upb/third_party/wyhash/wyhash.h +0 -145
  827. data/third_party/upb/upb/upb.int.h +0 -29
@@ -111,7 +111,6 @@ extern "C" {
111
111
  #define X509v3_KU_UNDEF 0xffff
112
112
 
113
113
  DEFINE_STACK_OF(X509_ALGOR)
114
- DECLARE_ASN1_SET_OF(X509_ALGOR)
115
114
 
116
115
  typedef STACK_OF(X509_ALGOR) X509_ALGORS;
117
116
 
@@ -119,11 +118,9 @@ struct X509_name_entry_st {
119
118
  ASN1_OBJECT *object;
120
119
  ASN1_STRING *value;
121
120
  int set;
122
- int size; // temp variable
123
121
  } /* X509_NAME_ENTRY */;
124
122
 
125
123
  DEFINE_STACK_OF(X509_NAME_ENTRY)
126
- DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
127
124
 
128
125
  // we always keep X509_NAMEs in 2 forms.
129
126
  struct X509_name_st {
@@ -137,19 +134,11 @@ struct X509_name_st {
137
134
 
138
135
  DEFINE_STACK_OF(X509_NAME)
139
136
 
140
- struct X509_extension_st {
141
- ASN1_OBJECT *object;
142
- ASN1_BOOLEAN critical;
143
- ASN1_OCTET_STRING *value;
144
- } /* X509_EXTENSION */;
145
-
146
137
  typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
147
138
 
148
139
  DEFINE_STACK_OF(X509_EXTENSION)
149
- DECLARE_ASN1_SET_OF(X509_EXTENSION)
150
140
 
151
141
  DEFINE_STACK_OF(X509_ATTRIBUTE)
152
- DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
153
142
 
154
143
  struct x509_cinf_st {
155
144
  ASN1_INTEGER *version; // [ 0 ] default of v1
@@ -199,7 +188,6 @@ struct x509_st {
199
188
  } /* X509 */;
200
189
 
201
190
  DEFINE_STACK_OF(X509)
202
- DECLARE_ASN1_SET_OF(X509)
203
191
 
204
192
  // This is used for a table of trust checking functions
205
193
 
@@ -321,45 +309,10 @@ struct x509_revoked_st {
321
309
  };
322
310
 
323
311
  DEFINE_STACK_OF(X509_REVOKED)
324
- DECLARE_ASN1_SET_OF(X509_REVOKED)
325
-
326
- struct X509_crl_info_st {
327
- ASN1_INTEGER *version;
328
- X509_ALGOR *sig_alg;
329
- X509_NAME *issuer;
330
- ASN1_TIME *lastUpdate;
331
- ASN1_TIME *nextUpdate;
332
- STACK_OF(X509_REVOKED) *revoked;
333
- STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
334
- ASN1_ENCODING enc;
335
- } /* X509_CRL_INFO */;
336
312
 
337
313
  DECLARE_STACK_OF(GENERAL_NAMES)
338
314
 
339
- struct X509_crl_st {
340
- // actual signature
341
- X509_CRL_INFO *crl;
342
- X509_ALGOR *sig_alg;
343
- ASN1_BIT_STRING *signature;
344
- CRYPTO_refcount_t references;
345
- int flags;
346
- // Copies of various extensions
347
- AUTHORITY_KEYID *akid;
348
- ISSUING_DIST_POINT *idp;
349
- // Convenient breakdown of IDP
350
- int idp_flags;
351
- int idp_reasons;
352
- // CRL and base CRL numbers for delta processing
353
- ASN1_INTEGER *crl_number;
354
- ASN1_INTEGER *base_crl_number;
355
- unsigned char sha1_hash[SHA_DIGEST_LENGTH];
356
- STACK_OF(GENERAL_NAMES) *issuers;
357
- const X509_CRL_METHOD *meth;
358
- void *meth_data;
359
- } /* X509_CRL */;
360
-
361
315
  DEFINE_STACK_OF(X509_CRL)
362
- DECLARE_ASN1_SET_OF(X509_CRL)
363
316
 
364
317
  struct private_key_st {
365
318
  int version;
@@ -1048,7 +1001,6 @@ OPENSSL_EXPORT void X509_trust_clear(X509 *x);
1048
1001
  OPENSSL_EXPORT void X509_reject_clear(X509 *x);
1049
1002
 
1050
1003
  DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
1051
- DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
1052
1004
  DECLARE_ASN1_FUNCTIONS(X509_CRL)
1053
1005
 
1054
1006
  OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
@@ -1074,9 +1026,10 @@ OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
1074
1026
  void *data, unsigned char *md,
1075
1027
  unsigned int *len);
1076
1028
 
1077
- OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
1078
- ASN1_BIT_STRING *signature, void *data,
1079
- EVP_PKEY *pkey);
1029
+ OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
1030
+ const X509_ALGOR *algor1,
1031
+ const ASN1_BIT_STRING *signature,
1032
+ void *data, EVP_PKEY *pkey);
1080
1033
 
1081
1034
  OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
1082
1035
  X509_ALGOR *algor2,
@@ -1486,28 +1439,90 @@ OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
1486
1439
  const X509_NAME_ENTRY *ne);
1487
1440
  OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
1488
1441
 
1442
+ // X509v3_get_ext_count returns the number of extensions in |x|.
1489
1443
  OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1444
+
1445
+ // X509v3_get_ext_by_NID returns the index of the first extension in |x| with
1446
+ // type |nid|, or a negative number if not found. If found, callers can use
1447
+ // |X509v3_get_ext| to look up the extension by index.
1448
+ //
1449
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1450
+ // can thus loop over all matching extensions by first passing -1 and then
1451
+ // passing the previously-returned value until no match is returned.
1490
1452
  OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1491
1453
  int nid, int lastpos);
1454
+
1455
+ // X509v3_get_ext_by_OBJ behaves like |X509v3_get_ext_by_NID| but looks for
1456
+ // extensions matching |obj|.
1492
1457
  OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1493
1458
  const ASN1_OBJECT *obj, int lastpos);
1459
+
1460
+ // X509v3_get_ext_by_critical returns the index of the first extension in |x|
1461
+ // whose critical bit matches |crit|, or a negative number if no such extension
1462
+ // was found.
1463
+ //
1464
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1465
+ // can thus loop over all matching extensions by first passing -1 and then
1466
+ // passing the previously-returned value until no match is returned.
1494
1467
  OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1495
1468
  int crit, int lastpos);
1469
+
1470
+ // X509v3_get_ext returns the extension in |x| at index |loc|, or NULL if |loc|
1471
+ // is out of bounds.
1496
1472
  OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
1497
1473
  int loc);
1474
+
1475
+ // X509v3_delete_ext removes the extension in |x| at index |loc| and returns the
1476
+ // removed extension, or NULL if |loc| was out of bounds. If an extension was
1477
+ // returned, the caller must release it with |X509_EXTENSION_free|.
1498
1478
  OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
1499
1479
  int loc);
1480
+
1481
+ // X509v3_add_ext adds a copy of |ex| to the extension list in |*x|. If |*x| is
1482
+ // NULL, it allocates a new |STACK_OF(X509_EXTENSION)| to hold the copy and sets
1483
+ // |*x| to the new list. It returns |*x| on success and NULL on error. The
1484
+ // caller retains ownership of |ex| and can release it independently of |*x|.
1485
+ //
1486
+ // The new extension is inserted at index |loc|, shifting extensions to the
1487
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1488
+ // list.
1500
1489
  OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
1501
1490
  STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc);
1502
1491
 
1492
+ // X509_get_ext_count returns the number of extensions in |x|.
1503
1493
  OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
1494
+
1495
+ // X509_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
1496
+ // extensions in |x|.
1504
1497
  OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
1498
+
1499
+ // X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
1500
+ // extensions in |x|.
1505
1501
  OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
1506
1502
  int lastpos);
1503
+
1504
+ // X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
1505
+ // searches for extensions in |x|.
1507
1506
  OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
1508
1507
  int lastpos);
1508
+
1509
+ // X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is
1510
+ // out of bounds.
1509
1511
  OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
1512
+
1513
+ // X509_delete_ext removes the extension in |x| at index |loc| and returns the
1514
+ // removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
1515
+ // caller must release the result with |X509_EXTENSION_free|. It is also safe,
1516
+ // but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
1510
1517
  OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1518
+
1519
+ // X509_add_ext adds a copy of |ex| to |x|. It returns one on success and zero
1520
+ // on failure. The caller retains ownership of |ex| and can release it
1521
+ // independently of |x|.
1522
+ //
1523
+ // The new extension is inserted at index |loc|, shifting extensions to the
1524
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1525
+ // list.
1511
1526
  OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1512
1527
 
1513
1528
  // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
@@ -1527,15 +1542,41 @@ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
1527
1542
  OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1528
1543
  unsigned long flags);
1529
1544
 
1545
+ // X509_CRL_get_ext_count returns the number of extensions in |x|.
1530
1546
  OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
1547
+
1548
+ // X509_CRL_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
1549
+ // extensions in |x|.
1531
1550
  OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
1532
1551
  int lastpos);
1552
+
1553
+ // X509_CRL_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
1554
+ // extensions in |x|.
1533
1555
  OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
1534
1556
  const ASN1_OBJECT *obj, int lastpos);
1557
+
1558
+ // X509_CRL_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
1559
+ // searches for extensions in |x|.
1535
1560
  OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
1536
1561
  int lastpos);
1562
+
1563
+ // X509_CRL_get_ext returns the extension in |x| at index |loc|, or NULL if
1564
+ // |loc| is out of bounds.
1537
1565
  OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
1566
+
1567
+ // X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
1568
+ // the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
1569
+ // caller must release the result with |X509_EXTENSION_free|. It is also safe,
1570
+ // but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
1538
1571
  OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1572
+
1573
+ // X509_CRL_add_ext adds a copy of |ex| to |x|. It returns one on success and
1574
+ // zero on failure. The caller retains ownership of |ex| and can release it
1575
+ // independently of |x|.
1576
+ //
1577
+ // The new extension is inserted at index |loc|, shifting extensions to the
1578
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1579
+ // list.
1539
1580
  OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1540
1581
 
1541
1582
  // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
@@ -1555,18 +1596,45 @@ OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
1555
1596
  OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
1556
1597
  int crit, unsigned long flags);
1557
1598
 
1599
+ // X509_REVOKED_get_ext_count returns the number of extensions in |x|.
1558
1600
  OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
1601
+
1602
+ // X509_REVOKED_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches
1603
+ // for extensions in |x|.
1559
1604
  OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
1560
1605
  int lastpos);
1606
+
1607
+ // X509_REVOKED_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches
1608
+ // for extensions in |x|.
1561
1609
  OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
1562
1610
  const ASN1_OBJECT *obj,
1563
1611
  int lastpos);
1612
+
1613
+ // X509_REVOKED_get_ext_by_critical behaves like |X509v3_get_ext_by_critical|
1614
+ // but searches for extensions in |x|.
1564
1615
  OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
1565
1616
  int crit, int lastpos);
1617
+
1618
+ // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
1619
+ // |loc| is out of bounds.
1566
1620
  OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
1567
1621
  int loc);
1622
+
1623
+ // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
1624
+ // returns the removed extension, or NULL if |loc| was out of bounds. If
1625
+ // non-NULL, the caller must release the result with |X509_EXTENSION_free|. It
1626
+ // is also safe, but not necessary, to call |X509_EXTENSION_free| if the result
1627
+ // is NULL.
1568
1628
  OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1569
1629
  int loc);
1630
+
1631
+ // X509_REVOKED_add_ext adds a copy of |ex| to |x|. It returns one on success
1632
+ // and zero on failure. The caller retains ownership of |ex| and can release it
1633
+ // independently of |x|.
1634
+ //
1635
+ // The new extension is inserted at index |loc|, shifting extensions to the
1636
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1637
+ // list.
1570
1638
  OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
1571
1639
  int loc);
1572
1640
 
@@ -1589,43 +1657,103 @@ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
1589
1657
  void *value, int crit,
1590
1658
  unsigned long flags);
1591
1659
 
1660
+ // X509_EXTENSION_create_by_NID creates a new |X509_EXTENSION| with type |nid|,
1661
+ // value |data|, and critical bit |crit|. It returns the newly-allocated
1662
+ // |X509_EXTENSION| on success, and false on error. |nid| should be a |NID_*|
1663
+ // constant.
1664
+ //
1665
+ // If |ex| and |*ex| are both non-NULL, it modifies and returns |*ex| instead of
1666
+ // creating a new object. If |ex| is non-NULL, but |*ex| is NULL, it sets |*ex|
1667
+ // to the new |X509_EXTENSION|, in addition to returning the result.
1592
1668
  OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
1593
1669
  X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
1670
+
1671
+ // X509_EXTENSION_create_by_OBJ behaves like |X509_EXTENSION_create_by_NID|, but
1672
+ // the extension type is determined by an |ASN1_OBJECT|.
1594
1673
  OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
1595
1674
  X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
1596
1675
  const ASN1_OCTET_STRING *data);
1676
+
1677
+ // X509_EXTENSION_set_object sets |ex|'s extension type to |obj|. It returns one
1678
+ // on success and zero on error.
1597
1679
  OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
1598
1680
  const ASN1_OBJECT *obj);
1681
+
1682
+ // X509_EXTENSION_set_critical sets |ex| to critical if |crit| is non-zero and
1683
+ // to non-critical if |crit| is zero.
1599
1684
  OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1685
+
1686
+ // X509_EXTENSION_set_data set's |ex|'s extension value to a copy of |data|. It
1687
+ // returns one on success and zero on error.
1600
1688
  OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1601
1689
  const ASN1_OCTET_STRING *data);
1690
+
1691
+ // X509_EXTENSION_get_object returns |ex|'s extension type.
1602
1692
  OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
1693
+
1694
+ // X509_EXTENSION_get_data returns |ne|'s extension value.
1603
1695
  OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1604
- OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
1605
1696
 
1697
+ // X509_EXTENSION_get_critical returns one if |ex| is critical and zero
1698
+ // otherwise.
1699
+ OPENSSL_EXPORT int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
1700
+
1701
+ // X509at_get_attr_count returns the number of attributes in |x|.
1606
1702
  OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1703
+
1704
+ // X509at_get_attr_by_NID returns the index of the attribute in |x| of type
1705
+ // |nid|, or a negative number if not found. If found, callers can use
1706
+ // |X509at_get_attr| to look up the attribute by index.
1707
+ //
1708
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1709
+ // can thus loop over all matching attributes by first passing -1 and then
1710
+ // passing the previously-returned value until no match is returned.
1607
1711
  OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x,
1608
1712
  int nid, int lastpos);
1713
+
1714
+ // X509at_get_attr_by_OBJ behaves like |X509at_get_attr_by_NID| but looks for
1715
+ // attributes of type |obj|.
1609
1716
  OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
1610
1717
  const ASN1_OBJECT *obj, int lastpos);
1718
+
1719
+ // X509at_get_attr returns the attribute at index |loc| in |x|, or NULL if
1720
+ // out of bounds.
1611
1721
  OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(
1612
1722
  const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1723
+
1724
+ // X509at_delete_attr removes the attribute at index |loc| in |x|. It returns
1725
+ // the removed attribute to the caller, or NULL if |loc| was out of bounds. If
1726
+ // non-NULL, the caller must release the result with |X509_ATTRIBUTE_free| when
1727
+ // done. It is also safe, but not necessary, to call |X509_ATTRIBUTE_free| if
1728
+ // the result is NULL.
1613
1729
  OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x,
1614
1730
  int loc);
1731
+
1732
+ // X509at_add1_attr appends a copy of |attr| to the attribute list in |*x|. If
1733
+ // |*x| is NULL, it allocates a new |STACK_OF(X509_ATTRIBUTE)| to hold the copy
1734
+ // and sets |*x| to the new list. It returns |*x| on success and NULL on error.
1735
+ // The caller retains ownership of |attr| and can release it independently of
1736
+ // |*x|.
1615
1737
  OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(
1616
1738
  STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr);
1739
+
1740
+ // X509at_add1_attr_by_OBJ behaves like |X509at_add1_attr|, but adds an
1741
+ // attribute created by |X509_ATTRIBUTE_create_by_OBJ|.
1617
1742
  OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(
1618
1743
  STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type,
1619
1744
  const unsigned char *bytes, int len);
1745
+
1746
+ // X509at_add1_attr_by_NID behaves like |X509at_add1_attr|, but adds an
1747
+ // attribute created by |X509_ATTRIBUTE_create_by_NID|.
1620
1748
  OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(
1621
1749
  STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, const unsigned char *bytes,
1622
1750
  int len);
1751
+
1752
+ // X509at_add1_attr_by_txt behaves like |X509at_add1_attr|, but adds an
1753
+ // attribute created by |X509_ATTRIBUTE_create_by_txt|.
1623
1754
  OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(
1624
1755
  STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type,
1625
1756
  const unsigned char *bytes, int len);
1626
- OPENSSL_EXPORT void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
1627
- ASN1_OBJECT *obj, int lastpos,
1628
- int type);
1629
1757
 
1630
1758
  // X509_ATTRIBUTE_create_by_NID returns a newly-allocated |X509_ATTRIBUTE| of
1631
1759
  // type |nid|, or NULL on error. The value is determined as in
@@ -1826,6 +1954,7 @@ BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
1826
1954
  BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)
1827
1955
  BORINGSSL_MAKE_DELETER(X509_SIG, X509_SIG_free)
1828
1956
  BORINGSSL_MAKE_DELETER(X509_STORE, X509_STORE_free)
1957
+ BORINGSSL_MAKE_UP_REF(X509_STORE, X509_STORE_up_ref)
1829
1958
  BORINGSSL_MAKE_DELETER(X509_STORE_CTX, X509_STORE_CTX_free)
1830
1959
  BORINGSSL_MAKE_DELETER(X509_VERIFY_PARAM, X509_VERIFY_PARAM_free)
1831
1960
 
@@ -206,7 +206,6 @@ typedef struct GENERAL_NAME_st {
206
206
  } GENERAL_NAME;
207
207
 
208
208
  DEFINE_STACK_OF(GENERAL_NAME)
209
- DECLARE_ASN1_SET_OF(GENERAL_NAME)
210
209
 
211
210
  typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
212
211
 
@@ -218,7 +217,6 @@ typedef struct ACCESS_DESCRIPTION_st {
218
217
  } ACCESS_DESCRIPTION;
219
218
 
220
219
  DEFINE_STACK_OF(ACCESS_DESCRIPTION)
221
- DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
222
220
 
223
221
  typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
224
222
 
@@ -258,7 +256,6 @@ struct DIST_POINT_st {
258
256
  typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
259
257
 
260
258
  DEFINE_STACK_OF(DIST_POINT)
261
- DECLARE_ASN1_SET_OF(DIST_POINT)
262
259
 
263
260
  struct AUTHORITY_KEYID_st {
264
261
  ASN1_OCTET_STRING *keyid;
@@ -286,7 +283,6 @@ typedef struct POLICYQUALINFO_st {
286
283
  } POLICYQUALINFO;
287
284
 
288
285
  DEFINE_STACK_OF(POLICYQUALINFO)
289
- DECLARE_ASN1_SET_OF(POLICYQUALINFO)
290
286
 
291
287
  typedef struct POLICYINFO_st {
292
288
  ASN1_OBJECT *policyid;
@@ -296,7 +292,6 @@ typedef struct POLICYINFO_st {
296
292
  typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
297
293
 
298
294
  DEFINE_STACK_OF(POLICYINFO)
299
- DECLARE_ASN1_SET_OF(POLICYINFO)
300
295
 
301
296
  typedef struct POLICY_MAPPING_st {
302
297
  ASN1_OBJECT *issuerDomainPolicy;
@@ -778,11 +778,9 @@ static int send_flight(SSL *ssl) {
778
778
 
779
779
  dtls1_update_mtu(ssl);
780
780
 
781
- int ret = -1;
782
- uint8_t *packet = (uint8_t *)OPENSSL_malloc(ssl->d1->mtu);
783
- if (packet == NULL) {
784
- OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
785
- goto err;
781
+ Array<uint8_t> packet;
782
+ if (!packet.Init(ssl->d1->mtu)) {
783
+ return -1;
786
784
  }
787
785
 
788
786
  while (ssl->d1->outgoing_written < ssl->d1->outgoing_messages_len) {
@@ -790,31 +788,26 @@ static int send_flight(SSL *ssl) {
790
788
  uint32_t old_offset = ssl->d1->outgoing_offset;
791
789
 
792
790
  size_t packet_len;
793
- if (!seal_next_packet(ssl, packet, &packet_len, ssl->d1->mtu)) {
794
- goto err;
791
+ if (!seal_next_packet(ssl, packet.data(), &packet_len, packet.size())) {
792
+ return -1;
795
793
  }
796
794
 
797
- int bio_ret = BIO_write(ssl->wbio.get(), packet, packet_len);
795
+ int bio_ret = BIO_write(ssl->wbio.get(), packet.data(), packet_len);
798
796
  if (bio_ret <= 0) {
799
797
  // Retry this packet the next time around.
800
798
  ssl->d1->outgoing_written = old_written;
801
799
  ssl->d1->outgoing_offset = old_offset;
802
800
  ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
803
- ret = bio_ret;
804
- goto err;
801
+ return bio_ret;
805
802
  }
806
803
  }
807
804
 
808
805
  if (BIO_flush(ssl->wbio.get()) <= 0) {
809
806
  ssl->s3->rwstate = SSL_ERROR_WANT_WRITE;
810
- goto err;
807
+ return -1;
811
808
  }
812
809
 
813
- ret = 1;
814
-
815
- err:
816
- OPENSSL_free(packet);
817
- return ret;
810
+ return 1;
818
811
  }
819
812
 
820
813
  int dtls1_flush_flight(SSL *ssl) {
@@ -40,7 +40,8 @@
40
40
  BSSL_NAMESPACE_BEGIN
41
41
 
42
42
  // ECH reuses the extension code point for the version number.
43
- static const uint16_t kECHConfigVersion = TLSEXT_TYPE_encrypted_client_hello;
43
+ static constexpr uint16_t kECHConfigVersion =
44
+ TLSEXT_TYPE_encrypted_client_hello;
44
45
 
45
46
  static const decltype(&EVP_hpke_aes_128_gcm) kSupportedAEADs[] = {
46
47
  &EVP_hpke_aes_128_gcm,
@@ -993,6 +994,47 @@ int SSL_set1_ech_config_list(SSL *ssl, const uint8_t *ech_config_list,
993
994
  return ssl->config->client_ech_config_list.CopyFrom(span);
994
995
  }
995
996
 
997
+ void SSL_get0_ech_name_override(const SSL *ssl, const char **out_name,
998
+ size_t *out_name_len) {
999
+ // When ECH is rejected, we use the public name. Note that, if
1000
+ // |SSL_CTX_set_reverify_on_resume| is enabled, we reverify the certificate
1001
+ // before the 0-RTT point. If also offering ECH, we verify as if
1002
+ // ClientHelloInner was accepted and do not override. This works because, at
1003
+ // this point, |ech_status| will be |ssl_ech_none|. See the
1004
+ // ECH-Client-Reject-EarlyDataReject-OverrideNameOnRetry tests in runner.go.
1005
+ const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
1006
+ if (!ssl->server && hs && ssl->s3->ech_status == ssl_ech_rejected) {
1007
+ *out_name = reinterpret_cast<const char *>(
1008
+ hs->selected_ech_config->public_name.data());
1009
+ *out_name_len = hs->selected_ech_config->public_name.size();
1010
+ } else {
1011
+ *out_name = nullptr;
1012
+ *out_name_len = 0;
1013
+ }
1014
+ }
1015
+
1016
+ void SSL_get0_ech_retry_configs(
1017
+ const SSL *ssl, const uint8_t **out_retry_configs,
1018
+ size_t *out_retry_configs_len) {
1019
+ const SSL_HANDSHAKE *hs = ssl->s3->hs.get();
1020
+ if (!hs || !hs->ech_authenticated_reject) {
1021
+ // It is an error to call this function except in response to
1022
+ // |SSL_R_ECH_REJECTED|. Returning an empty string risks the caller
1023
+ // mistakenly believing the server has disabled ECH. Instead, return a
1024
+ // non-empty ECHConfigList with a syntax error, so the subsequent
1025
+ // |SSL_set1_ech_config_list| call will fail.
1026
+ assert(0);
1027
+ static const uint8_t kPlaceholder[] = {
1028
+ kECHConfigVersion >> 8, kECHConfigVersion & 0xff, 0xff, 0xff, 0xff};
1029
+ *out_retry_configs = kPlaceholder;
1030
+ *out_retry_configs_len = sizeof(kPlaceholder);
1031
+ return;
1032
+ }
1033
+
1034
+ *out_retry_configs = hs->ech_retry_configs.data();
1035
+ *out_retry_configs_len = hs->ech_retry_configs.size();
1036
+ }
1037
+
996
1038
  int SSL_marshal_ech_config(uint8_t **out, size_t *out_len, uint8_t config_id,
997
1039
  const EVP_HPKE_KEY *key, const char *public_name,
998
1040
  size_t max_name_len) {
@@ -1129,5 +1171,5 @@ int SSL_ech_accepted(const SSL *ssl) {
1129
1171
  return ssl->s3->hs->selected_ech_config != nullptr;
1130
1172
  }
1131
1173
 
1132
- return ssl->s3->ech_accept;
1174
+ return ssl->s3->ech_status == ssl_ech_accepted;
1133
1175
  }
@@ -654,6 +654,11 @@ static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
654
654
  return false;
655
655
  }
656
656
 
657
+ if (!ssl_is_valid_ech_config_list(*contents)) {
658
+ *out_alert = SSL_AD_DECODE_ERROR;
659
+ return false;
660
+ }
661
+
657
662
  // The server may only send retry configs in response to ClientHelloOuter (or
658
663
  // ECH GREASE), not ClientHelloInner. The unsolicited extension rule checks
659
664
  // this implicitly because the ClientHelloInner has no encrypted_client_hello
@@ -663,14 +668,13 @@ static bool ext_ech_parse_serverhello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
663
668
  // https://github.com/tlswg/draft-ietf-tls-esni/pull/422 is merged, a later
664
669
  // draft will fold encrypted_client_hello and ech_is_inner together. Then this
665
670
  // assert should become a runtime check.
666
- assert(!ssl->s3->ech_accept);
667
-
668
- // TODO(https://crbug.com/boringssl/275): When the implementing the
669
- // ClientHelloOuter flow, save the retry configs.
670
- if (!ssl_is_valid_ech_config_list(*contents)) {
671
- *out_alert = SSL_AD_DECODE_ERROR;
671
+ assert(ssl->s3->ech_status != ssl_ech_accepted);
672
+ if (hs->selected_ech_config &&
673
+ !hs->ech_retry_configs.CopyFrom(*contents)) {
674
+ *out_alert = SSL_AD_INTERNAL_ERROR;
672
675
  return false;
673
676
  }
677
+
674
678
  return true;
675
679
  }
676
680
 
@@ -685,8 +689,8 @@ static bool ext_ech_parse_clienthello(SSL_HANDSHAKE *hs, uint8_t *out_alert,
685
689
 
686
690
  static bool ext_ech_add_serverhello(SSL_HANDSHAKE *hs, CBB *out) {
687
691
  SSL *const ssl = hs->ssl;
688
- if (ssl_protocol_version(ssl) < TLS1_3_VERSION || //
689
- ssl->s3->ech_accept || //
692
+ if (ssl_protocol_version(ssl) < TLS1_3_VERSION ||
693
+ ssl->s3->ech_status == ssl_ech_accepted || //
690
694
  hs->ech_keys == nullptr) {
691
695
  return true;
692
696
  }
@@ -1634,12 +1638,21 @@ static bool ext_channel_id_add_clienthello(const SSL_HANDSHAKE *hs, CBB *out,
1634
1638
  CBB *out_compressible,
1635
1639
  ssl_client_hello_type_t type) {
1636
1640
  const SSL *const ssl = hs->ssl;
1637
- if (!hs->config->channel_id_private || SSL_is_dtls(ssl)) {
1641
+ if (!hs->config->channel_id_private || SSL_is_dtls(ssl) ||
1642
+ // Don't offer Channel ID in ClientHelloOuter. ClientHelloOuter handshakes
1643
+ // are not authenticated for the name that can learn the Channel ID.
1644
+ //
1645
+ // We could alternatively offer the extension but sign with a random key.
1646
+ // For other extensions, we try to align |ssl_client_hello_outer| and
1647
+ // |ssl_client_hello_unencrypted|, to improve the effectiveness of ECH
1648
+ // GREASE. However, Channel ID is deprecated and unlikely to be used with
1649
+ // ECH, so do the simplest thing.
1650
+ type == ssl_client_hello_outer) {
1638
1651
  return true;
1639
1652
  }
1640
1653
 
1641
- if (!CBB_add_u16(out_compressible, TLSEXT_TYPE_channel_id) ||
1642
- !CBB_add_u16(out_compressible, 0 /* length */)) {
1654
+ if (!CBB_add_u16(out, TLSEXT_TYPE_channel_id) ||
1655
+ !CBB_add_u16(out, 0 /* length */)) {
1643
1656
  return false;
1644
1657
  }
1645
1658
 
@@ -128,6 +128,7 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
128
128
  : ssl(ssl_arg),
129
129
  ech_present(false),
130
130
  ech_is_inner_present(false),
131
+ ech_authenticated_reject(false),
131
132
  scts_requested(false),
132
133
  handshake_finalized(false),
133
134
  accept_psk_mode(false),
@@ -715,6 +716,10 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
715
716
  return -1;
716
717
 
717
718
  case ssl_hs_early_return:
719
+ if (!ssl->server) {
720
+ // On ECH reject, the handshake should never complete.
721
+ assert(ssl->s3->ech_status != ssl_ech_rejected);
722
+ }
718
723
  *out_early_return = true;
719
724
  hs->wait = ssl_hs_ok;
720
725
  return 1;
@@ -734,6 +739,10 @@ int ssl_run_handshake(SSL_HANDSHAKE *hs, bool *out_early_return) {
734
739
  return -1;
735
740
  }
736
741
  if (hs->wait == ssl_hs_ok) {
742
+ if (!ssl->server) {
743
+ // On ECH reject, the handshake should never complete.
744
+ assert(ssl->s3->ech_status != ssl_ech_rejected);
745
+ }
737
746
  // The handshake has completed.
738
747
  *out_early_return = false;
739
748
  return 1;