grpc 1.40.0 → 1.41.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (827) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +27 -36
  3. data/include/grpc/byte_buffer.h +1 -1
  4. data/include/grpc/byte_buffer_reader.h +1 -1
  5. data/include/grpc/event_engine/endpoint_config.h +6 -11
  6. data/include/grpc/event_engine/event_engine.h +63 -58
  7. data/include/grpc/event_engine/port.h +1 -3
  8. data/include/grpc/event_engine/slice_allocator.h +6 -1
  9. data/include/grpc/fork.h +1 -1
  10. data/include/grpc/grpc.h +10 -4
  11. data/include/grpc/grpc_posix.h +5 -2
  12. data/include/grpc/impl/codegen/atm.h +5 -3
  13. data/include/grpc/impl/codegen/atm_gcc_atomic.h +2 -0
  14. data/include/grpc/impl/codegen/atm_gcc_sync.h +2 -0
  15. data/include/grpc/impl/codegen/atm_windows.h +2 -0
  16. data/include/grpc/impl/codegen/byte_buffer.h +2 -0
  17. data/include/grpc/impl/codegen/byte_buffer_reader.h +2 -0
  18. data/include/grpc/impl/codegen/compression_types.h +2 -0
  19. data/include/grpc/impl/codegen/connectivity_state.h +2 -0
  20. data/include/grpc/impl/codegen/fork.h +2 -0
  21. data/include/grpc/impl/codegen/gpr_slice.h +2 -0
  22. data/include/grpc/impl/codegen/gpr_types.h +2 -0
  23. data/include/grpc/impl/codegen/grpc_types.h +4 -5
  24. data/include/grpc/impl/codegen/log.h +2 -0
  25. data/include/grpc/impl/codegen/port_platform.h +26 -22
  26. data/include/grpc/impl/codegen/propagation_bits.h +2 -0
  27. data/include/grpc/impl/codegen/slice.h +2 -0
  28. data/include/grpc/impl/codegen/status.h +2 -0
  29. data/include/grpc/impl/codegen/sync.h +8 -5
  30. data/include/grpc/impl/codegen/sync_abseil.h +2 -0
  31. data/include/grpc/impl/codegen/sync_custom.h +2 -0
  32. data/include/grpc/impl/codegen/sync_generic.h +3 -0
  33. data/include/grpc/impl/codegen/sync_posix.h +4 -2
  34. data/include/grpc/impl/codegen/sync_windows.h +2 -0
  35. data/include/grpc/slice.h +1 -1
  36. data/include/grpc/status.h +1 -1
  37. data/include/grpc/support/atm.h +1 -1
  38. data/include/grpc/support/atm_gcc_atomic.h +1 -1
  39. data/include/grpc/support/atm_gcc_sync.h +1 -1
  40. data/include/grpc/support/atm_windows.h +1 -1
  41. data/include/grpc/support/log.h +1 -1
  42. data/include/grpc/support/port_platform.h +1 -1
  43. data/include/grpc/support/sync.h +1 -1
  44. data/include/grpc/support/sync_abseil.h +1 -1
  45. data/include/grpc/support/sync_custom.h +1 -1
  46. data/include/grpc/support/sync_generic.h +1 -1
  47. data/include/grpc/support/sync_posix.h +1 -1
  48. data/include/grpc/support/sync_windows.h +1 -1
  49. data/include/grpc/support/time.h +2 -2
  50. data/src/core/ext/filters/census/grpc_context.cc +1 -0
  51. data/src/core/ext/filters/client_channel/backend_metric.cc +0 -1
  52. data/src/core/ext/filters/client_channel/backup_poller.h +1 -0
  53. data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -2
  54. data/src/core/ext/filters/client_channel/client_channel.cc +24 -52
  55. data/src/core/ext/filters/client_channel/client_channel.h +3 -3
  56. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +6 -5
  57. data/src/core/ext/filters/client_channel/client_channel_channelz.h +1 -1
  58. data/src/core/ext/filters/client_channel/client_channel_factory.cc +1 -0
  59. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +8 -1
  60. data/src/core/ext/filters/client_channel/config_selector.cc +1 -0
  61. data/src/core/ext/filters/client_channel/health/health_check_client.cc +7 -6
  62. data/src/core/ext/filters/client_channel/health/health_check_client.h +4 -3
  63. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -7
  64. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +10 -2
  65. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +2 -2
  66. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +2 -8
  67. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  68. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +2 -2
  69. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +2 -2
  70. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -1
  71. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +14 -23
  72. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +1 -0
  73. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +2 -2
  74. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +2 -8
  75. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +15 -18
  76. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +10 -7
  77. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -8
  78. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +2 -3
  79. data/src/core/ext/filters/client_channel/lb_policy.h +11 -44
  80. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -7
  81. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -10
  82. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +1 -0
  83. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
  84. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +6 -5
  85. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +14 -19
  86. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -0
  87. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  88. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +5 -5
  89. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +5 -8
  90. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +2 -3
  91. data/src/core/ext/filters/client_idle/client_idle_filter.cc +36 -30
  92. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -6
  93. data/src/core/ext/filters/fault_injection/service_config_parser.cc +6 -13
  94. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -2
  95. data/src/core/ext/filters/http/client_authority_filter.cc +2 -1
  96. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +2 -1
  97. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +7 -8
  98. data/src/core/ext/filters/http/server/http_server_filter.cc +5 -3
  99. data/src/core/ext/filters/message_size/message_size_filter.cc +9 -13
  100. data/src/core/ext/transport/chttp2/alpn/alpn.cc +2 -1
  101. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +29 -12
  102. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -0
  103. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +2 -3
  104. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +10 -6
  105. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +2 -3
  106. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +60 -37
  107. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +0 -1
  108. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +12 -6
  109. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +5 -9
  110. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +3 -1
  111. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +2 -1
  112. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +1 -0
  113. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +4 -3
  114. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +2 -2
  115. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +24 -30
  116. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +4 -1
  117. data/src/core/ext/transport/chttp2/transport/context_list.h +1 -2
  118. data/src/core/ext/transport/chttp2/transport/flow_control.cc +39 -23
  119. data/src/core/ext/transport/chttp2/transport/flow_control.h +9 -3
  120. data/src/core/ext/transport/chttp2/transport/frame_data.cc +7 -7
  121. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -0
  122. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -3
  123. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -0
  124. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -4
  125. data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -0
  126. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -5
  127. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -0
  128. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +36 -5
  129. data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -0
  130. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +12 -7
  131. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -0
  132. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +41 -0
  133. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +272 -666
  134. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +236 -70
  135. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +107 -0
  136. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +86 -0
  137. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +69 -0
  138. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +776 -1037
  139. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +48 -169
  140. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +159 -0
  141. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +130 -0
  142. data/src/core/ext/transport/chttp2/transport/hpack_utils.cc +46 -0
  143. data/src/core/ext/transport/chttp2/transport/hpack_utils.h +30 -0
  144. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -2
  145. data/src/core/ext/transport/chttp2/transport/internal.h +2 -2
  146. data/src/core/ext/transport/chttp2/transport/parsing.cc +20 -30
  147. data/src/core/ext/transport/chttp2/transport/popularity_count.h +60 -0
  148. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +2 -2
  149. data/src/core/ext/transport/chttp2/transport/varint.cc +7 -3
  150. data/src/core/ext/transport/chttp2/transport/varint.h +39 -28
  151. data/src/core/ext/transport/chttp2/transport/writing.cc +32 -28
  152. data/src/core/ext/transport/inproc/inproc_transport.cc +6 -4
  153. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +96 -96
  154. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +221 -89
  155. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +1 -1
  156. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +1 -1
  157. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +3 -3
  158. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +11 -5
  159. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +48 -48
  160. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +151 -61
  161. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +99 -99
  162. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +171 -69
  163. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +15 -15
  164. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +31 -13
  165. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +126 -127
  166. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +229 -101
  167. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +4 -4
  168. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +11 -5
  169. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +23 -23
  170. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +11 -5
  171. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +28 -28
  172. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +71 -29
  173. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +4 -4
  174. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +11 -5
  175. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +82 -82
  176. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +201 -81
  177. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +24 -24
  178. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +51 -21
  179. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +3 -3
  180. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +11 -5
  181. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +9 -9
  182. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +21 -9
  183. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +62 -62
  184. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +131 -53
  185. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +51 -51
  186. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +81 -33
  187. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +5 -5
  188. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +11 -5
  189. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +62 -62
  190. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +141 -57
  191. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +3 -3
  192. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +11 -5
  193. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +7 -7
  194. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +21 -9
  195. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +8 -8
  196. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +11 -5
  197. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +8 -8
  198. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +11 -5
  199. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +4 -4
  200. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +11 -5
  201. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +16 -16
  202. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +31 -13
  203. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +57 -22
  204. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +174 -17
  205. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +32 -32
  206. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +51 -21
  207. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +3 -3
  208. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +11 -5
  209. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +37 -37
  210. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +61 -25
  211. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +40 -40
  212. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +71 -29
  213. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +9 -9
  214. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +11 -5
  215. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +5 -5
  216. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +21 -9
  217. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +30 -30
  218. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +81 -33
  219. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +41 -29
  220. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +141 -43
  221. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +46 -43
  222. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +88 -29
  223. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +18 -18
  224. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +31 -13
  225. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +281 -277
  226. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +569 -248
  227. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +10 -10
  228. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +31 -13
  229. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +6 -6
  230. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +21 -9
  231. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +3 -3
  232. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +11 -5
  233. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +13 -13
  234. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +51 -21
  235. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +23 -23
  236. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +31 -13
  237. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +9 -9
  238. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +11 -5
  239. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +115 -116
  240. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +191 -77
  241. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +1 -1
  242. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +1 -1
  243. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +46 -32
  244. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +118 -34
  245. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +12 -12
  246. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +31 -13
  247. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +44 -42
  248. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +108 -55
  249. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +2 -2
  250. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +11 -5
  251. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +2 -2
  252. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +11 -5
  253. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +42 -42
  254. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +61 -25
  255. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +2 -2
  256. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +11 -5
  257. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +2 -2
  258. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +11 -5
  259. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +9 -9
  260. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +21 -9
  261. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +2 -2
  262. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +11 -5
  263. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +2 -2
  264. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +11 -5
  265. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +28 -28
  266. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +51 -21
  267. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +8 -8
  268. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +41 -17
  269. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +9 -8
  270. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +25 -9
  271. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +4 -4
  272. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +11 -5
  273. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +4 -4
  274. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +11 -5
  275. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +3 -3
  276. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +11 -5
  277. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +9 -9
  278. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +31 -13
  279. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +10 -10
  280. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +21 -9
  281. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +6 -6
  282. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +21 -9
  283. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +11 -11
  284. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +31 -13
  285. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +15 -15
  286. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +71 -29
  287. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +19 -19
  288. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +51 -21
  289. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +1 -1
  290. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +1 -1
  291. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +6 -6
  292. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +21 -9
  293. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +10 -10
  294. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +31 -13
  295. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +5 -5
  296. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +11 -5
  297. data/src/core/ext/upb-generated/google/api/annotations.upb.c +1 -1
  298. data/src/core/ext/upb-generated/google/api/annotations.upb.h +1 -1
  299. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +58 -58
  300. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +111 -45
  301. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +68 -68
  302. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +121 -49
  303. data/src/core/ext/upb-generated/google/api/http.upb.c +18 -18
  304. data/src/core/ext/upb-generated/google/api/http.upb.h +31 -13
  305. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +4 -4
  306. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +11 -5
  307. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +153 -153
  308. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +271 -109
  309. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +4 -4
  310. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +11 -5
  311. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +2 -2
  312. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +11 -5
  313. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +15 -15
  314. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +31 -13
  315. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +4 -4
  316. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +11 -5
  317. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +19 -19
  318. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +91 -37
  319. data/src/core/ext/upb-generated/google/rpc/status.upb.c +5 -5
  320. data/src/core/ext/upb-generated/google/rpc/status.upb.h +11 -5
  321. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +12 -12
  322. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +11 -5
  323. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +60 -60
  324. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +101 -41
  325. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +7 -7
  326. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +21 -9
  327. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +5 -5
  328. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +21 -9
  329. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +31 -31
  330. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +91 -37
  331. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +8 -8
  332. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +31 -13
  333. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +4 -4
  334. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +11 -5
  335. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +1 -1
  336. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +1 -1
  337. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +4 -4
  338. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +11 -5
  339. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +3 -3
  340. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +11 -5
  341. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +13 -13
  342. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +11 -5
  343. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +4 -4
  344. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +11 -5
  345. data/src/core/ext/upb-generated/validate/validate.upb.c +220 -220
  346. data/src/core/ext/upb-generated/validate/validate.upb.h +231 -93
  347. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +3 -3
  348. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +11 -5
  349. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +8 -8
  350. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +21 -9
  351. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +6 -6
  352. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +11 -5
  353. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +5 -5
  354. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +11 -5
  355. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +11 -11
  356. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +21 -9
  357. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +6 -6
  358. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +11 -5
  359. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +384 -382
  360. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +94 -63
  361. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +10 -0
  362. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +30 -19
  363. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +5 -0
  364. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +791 -780
  365. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +96 -100
  366. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +133 -115
  367. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +5 -0
  368. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +178 -173
  369. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +14 -13
  370. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +103 -103
  371. data/src/core/ext/xds/certificate_provider_registry.cc +2 -2
  372. data/src/core/ext/xds/xds_api.cc +788 -910
  373. data/src/core/ext/xds/xds_api.h +16 -33
  374. data/src/core/ext/xds/xds_bootstrap.cc +27 -52
  375. data/src/core/ext/xds/xds_client.cc +69 -30
  376. data/src/core/ext/xds/xds_client_stats.cc +16 -15
  377. data/src/core/ext/xds/xds_client_stats.h +6 -6
  378. data/src/core/ext/xds/xds_http_fault_filter.cc +4 -3
  379. data/src/core/ext/xds/xds_http_fault_filter.h +3 -2
  380. data/src/core/ext/xds/xds_http_filters.cc +1 -0
  381. data/src/core/ext/xds/xds_server_config_fetcher.cc +10 -10
  382. data/src/core/lib/address_utils/parse_address.cc +4 -8
  383. data/src/core/lib/address_utils/sockaddr_utils.cc +2 -2
  384. data/src/core/lib/channel/channel_args.cc +2 -1
  385. data/src/core/lib/channel/channel_stack.cc +5 -3
  386. data/src/core/lib/channel/channel_stack_builder.cc +1 -11
  387. data/src/core/lib/channel/channel_stack_builder.h +0 -8
  388. data/src/core/lib/channel/channel_trace.cc +4 -3
  389. data/src/core/lib/channel/channel_trace.h +1 -0
  390. data/src/core/lib/channel/channelz.cc +40 -36
  391. data/src/core/lib/channel/channelz.h +27 -27
  392. data/src/core/lib/channel/channelz_registry.cc +7 -6
  393. data/src/core/lib/channel/connected_channel.cc +1 -0
  394. data/src/core/lib/channel/handshaker.cc +2 -1
  395. data/src/core/lib/channel/handshaker.h +1 -2
  396. data/src/core/lib/channel/handshaker_factory.h +10 -2
  397. data/src/core/lib/channel/handshaker_registry.cc +15 -70
  398. data/src/core/lib/channel/handshaker_registry.h +29 -12
  399. data/src/core/lib/channel/status_util.h +2 -2
  400. data/src/core/lib/compression/algorithm_metadata.h +1 -0
  401. data/src/core/lib/compression/compression_args.cc +2 -1
  402. data/src/core/lib/compression/compression_internal.cc +2 -4
  403. data/src/core/lib/compression/message_compress.cc +2 -2
  404. data/src/core/lib/compression/stream_compression.cc +2 -1
  405. data/src/core/lib/compression/stream_compression.h +2 -1
  406. data/src/core/lib/compression/stream_compression_gzip.cc +2 -1
  407. data/src/core/lib/compression/stream_compression_identity.cc +2 -1
  408. data/src/core/lib/config/core_configuration.cc +54 -0
  409. data/src/core/lib/config/core_configuration.h +108 -0
  410. data/src/core/lib/debug/stats.h +1 -0
  411. data/src/core/lib/debug/stats_data.cc +2 -1
  412. data/src/core/lib/debug/stats_data.h +1 -0
  413. data/src/core/lib/debug/trace.cc +1 -0
  414. data/src/core/lib/debug/trace.h +2 -1
  415. data/src/core/lib/event_engine/endpoint_config.cc +0 -1
  416. data/src/core/lib/event_engine/event_engine.cc +3 -3
  417. data/src/core/lib/event_engine/sockaddr.cc +3 -3
  418. data/src/core/lib/gpr/alloc.cc +4 -3
  419. data/src/core/lib/gpr/env_linux.cc +1 -2
  420. data/src/core/lib/gpr/env_posix.cc +2 -3
  421. data/src/core/lib/gpr/log.cc +3 -3
  422. data/src/core/lib/gpr/log_android.cc +3 -2
  423. data/src/core/lib/gpr/log_linux.cc +7 -4
  424. data/src/core/lib/gpr/log_posix.cc +6 -3
  425. data/src/core/lib/gpr/string.h +2 -2
  426. data/src/core/lib/gpr/sync.cc +2 -2
  427. data/src/core/lib/gpr/sync_abseil.cc +7 -6
  428. data/src/core/lib/gpr/sync_posix.cc +3 -3
  429. data/src/core/lib/gpr/time.cc +3 -2
  430. data/src/core/lib/gpr/time_windows.cc +3 -2
  431. data/src/core/lib/gpr/tls.h +120 -41
  432. data/src/core/lib/gpr/tmpfile_posix.cc +1 -2
  433. data/src/core/lib/gprpp/arena.cc +2 -1
  434. data/src/core/lib/gprpp/arena.h +5 -5
  435. data/src/core/lib/gprpp/atomic_utils.h +47 -0
  436. data/src/core/lib/gprpp/bitset.h +166 -0
  437. data/src/core/lib/gprpp/construct_destruct.h +39 -0
  438. data/src/core/lib/gprpp/dual_ref_counted.h +25 -26
  439. data/src/core/lib/gprpp/fork.cc +14 -12
  440. data/src/core/lib/gprpp/fork.h +4 -4
  441. data/src/core/lib/gprpp/global_config.h +1 -2
  442. data/src/core/lib/gprpp/global_config_env.cc +7 -7
  443. data/src/core/lib/gprpp/global_config_generic.h +2 -2
  444. data/src/core/lib/gprpp/manual_constructor.h +8 -5
  445. data/src/core/lib/gprpp/match.h +73 -0
  446. data/src/core/lib/gprpp/memory.h +3 -3
  447. data/src/core/lib/gprpp/mpscq.cc +7 -7
  448. data/src/core/lib/gprpp/mpscq.h +6 -5
  449. data/src/core/lib/gprpp/orphanable.h +3 -3
  450. data/src/core/lib/gprpp/overload.h +59 -0
  451. data/src/core/lib/gprpp/ref_counted.h +18 -18
  452. data/src/core/lib/gprpp/status_helper.cc +4 -4
  453. data/src/core/lib/gprpp/sync.h +3 -1
  454. data/src/core/lib/gprpp/thd_posix.cc +5 -5
  455. data/src/core/lib/gprpp/thd_windows.cc +4 -11
  456. data/src/core/lib/gprpp/time_util.cc +2 -2
  457. data/src/core/lib/gprpp/time_util.h +2 -2
  458. data/src/core/lib/http/format_request.cc +1 -0
  459. data/src/core/lib/http/format_request.h +1 -0
  460. data/src/core/lib/http/httpcli.cc +9 -9
  461. data/src/core/lib/http/httpcli.h +3 -0
  462. data/src/core/lib/http/httpcli_security_connector.cc +5 -8
  463. data/src/core/lib/http/parser.h +1 -0
  464. data/src/core/lib/iomgr/buffer_list.cc +2 -1
  465. data/src/core/lib/iomgr/buffer_list.h +1 -2
  466. data/src/core/lib/iomgr/call_combiner.cc +1 -0
  467. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  468. data/src/core/lib/iomgr/combiner.cc +3 -2
  469. data/src/core/lib/iomgr/combiner.h +1 -0
  470. data/src/core/lib/iomgr/dualstack_socket_posix.cc +1 -0
  471. data/src/core/lib/iomgr/endpoint.cc +0 -4
  472. data/src/core/lib/iomgr/endpoint.h +1 -3
  473. data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -20
  474. data/src/core/lib/iomgr/endpoint_cfstream.h +1 -1
  475. data/src/core/lib/iomgr/endpoint_pair.h +1 -0
  476. data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +1 -2
  477. data/src/core/lib/iomgr/endpoint_pair_posix.cc +15 -11
  478. data/src/core/lib/iomgr/endpoint_pair_windows.cc +17 -9
  479. data/src/core/lib/iomgr/error.h +23 -9
  480. data/src/core/lib/iomgr/error_cfstream.cc +2 -2
  481. data/src/core/lib/iomgr/error_internal.h +1 -0
  482. data/src/core/lib/iomgr/ev_epoll1_linux.cc +14 -22
  483. data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -22
  484. data/src/core/lib/iomgr/ev_poll_posix.cc +13 -25
  485. data/src/core/lib/iomgr/ev_posix.cc +1 -2
  486. data/src/core/lib/iomgr/event_engine/endpoint.cc +3 -22
  487. data/src/core/lib/iomgr/event_engine/endpoint.h +1 -2
  488. data/src/core/lib/iomgr/event_engine/iomgr.cc +17 -18
  489. data/src/core/lib/iomgr/event_engine/iomgr.h +20 -2
  490. data/src/core/lib/iomgr/event_engine/resolver.cc +2 -1
  491. data/src/core/lib/iomgr/event_engine/tcp.cc +53 -24
  492. data/src/core/lib/iomgr/exec_ctx.cc +3 -4
  493. data/src/core/lib/iomgr/exec_ctx.h +11 -19
  494. data/src/core/lib/iomgr/executor/mpmcqueue.cc +10 -9
  495. data/src/core/lib/iomgr/executor/mpmcqueue.h +4 -3
  496. data/src/core/lib/iomgr/executor/threadpool.cc +2 -2
  497. data/src/core/lib/iomgr/executor/threadpool.h +2 -1
  498. data/src/core/lib/iomgr/executor.cc +5 -6
  499. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  500. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  501. data/src/core/lib/iomgr/internal_errqueue.cc +3 -2
  502. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  503. data/src/core/lib/iomgr/iomgr.h +2 -2
  504. data/src/core/lib/iomgr/iomgr_custom.cc +2 -2
  505. data/src/core/lib/iomgr/iomgr_custom.h +2 -2
  506. data/src/core/lib/iomgr/iomgr_internal.cc +2 -1
  507. data/src/core/lib/iomgr/iomgr_windows.cc +1 -2
  508. data/src/core/lib/iomgr/is_epollexclusive_available.cc +4 -4
  509. data/src/core/lib/iomgr/polling_entity.cc +2 -2
  510. data/src/core/lib/iomgr/pollset_custom.cc +3 -4
  511. data/src/core/lib/iomgr/pollset_custom.h +2 -2
  512. data/src/core/lib/iomgr/pollset_set_custom.cc +1 -2
  513. data/src/core/lib/iomgr/pollset_set_windows.cc +1 -0
  514. data/src/core/lib/iomgr/port.h +0 -5
  515. data/src/core/lib/iomgr/python_util.h +1 -0
  516. data/src/core/lib/iomgr/resolve_address.cc +2 -1
  517. data/src/core/lib/iomgr/resolve_address.h +0 -4
  518. data/src/core/lib/iomgr/resolve_address_custom.cc +4 -4
  519. data/src/core/lib/iomgr/resolve_address_custom.h +0 -1
  520. data/src/core/lib/iomgr/resolve_address_posix.cc +2 -4
  521. data/src/core/lib/iomgr/resolve_address_windows.cc +6 -8
  522. data/src/core/lib/iomgr/resource_quota.cc +127 -42
  523. data/src/core/lib/iomgr/resource_quota.h +66 -17
  524. data/src/core/lib/iomgr/sockaddr.h +1 -1
  525. data/src/core/lib/iomgr/socket_factory_posix.cc +3 -3
  526. data/src/core/lib/iomgr/socket_factory_posix.h +1 -0
  527. data/src/core/lib/iomgr/socket_mutator.h +2 -2
  528. data/src/core/lib/iomgr/socket_utils_common_posix.cc +3 -3
  529. data/src/core/lib/iomgr/socket_utils_linux.cc +4 -4
  530. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  531. data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
  532. data/src/core/lib/iomgr/socket_utils_windows.cc +2 -2
  533. data/src/core/lib/iomgr/tcp_client.cc +4 -2
  534. data/src/core/lib/iomgr/tcp_client.h +4 -0
  535. data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -19
  536. data/src/core/lib/iomgr/tcp_client_custom.cc +9 -17
  537. data/src/core/lib/iomgr/tcp_client_posix.cc +24 -9
  538. data/src/core/lib/iomgr/tcp_client_posix.h +5 -2
  539. data/src/core/lib/iomgr/tcp_client_windows.cc +14 -6
  540. data/src/core/lib/iomgr/tcp_custom.cc +11 -23
  541. data/src/core/lib/iomgr/tcp_custom.h +2 -1
  542. data/src/core/lib/iomgr/tcp_posix.cc +29 -59
  543. data/src/core/lib/iomgr/tcp_posix.h +11 -12
  544. data/src/core/lib/iomgr/tcp_server.cc +6 -4
  545. data/src/core/lib/iomgr/tcp_server.h +12 -9
  546. data/src/core/lib/iomgr/tcp_server_custom.cc +15 -33
  547. data/src/core/lib/iomgr/tcp_server_posix.cc +20 -13
  548. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -0
  549. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +1 -2
  550. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +3 -4
  551. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +4 -4
  552. data/src/core/lib/iomgr/tcp_server_windows.cc +13 -9
  553. data/src/core/lib/iomgr/tcp_windows.cc +6 -25
  554. data/src/core/lib/iomgr/tcp_windows.h +2 -1
  555. data/src/core/lib/iomgr/timer.cc +1 -0
  556. data/src/core/lib/iomgr/timer.h +1 -2
  557. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  558. data/src/core/lib/iomgr/timer_generic.cc +8 -38
  559. data/src/core/lib/iomgr/timer_generic.h +1 -0
  560. data/src/core/lib/iomgr/timer_heap.cc +1 -2
  561. data/src/core/lib/iomgr/udp_server.cc +1 -2
  562. data/src/core/lib/iomgr/unix_sockets_posix.cc +3 -5
  563. data/src/core/lib/iomgr/unix_sockets_posix.h +2 -3
  564. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -0
  565. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -3
  566. data/src/core/lib/iomgr/wakeup_fd_posix.cc +1 -0
  567. data/src/core/lib/iomgr/work_serializer.cc +4 -4
  568. data/src/core/lib/iomgr/work_serializer.h +1 -1
  569. data/src/core/lib/json/json_reader.cc +9 -17
  570. data/src/core/lib/json/json_util.h +18 -26
  571. data/src/core/lib/matchers/matchers.h +0 -1
  572. data/src/core/lib/profiling/basic_timers.cc +8 -6
  573. data/src/core/lib/profiling/stap_timers.cc +2 -2
  574. data/src/core/lib/security/authorization/authorization_policy_provider.h +5 -4
  575. data/src/core/lib/security/authorization/evaluate_args.cc +2 -0
  576. data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +159 -0
  577. data/src/core/lib/security/authorization/sdk_server_authz_filter.h +67 -0
  578. data/src/core/lib/security/context/security_context.cc +7 -6
  579. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +2 -2
  580. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +2 -2
  581. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +2 -2
  582. data/src/core/lib/security/credentials/composite/composite_credentials.cc +4 -3
  583. data/src/core/lib/security/credentials/credentials.cc +6 -6
  584. data/src/core/lib/security/credentials/credentials.h +1 -1
  585. data/src/core/lib/security/credentials/credentials_metadata.cc +2 -3
  586. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +13 -26
  587. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -2
  588. data/src/core/lib/security/credentials/external/aws_request_signer.cc +3 -3
  589. data/src/core/lib/security/credentials/external/external_account_credentials.cc +13 -22
  590. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +2 -4
  591. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
  592. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +55 -3
  593. data/src/core/lib/security/credentials/iam/iam_credentials.cc +2 -1
  594. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -1
  595. data/src/core/lib/security/credentials/jwt/json_token.h +2 -1
  596. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +31 -14
  597. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +11 -3
  598. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -2
  599. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +3 -3
  600. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +3 -7
  601. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -0
  602. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -4
  603. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +4 -4
  604. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +0 -1
  605. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +3 -2
  606. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +10 -6
  607. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +2 -1
  608. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -5
  609. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +2 -2
  610. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +4 -6
  611. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +1 -0
  612. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +3 -3
  613. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +4 -7
  614. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +1 -2
  615. data/src/core/lib/security/security_connector/ssl_utils.cc +2 -3
  616. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +9 -14
  617. data/src/core/lib/security/transport/auth_filters.h +1 -0
  618. data/src/core/lib/security/transport/client_auth_filter.cc +4 -6
  619. data/src/core/lib/security/transport/secure_endpoint.cc +4 -14
  620. data/src/core/lib/security/transport/secure_endpoint.h +1 -0
  621. data/src/core/lib/security/transport/security_handshaker.cc +5 -4
  622. data/src/core/lib/security/transport/security_handshaker.h +2 -1
  623. data/src/core/lib/security/util/json_util.cc +6 -8
  624. data/src/core/lib/slice/percent_encoding.cc +73 -30
  625. data/src/core/lib/slice/percent_encoding.h +29 -28
  626. data/src/core/lib/slice/slice.cc +2 -3
  627. data/src/core/lib/slice/slice_buffer.cc +1 -2
  628. data/src/core/lib/slice/slice_intern.cc +2 -3
  629. data/src/core/lib/slice/slice_internal.h +2 -2
  630. data/src/core/lib/surface/api_trace.cc +2 -1
  631. data/src/core/lib/surface/api_trace.h +1 -0
  632. data/src/core/lib/surface/byte_buffer_reader.cc +1 -1
  633. data/src/core/lib/surface/call.cc +9 -8
  634. data/src/core/lib/surface/call.h +3 -3
  635. data/src/core/lib/surface/call_details.cc +2 -2
  636. data/src/core/lib/surface/call_log_batch.cc +2 -2
  637. data/src/core/lib/surface/channel.cc +22 -9
  638. data/src/core/lib/surface/channel.h +14 -2
  639. data/src/core/lib/surface/channel_ping.cc +1 -2
  640. data/src/core/lib/surface/channel_stack_type.cc +2 -1
  641. data/src/core/lib/surface/completion_queue.cc +54 -64
  642. data/src/core/lib/surface/completion_queue_factory.cc +2 -1
  643. data/src/core/lib/surface/completion_queue_factory.h +1 -0
  644. data/src/core/lib/surface/event_string.cc +1 -0
  645. data/src/core/lib/surface/init.cc +4 -9
  646. data/src/core/lib/surface/init.h +0 -1
  647. data/src/core/lib/surface/init_secure.cc +23 -4
  648. data/src/core/lib/surface/lame_client.cc +6 -5
  649. data/src/core/lib/surface/metadata_array.cc +2 -2
  650. data/src/core/lib/surface/server.cc +17 -33
  651. data/src/core/lib/surface/server.h +11 -13
  652. data/src/core/lib/surface/validate_metadata.cc +44 -16
  653. data/src/core/lib/surface/version.cc +2 -2
  654. data/src/core/lib/transport/byte_stream.h +1 -0
  655. data/src/core/lib/transport/connectivity_state.cc +8 -5
  656. data/src/core/lib/transport/connectivity_state.h +2 -2
  657. data/src/core/lib/transport/error_utils.cc +1 -0
  658. data/src/core/lib/transport/metadata.cc +10 -10
  659. data/src/core/lib/transport/metadata.h +13 -11
  660. data/src/core/lib/transport/metadata_batch.h +8 -0
  661. data/src/core/lib/transport/transport_op_string.cc +2 -2
  662. data/src/core/plugin_registry/grpc_plugin_registry.cc +14 -0
  663. data/src/core/tsi/alts/crypt/aes_gcm.cc +3 -2
  664. data/src/core/tsi/alts/crypt/gsec.h +2 -3
  665. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +2 -2
  666. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +2 -3
  667. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +2 -2
  668. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +4 -3
  669. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -2
  670. data/src/core/tsi/ssl_transport_security.cc +11 -9
  671. data/src/core/tsi/ssl_transport_security.h +3 -1
  672. data/src/core/tsi/transport_security.cc +3 -3
  673. data/src/core/tsi/transport_security_grpc.h +1 -0
  674. data/src/ruby/ext/grpc/extconf.rb +1 -1
  675. data/src/ruby/ext/grpc/rb_byte_buffer.c +2 -1
  676. data/src/ruby/ext/grpc/rb_call.c +5 -5
  677. data/src/ruby/ext/grpc/rb_call_credentials.c +5 -5
  678. data/src/ruby/ext/grpc/rb_channel.c +10 -8
  679. data/src/ruby/ext/grpc/rb_channel_args.c +2 -2
  680. data/src/ruby/ext/grpc/rb_channel_credentials.c +4 -4
  681. data/src/ruby/ext/grpc/rb_channel_credentials.h +1 -0
  682. data/src/ruby/ext/grpc/rb_completion_queue.c +3 -2
  683. data/src/ruby/ext/grpc/rb_compression_options.c +5 -4
  684. data/src/ruby/ext/grpc/rb_event_thread.c +4 -4
  685. data/src/ruby/ext/grpc/rb_grpc.c +5 -4
  686. data/src/ruby/ext/grpc/rb_grpc.h +1 -0
  687. data/src/ruby/ext/grpc/rb_server.c +6 -5
  688. data/src/ruby/ext/grpc/rb_server_credentials.c +3 -3
  689. data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
  690. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +8 -5
  691. data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +3 -1
  692. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +6 -5
  693. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +3 -1
  694. data/src/ruby/lib/grpc/version.rb +1 -1
  695. data/third_party/boringssl-with-bazel/err_data.c +294 -292
  696. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +52 -47
  697. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  698. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +1 -1
  699. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +1 -0
  700. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  701. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  702. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  703. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +1 -1
  704. data/third_party/boringssl-with-bazel/src/crypto/asn1/{asn1_locl.h → internal.h} +20 -1
  705. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +1 -1
  706. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -1
  707. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +1 -1
  708. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +1 -1
  709. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +1 -1
  710. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +1 -1
  711. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +14 -3
  712. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +5 -3
  713. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +5 -6
  714. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  715. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +5 -9
  716. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +1 -1
  717. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +4 -6
  718. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +34 -0
  719. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +219 -121
  720. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +9 -2
  721. data/third_party/boringssl-with-bazel/src/crypto/internal.h +23 -2
  722. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +253 -0
  723. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +28 -23
  724. data/third_party/boringssl-with-bazel/src/crypto/mem.c +2 -0
  725. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +7 -3
  726. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +1 -1
  727. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +1 -0
  728. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +4 -0
  729. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +4 -0
  730. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +4 -0
  731. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +2 -2
  732. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +15 -11
  733. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -1
  734. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +1 -0
  735. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +45 -2
  736. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +4 -2
  737. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +10 -3
  738. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +6 -23
  739. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +2 -2
  740. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +1 -0
  741. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +25 -22
  742. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +0 -4
  743. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +1 -0
  744. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +1 -3
  745. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +9 -11
  746. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +2 -0
  747. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +1 -3
  748. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -3
  749. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +1 -0
  750. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +0 -2
  751. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +2 -0
  752. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -11
  753. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -5
  754. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +160 -74
  755. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +0 -1
  756. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +8 -5
  757. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +3 -0
  758. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +6 -0
  759. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +25 -0
  760. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +14 -12
  761. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +4 -205
  762. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +3 -0
  763. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -4
  764. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +58 -6
  765. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +184 -55
  766. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -5
  767. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +9 -16
  768. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +44 -2
  769. data/third_party/boringssl-with-bazel/src/ssl/{t1_lib.cc → extensions.cc} +24 -11
  770. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -0
  771. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +75 -68
  772. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +17 -9
  773. data/third_party/boringssl-with-bazel/src/ssl/internal.h +25 -6
  774. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +1 -2
  775. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +11 -5
  776. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +0 -49
  777. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +121 -65
  778. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +14 -6
  779. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +9 -11
  780. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
  781. data/third_party/upb/upb/decode.c +129 -60
  782. data/third_party/upb/upb/decode.h +32 -4
  783. data/third_party/upb/upb/decode_fast.c +513 -500
  784. data/third_party/upb/upb/decode_fast.h +27 -0
  785. data/third_party/upb/upb/{decode.int.h → decode_internal.h} +38 -8
  786. data/third_party/upb/upb/def.c +171 -181
  787. data/third_party/upb/upb/def.h +41 -19
  788. data/third_party/upb/upb/def.hpp +29 -0
  789. data/third_party/upb/upb/encode.c +49 -16
  790. data/third_party/upb/upb/encode.h +29 -2
  791. data/third_party/upb/upb/msg.c +169 -28
  792. data/third_party/upb/upb/msg.h +75 -580
  793. data/third_party/upb/upb/msg_internal.h +687 -0
  794. data/third_party/upb/upb/port_def.inc +85 -24
  795. data/third_party/upb/upb/port_undef.inc +38 -1
  796. data/third_party/upb/upb/reflection.c +29 -37
  797. data/third_party/upb/upb/reflection.h +36 -8
  798. data/third_party/upb/upb/reflection.hpp +37 -0
  799. data/third_party/upb/upb/table.c +211 -86
  800. data/third_party/upb/upb/{table.int.h → table_internal.h} +56 -180
  801. data/third_party/upb/upb/text_encode.c +32 -4
  802. data/third_party/upb/upb/text_encode.h +26 -0
  803. data/third_party/upb/upb/upb.c +59 -8
  804. data/third_party/upb/upb/upb.h +36 -6
  805. data/third_party/upb/upb/upb.hpp +24 -0
  806. data/third_party/upb/upb/upb_internal.h +58 -0
  807. metadata +58 -56
  808. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +0 -179
  809. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +0 -38
  810. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +0 -243
  811. data/src/core/ext/transport/chttp2/transport/hpack_table.h +0 -148
  812. data/src/core/lib/gpr/tls_gcc.h +0 -52
  813. data/src/core/lib/gpr/tls_msvc.h +0 -54
  814. data/src/core/lib/gpr/tls_pthread.cc +0 -30
  815. data/src/core/lib/gpr/tls_pthread.h +0 -56
  816. data/src/core/lib/gpr/tls_stdcpp.h +0 -48
  817. data/src/core/lib/gprpp/atomic.h +0 -104
  818. data/src/core/lib/iomgr/endpoint_pair_uv.cc +0 -40
  819. data/src/core/lib/iomgr/iomgr_uv.cc +0 -43
  820. data/src/core/lib/iomgr/pollset_uv.cc +0 -95
  821. data/src/core/lib/iomgr/pollset_uv.h +0 -36
  822. data/src/core/lib/iomgr/sockaddr_custom.h +0 -54
  823. data/src/core/lib/iomgr/socket_utils_uv.cc +0 -49
  824. data/src/core/lib/iomgr/tcp_uv.cc +0 -421
  825. data/src/core/lib/iomgr/timer_uv.cc +0 -66
  826. data/third_party/upb/third_party/wyhash/wyhash.h +0 -145
  827. data/third_party/upb/upb/upb.int.h +0 -29
data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc CHANGED
@@ -731,13 +731,9 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
731
731
  return ssl_hs_error;
732
732
  }
733
733
 
734
- // TODO(https://crbug.com/boringssl/275): If the server negotiates TLS 1.2 and
735
- // we offer ECH, we handshake with ClientHelloOuter instead of
736
- // ClientHelloInner. That path is not yet implemented. For now, terminate the
737
- // handshake with a distinguishable error for testing.
734
+ // TLS 1.2 handshakes cannot accept ECH.
738
735
  if (hs->selected_ech_config) {
739
- OPENSSL_PUT_ERROR(SSL, SSL_R_CONNECTION_REJECTED);
740
- return ssl_hs_error;
736
+ ssl->s3->ech_status = ssl_ech_rejected;
741
737
  }
742
738
 
743
739
  // Copy over the server random.
@@ -764,44 +760,13 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
764
760
  }
765
761
  }
766
762
 
767
- if (hs->session_id_len != 0 &&
768
- CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len)) {
769
- // Echoing the ClientHello session ID in TLS 1.2, whether from the session
770
- // or a synthetic one, indicates resumption. If there was no session, this
771
- // was the TLS 1.3 compatibility mode session ID. As we know this is not a
772
- // session the server knows about, any server resuming it is in error.
773
- // Reject the first connection deterministicly, rather than installing an
774
- // invalid session into the session cache. https://crbug.com/796910
775
- if (ssl->session == nullptr) {
776
- OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_ECHOED_INVALID_SESSION_ID);
777
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
778
- return ssl_hs_error;
779
- }
780
- // We never offer sessions on renegotiation.
781
- assert(!ssl->s3->initial_handshake_complete);
782
- ssl->s3->session_reused = true;
783
- // Note |ssl->session| may be a TLS 1.3 session, offered in a separate
784
- // extension altogether. In that case, the version check below will fail the
785
- // connection.
786
- } else {
787
- // The session wasn't resumed. Create a fresh SSL_SESSION to fill out.
788
- ssl_set_session(ssl, NULL);
789
- if (!ssl_get_new_session(hs)) {
790
- ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
791
- return ssl_hs_error;
792
- }
793
- // Note: session_id could be empty.
794
- hs->new_session->session_id_length = CBS_len(&session_id);
795
- OPENSSL_memcpy(hs->new_session->session_id, CBS_data(&session_id),
796
- CBS_len(&session_id));
797
- }
798
-
799
763
  const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
800
764
  if (cipher == NULL) {
801
765
  OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_RETURNED);
802
766
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
803
767
  return ssl_hs_error;
804
768
  }
769
+ hs->new_cipher = cipher;
805
770
 
806
771
  // The cipher must be allowed in the selected version and enabled.
807
772
  uint32_t mask_a, mask_k;
@@ -815,7 +780,20 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
815
780
  return ssl_hs_error;
816
781
  }
817
782
 
818
- if (ssl->session != NULL) {
783
+ if (hs->session_id_len != 0 &&
784
+ CBS_mem_equal(&session_id, hs->session_id, hs->session_id_len)) {
785
+ // Echoing the ClientHello session ID in TLS 1.2, whether from the session
786
+ // or a synthetic one, indicates resumption. If there was no session (or if
787
+ // the session was only offered in ECH ClientHelloInner), this was the
788
+ // TLS 1.3 compatibility mode session ID. As we know this is not a session
789
+ // the server knows about, any server resuming it is in error. Reject the
790
+ // first connection deterministicly, rather than installing an invalid
791
+ // session into the session cache. https://crbug.com/796910
792
+ if (ssl->session == nullptr || ssl->s3->ech_status == ssl_ech_rejected) {
793
+ OPENSSL_PUT_ERROR(SSL, SSL_R_SERVER_ECHOED_INVALID_SESSION_ID);
794
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
795
+ return ssl_hs_error;
796
+ }
819
797
  if (ssl->session->ssl_version != ssl->version) {
820
798
  OPENSSL_PUT_ERROR(SSL, SSL_R_OLD_SESSION_VERSION_NOT_RETURNED);
821
799
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
@@ -833,10 +811,22 @@ static enum ssl_hs_wait_t do_read_server_hello(SSL_HANDSHAKE *hs) {
833
811
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
834
812
  return ssl_hs_error;
835
813
  }
814
+ // We never offer sessions on renegotiation.
815
+ assert(!ssl->s3->initial_handshake_complete);
816
+ ssl->s3->session_reused = true;
836
817
  } else {
818
+ // The session wasn't resumed. Create a fresh SSL_SESSION to fill out.
819
+ ssl_set_session(ssl, NULL);
820
+ if (!ssl_get_new_session(hs)) {
821
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
822
+ return ssl_hs_error;
823
+ }
824
+ // Note: session_id could be empty.
825
+ hs->new_session->session_id_length = CBS_len(&session_id);
826
+ OPENSSL_memcpy(hs->new_session->session_id, CBS_data(&session_id),
827
+ CBS_len(&session_id));
837
828
  hs->new_session->cipher = cipher;
838
829
  }
839
- hs->new_cipher = cipher;
840
830
 
841
831
  // Now that the cipher is known, initialize the handshake hash and hash the
842
832
  // ServerHello.
@@ -1334,8 +1324,12 @@ static enum ssl_hs_wait_t do_send_client_certificate(SSL_HANDSHAKE *hs) {
1334
1324
  return ssl_hs_ok;
1335
1325
  }
1336
1326
 
1337
- // Call cert_cb to update the certificate.
1338
- if (hs->config->cert->cert_cb != NULL) {
1327
+ if (ssl->s3->ech_status == ssl_ech_rejected) {
1328
+ // Do not send client certificates on ECH reject. We have not authenticated
1329
+ // the server for the name that can learn the certificate.
1330
+ SSL_certs_clear(ssl);
1331
+ } else if (hs->config->cert->cert_cb != nullptr) {
1332
+ // Call cert_cb to update the certificate.
1339
1333
  int rv = hs->config->cert->cert_cb(ssl, hs->config->cert->cert_cb_arg);
1340
1334
  if (rv == 0) {
1341
1335
  ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
@@ -1642,7 +1636,7 @@ static enum ssl_hs_wait_t do_send_client_finished(SSL_HANDSHAKE *hs) {
1642
1636
  }
1643
1637
 
1644
1638
  static bool can_false_start(const SSL_HANDSHAKE *hs) {
1645
- SSL *const ssl = hs->ssl;
1639
+ const SSL *const ssl = hs->ssl;
1646
1640
 
1647
1641
  // False Start bypasses the Finished check's downgrade protection. This can
1648
1642
  // enable attacks where we send data under weaker settings than supported
@@ -1660,6 +1654,13 @@ static bool can_false_start(const SSL_HANDSHAKE *hs) {
1660
1654
  return false;
1661
1655
  }
1662
1656
 
1657
+ // If ECH was rejected, disable False Start. We run the handshake to
1658
+ // completion, including the Finished downgrade check, to authenticate the
1659
+ // recovery flow.
1660
+ if (ssl->s3->ech_status == ssl_ech_rejected) {
1661
+ return false;
1662
+ }
1663
+
1663
1664
  // Additionally require ALPN or NPN by default.
1664
1665
  //
1665
1666
  // TODO(davidben): Can this constraint be relaxed globally now that cipher
@@ -1739,39 +1740,30 @@ static enum ssl_hs_wait_t do_read_session_ticket(SSL_HANDSHAKE *hs) {
1739
1740
  return ssl_hs_read_change_cipher_spec;
1740
1741
  }
1741
1742
 
1742
- SSL_SESSION *session = hs->new_session.get();
1743
- UniquePtr<SSL_SESSION> renewed_session;
1744
- if (ssl->session != NULL) {
1743
+ if (ssl->session != nullptr) {
1745
1744
  // The server is sending a new ticket for an existing session. Sessions are
1746
1745
  // immutable once established, so duplicate all but the ticket of the
1747
1746
  // existing session.
1748
- renewed_session =
1747
+ assert(!hs->new_session);
1748
+ hs->new_session =
1749
1749
  SSL_SESSION_dup(ssl->session.get(), SSL_SESSION_INCLUDE_NONAUTH);
1750
- if (!renewed_session) {
1751
- // This should never happen.
1752
- OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
1750
+ if (!hs->new_session) {
1753
1751
  return ssl_hs_error;
1754
1752
  }
1755
- session = renewed_session.get();
1756
1753
  }
1757
1754
 
1758
1755
  // |ticket_lifetime_hint| is measured from when the ticket was issued.
1759
- ssl_session_rebase_time(ssl, session);
1756
+ ssl_session_rebase_time(ssl, hs->new_session.get());
1760
1757
 
1761
- if (!session->ticket.CopyFrom(ticket)) {
1758
+ if (!hs->new_session->ticket.CopyFrom(ticket)) {
1762
1759
  return ssl_hs_error;
1763
1760
  }
1764
- session->ticket_lifetime_hint = ticket_lifetime_hint;
1761
+ hs->new_session->ticket_lifetime_hint = ticket_lifetime_hint;
1765
1762
 
1766
1763
  // Historically, OpenSSL filled in fake session IDs for ticket-based sessions.
1767
1764
  // TODO(davidben): Are external callers relying on this? Try removing this.
1768
- SHA256(CBS_data(&ticket), CBS_len(&ticket), session->session_id);
1769
- session->session_id_length = SHA256_DIGEST_LENGTH;
1770
-
1771
- if (renewed_session) {
1772
- session->not_resumable = false;
1773
- ssl->session = std::move(renewed_session);
1774
- }
1765
+ SHA256(CBS_data(&ticket), CBS_len(&ticket), hs->new_session->session_id);
1766
+ hs->new_session->session_id_length = SHA256_DIGEST_LENGTH;
1775
1767
 
1776
1768
  ssl->method->next_message(ssl);
1777
1769
  hs->state = state_process_change_cipher_spec;
@@ -1805,15 +1797,25 @@ static enum ssl_hs_wait_t do_read_server_finished(SSL_HANDSHAKE *hs) {
1805
1797
 
1806
1798
  static enum ssl_hs_wait_t do_finish_client_handshake(SSL_HANDSHAKE *hs) {
1807
1799
  SSL *const ssl = hs->ssl;
1800
+ if (ssl->s3->ech_status == ssl_ech_rejected) {
1801
+ // Release the retry configs.
1802
+ hs->ech_authenticated_reject = true;
1803
+ ssl_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_ECH_REQUIRED);
1804
+ OPENSSL_PUT_ERROR(SSL, SSL_R_ECH_REJECTED);
1805
+ return ssl_hs_error;
1806
+ }
1808
1807
 
1809
1808
  ssl->method->on_handshake_complete(ssl);
1810
1809
 
1811
- if (ssl->session != NULL) {
1812
- ssl->s3->established_session = UpRef(ssl->session);
1813
- } else {
1814
- // We make a copy of the session in order to maintain the immutability
1815
- // of the new established_session due to False Start. The caller may
1816
- // have taken a reference to the temporary session.
1810
+ // Note TLS 1.2 resumptions with ticket renewal have both |ssl->session| (the
1811
+ // resumed session) and |hs->new_session| (the session with the new ticket).
1812
+ bool has_new_session = hs->new_session != nullptr;
1813
+ if (has_new_session) {
1814
+ // When False Start is enabled, the handshake reports completion early. The
1815
+ // caller may then have passed the (then unresuable) |hs->new_session| to
1816
+ // another thread via |SSL_get0_session| for resumption. To avoid potential
1817
+ // race conditions in such callers, we duplicate the session before
1818
+ // clearing |not_resumable|.
1817
1819
  ssl->s3->established_session =
1818
1820
  SSL_SESSION_dup(hs->new_session.get(), SSL_SESSION_DUP_ALL);
1819
1821
  if (!ssl->s3->established_session) {
@@ -1825,11 +1827,16 @@ static enum ssl_hs_wait_t do_finish_client_handshake(SSL_HANDSHAKE *hs) {
1825
1827
  }
1826
1828
 
1827
1829
  hs->new_session.reset();
1830
+ } else {
1831
+ assert(ssl->session != nullptr);
1832
+ ssl->s3->established_session = UpRef(ssl->session);
1828
1833
  }
1829
1834
 
1830
1835
  hs->handshake_finalized = true;
1831
1836
  ssl->s3->initial_handshake_complete = true;
1832
- ssl_update_cache(hs, SSL_SESS_CACHE_CLIENT);
1837
+ if (has_new_session) {
1838
+ ssl_update_cache(ssl);
1839
+ }
1833
1840
 
1834
1841
  hs->state = state_done;
1835
1842
  return ssl_hs_ok;
data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc CHANGED
@@ -661,14 +661,17 @@ static enum ssl_hs_wait_t do_read_client_hello(SSL_HANDSHAKE *hs) {
661
661
  }
662
662
 
663
663
  hs->ech_config_id = config_id;
664
- ssl->s3->ech_accept = true;
664
+ ssl->s3->ech_status = ssl_ech_accepted;
665
665
  break;
666
666
  }
667
667
  }
668
668
 
669
- // If we did not accept ECH, we will send the current ECHConfigs as
670
- // retry_configs in the ServerHello's encrypted extensions. Proceed with the
671
- // ClientHelloOuter.
669
+ // If we did not accept ECH, proceed with the ClientHelloOuter. Note this
670
+ // could be key mismatch or ECH GREASE, so we most complete the handshake
671
+ // as usual, except EncryptedExtensions will contain retry configs.
672
+ if (ssl->s3->ech_status != ssl_ech_accepted) {
673
+ ssl->s3->ech_status = ssl_ech_rejected;
674
+ }
672
675
  }
673
676
 
674
677
  uint8_t alert = SSL_AD_DECODE_ERROR;
@@ -803,7 +806,7 @@ static enum ssl_hs_wait_t do_select_certificate(SSL_HANDSHAKE *hs) {
803
806
  // It should not be possible to negotiate TLS 1.2 with ECH. The
804
807
  // ClientHelloInner decoding function rejects ClientHellos which offer TLS 1.2
805
808
  // or below.
806
- assert(!ssl->s3->ech_accept);
809
+ assert(ssl->s3->ech_status != ssl_ech_accepted);
807
810
 
808
811
  // TODO(davidben): Also compute hints for TLS 1.2. When doing so, update the
809
812
  // check in bssl_shim.cc to test this.
@@ -1791,16 +1794,21 @@ static enum ssl_hs_wait_t do_finish_server_handshake(SSL_HANDSHAKE *hs) {
1791
1794
  ssl->ctx->x509_method->session_clear(hs->new_session.get());
1792
1795
  }
1793
1796
 
1794
- if (ssl->session != NULL) {
1795
- ssl->s3->established_session = UpRef(ssl->session);
1796
- } else {
1797
+ bool has_new_session = hs->new_session != nullptr;
1798
+ if (has_new_session) {
1799
+ assert(ssl->session == nullptr);
1797
1800
  ssl->s3->established_session = std::move(hs->new_session);
1798
1801
  ssl->s3->established_session->not_resumable = false;
1802
+ } else {
1803
+ assert(ssl->session != nullptr);
1804
+ ssl->s3->established_session = UpRef(ssl->session);
1799
1805
  }
1800
1806
 
1801
1807
  hs->handshake_finalized = true;
1802
1808
  ssl->s3->initial_handshake_complete = true;
1803
- ssl_update_cache(hs, SSL_SESS_CACHE_SERVER);
1809
+ if (has_new_session) {
1810
+ ssl_update_cache(ssl);
1811
+ }
1804
1812
 
1805
1813
  hs->state = state12_done;
1806
1814
  return ssl_hs_ok;
data/third_party/boringssl-with-bazel/src/ssl/internal.h CHANGED
@@ -163,6 +163,7 @@
163
163
 
164
164
  #include "../crypto/err/internal.h"
165
165
  #include "../crypto/internal.h"
166
+ #include "../crypto/lhash/internal.h"
166
167
 
167
168
 
168
169
  #if defined(OPENSSL_WINDOWS)
@@ -1794,7 +1795,7 @@ struct SSL_HANDSHAKE {
1794
1795
 
1795
1796
  union {
1796
1797
  // sent is a bitset where the bits correspond to elements of kExtensions
1797
- // in t1_lib.c. Each bit is set if that extension was sent in a
1798
+ // in extensions.cc. Each bit is set if that extension was sent in a
1798
1799
  // ClientHello. It's not used by servers.
1799
1800
  uint32_t sent = 0;
1800
1801
  // received is a bitset, like |sent|, but is used by servers to record
@@ -1832,6 +1833,10 @@ struct SSL_HANDSHAKE {
1832
1833
  // ech_client_bytes contains the ECH extension to send in the ClientHello.
1833
1834
  Array<uint8_t> ech_client_bytes;
1834
1835
 
1836
+ // ech_retry_configs, on the client, contains the retry configs from the
1837
+ // server as a serialized ECHConfigList.
1838
+ Array<uint8_t> ech_retry_configs;
1839
+
1835
1840
  // ech_client_hello_buf, on the server, contains the bytes of the
1836
1841
  // reconstructed ClientHelloInner message.
1837
1842
  Array<uint8_t> ech_client_hello_buf;
@@ -1871,8 +1876,8 @@ struct SSL_HANDSHAKE {
1871
1876
  uint16_t cert_compression_alg_id;
1872
1877
 
1873
1878
  // ech_hpke_ctx is the HPKE context used in ECH. On the server, it is
1874
- // initialized if |ech_accept| is true. On the client, it is initialized if
1875
- // |selected_ech_config| is not nullptr.
1879
+ // initialized if |ech_status| is |ssl_ech_accepted|. On the client, it is
1880
+ // initialized if |selected_ech_config| is not nullptr.
1876
1881
  ScopedEVP_HPKE_CTX ech_hpke_ctx;
1877
1882
 
1878
1883
  // server_params, in a TLS 1.2 server, stores the ServerKeyExchange
@@ -1942,6 +1947,10 @@ struct SSL_HANDSHAKE {
1942
1947
  // contained an ech_is_inner extension.
1943
1948
  bool ech_is_inner_present : 1;
1944
1949
 
1950
+ // ech_authenticated_reject, on the client, indicates whether an ECH rejection
1951
+ // handshake has been authenticated.
1952
+ bool ech_authenticated_reject : 1;
1953
+
1945
1954
  // scts_requested is true if the SCT extension is in the ClientHello.
1946
1955
  bool scts_requested : 1;
1947
1956
 
@@ -2573,6 +2582,16 @@ enum ssl_shutdown_t {
2573
2582
  ssl_shutdown_error = 2,
2574
2583
  };
2575
2584
 
2585
+ enum ssl_ech_status_t {
2586
+ // ssl_ech_none indicates ECH was not offered, or we have not gotten far
2587
+ // enough in the handshake to determine the status.
2588
+ ssl_ech_none,
2589
+ // ssl_ech_accepted indicates the server accepted ECH.
2590
+ ssl_ech_accepted,
2591
+ // ssl_ech_rejected indicates the server was offered ECH but rejected it.
2592
+ ssl_ech_rejected,
2593
+ };
2594
+
2576
2595
  struct SSL3_STATE {
2577
2596
  static constexpr bool kAllowUniquePtr = true;
2578
2597
 
@@ -2635,8 +2654,8 @@ struct SSL3_STATE {
2635
2654
  // key_update_count is the number of consecutive KeyUpdates received.
2636
2655
  uint8_t key_update_count = 0;
2637
2656
 
2638
- // ech_accept indicates whether ECH was accepted by the server.
2639
- bool ech_accept : 1;
2657
+ // ech_status indicates whether ECH was accepted by the server.
2658
+ ssl_ech_status_t ech_status = ssl_ech_none;
2640
2659
 
2641
2660
  // skip_early_data instructs the record layer to skip unexpected early data
2642
2661
  // messages when 0RTT is rejected.
@@ -3146,7 +3165,7 @@ void ssl_session_rebase_time(SSL *ssl, SSL_SESSION *session);
3146
3165
  void ssl_session_renew_timeout(SSL *ssl, SSL_SESSION *session,
3147
3166
  uint32_t timeout);
3148
3167
 
3149
- void ssl_update_cache(SSL_HANDSHAKE *hs, int mode);
3168
+ void ssl_update_cache(SSL *ssl);
3150
3169
 
3151
3170
  void ssl_send_alert(SSL *ssl, int level, int desc);
3152
3171
  int ssl_send_alert_impl(SSL *ssl, int level, int desc);
data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc CHANGED
@@ -164,8 +164,7 @@
164
164
  BSSL_NAMESPACE_BEGIN
165
165
 
166
166
  SSL3_STATE::SSL3_STATE()
167
- : ech_accept(false),
168
- skip_early_data(false),
167
+ : skip_early_data(false),
169
168
  have_version(false),
170
169
  v2_hello_done(false),
171
170
  is_v2_hello(false),
data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc CHANGED
@@ -206,7 +206,10 @@ class CECPQ2KeyShare : public SSLKeyShare {
206
206
  uint8_t hrss_entropy[HRSS_GENERATE_KEY_BYTES];
207
207
  HRSS_public_key hrss_public_key;
208
208
  RAND_bytes(hrss_entropy, sizeof(hrss_entropy));
209
- HRSS_generate_key(&hrss_public_key, &hrss_private_key_, hrss_entropy);
209
+ if (!HRSS_generate_key(&hrss_public_key, &hrss_private_key_,
210
+ hrss_entropy)) {
211
+ return false;
212
+ }
210
213
 
211
214
  uint8_t hrss_public_key_bytes[HRSS_PUBLIC_KEY_BYTES];
212
215
  HRSS_marshal_public_key(hrss_public_key_bytes, &hrss_public_key);
@@ -243,9 +246,10 @@ class CECPQ2KeyShare : public SSLKeyShare {
243
246
  uint8_t ciphertext[HRSS_CIPHERTEXT_BYTES];
244
247
  uint8_t entropy[HRSS_ENCAP_BYTES];
245
248
  RAND_bytes(entropy, sizeof(entropy));
246
- HRSS_encap(ciphertext, secret.data() + 32, &peer_public_key, entropy);
247
249
 
248
- if (!CBB_add_bytes(out_public_key, x25519_public_key,
250
+ if (!HRSS_encap(ciphertext, secret.data() + 32, &peer_public_key,
251
+ entropy) ||
252
+ !CBB_add_bytes(out_public_key, x25519_public_key,
249
253
  sizeof(x25519_public_key)) ||
250
254
  !CBB_add_bytes(out_public_key, ciphertext, sizeof(ciphertext))) {
251
255
  return false;
@@ -272,8 +276,10 @@ class CECPQ2KeyShare : public SSLKeyShare {
272
276
  return false;
273
277
  }
274
278
 
275
- HRSS_decap(secret.data() + 32, &hrss_private_key_, peer_key.data() + 32,
276
- peer_key.size() - 32);
279
+ if (!HRSS_decap(secret.data() + 32, &hrss_private_key_,
280
+ peer_key.data() + 32, peer_key.size() - 32)) {
281
+ return false;
282
+ }
277
283
 
278
284
  *out_secret = std::move(secret);
279
285
  return true;
data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc CHANGED
@@ -272,55 +272,6 @@ ssl_open_record_t ssl_open_app_data(SSL *ssl, Span<uint8_t> *out,
272
272
  return ret;
273
273
  }
274
274
 
275
- void ssl_update_cache(SSL_HANDSHAKE *hs, int mode) {
276
- SSL *const ssl = hs->ssl;
277
- SSL_CTX *ctx = ssl->session_ctx.get();
278
- if (!SSL_SESSION_is_resumable(ssl->s3->established_session.get()) ||
279
- (ctx->session_cache_mode & mode) != mode) {
280
- return;
281
- }
282
-
283
- // Clients never use the internal session cache.
284
- int use_internal_cache = ssl->server && !(ctx->session_cache_mode &
285
- SSL_SESS_CACHE_NO_INTERNAL_STORE);
286
-
287
- // A client may see new sessions on abbreviated handshakes if the server
288
- // decides to renew the ticket. Once the handshake is completed, it should be
289
- // inserted into the cache.
290
- if (ssl->s3->established_session.get() != ssl->session.get() ||
291
- (!ssl->server && hs->ticket_expected)) {
292
- if (use_internal_cache) {
293
- SSL_CTX_add_session(ctx, ssl->s3->established_session.get());
294
- }
295
- if (ctx->new_session_cb != NULL) {
296
- UniquePtr<SSL_SESSION> ref = UpRef(ssl->s3->established_session);
297
- if (ctx->new_session_cb(ssl, ref.get())) {
298
- // |new_session_cb|'s return value signals whether it took ownership.
299
- ref.release();
300
- }
301
- }
302
- }
303
-
304
- if (use_internal_cache &&
305
- !(ctx->session_cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR)) {
306
- // Automatically flush the internal session cache every 255 connections.
307
- int flush_cache = 0;
308
- CRYPTO_MUTEX_lock_write(&ctx->lock);
309
- ctx->handshakes_since_cache_flush++;
310
- if (ctx->handshakes_since_cache_flush >= 255) {
311
- flush_cache = 1;
312
- ctx->handshakes_since_cache_flush = 0;
313
- }
314
- CRYPTO_MUTEX_unlock_write(&ctx->lock);
315
-
316
- if (flush_cache) {
317
- struct OPENSSL_timeval now;
318
- ssl_get_current_time(ssl, &now);
319
- SSL_CTX_flush_sessions(ctx, now.tv_sec);
320
- }
321
- }
322
- }
323
-
324
275
  static bool cbb_add_hex(CBB *cbb, Span<const uint8_t> in) {
325
276
  static const char hextable[] = "0123456789abcdef";
326
277
  uint8_t *out;