grpc 1.41.0 → 1.42.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (519) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +57 -44
  3. data/etc/roots.pem +335 -326
  4. data/include/grpc/event_engine/event_engine.h +82 -42
  5. data/include/grpc/event_engine/internal/memory_allocator_impl.h +98 -0
  6. data/include/grpc/event_engine/memory_allocator.h +210 -0
  7. data/include/grpc/grpc.h +4 -0
  8. data/include/grpc/grpc_security.h +18 -0
  9. data/include/grpc/grpc_security_constants.h +1 -0
  10. data/include/grpc/impl/codegen/port_platform.h +7 -0
  11. data/src/core/ext/filters/client_channel/backend_metric.cc +18 -19
  12. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -1
  13. data/src/core/ext/filters/client_channel/channel_connectivity.cc +71 -89
  14. data/src/core/ext/filters/client_channel/client_channel.cc +187 -252
  15. data/src/core/ext/filters/client_channel/client_channel.h +74 -27
  16. data/src/core/ext/filters/client_channel/client_channel_factory.cc +1 -1
  17. data/src/core/ext/filters/client_channel/client_channel_factory.h +17 -19
  18. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +8 -14
  19. data/src/core/ext/filters/client_channel/config_selector.cc +1 -1
  20. data/src/core/ext/filters/client_channel/config_selector.h +4 -5
  21. data/src/core/ext/filters/client_channel/connector.h +18 -18
  22. data/src/core/ext/filters/client_channel/dynamic_filters.cc +1 -1
  23. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +0 -1
  24. data/src/core/ext/filters/client_channel/health/health_check_client.cc +12 -11
  25. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +1 -1
  26. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +4 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +6 -15
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +166 -82
  29. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +4 -0
  30. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +2 -4
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +23 -7
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -10
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +2 -3
  35. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2502 -0
  36. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -1
  37. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +7 -1
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +6 -2
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +1 -1
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +5 -0
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +8 -1
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +7 -16
  43. data/src/core/ext/filters/client_channel/lb_policy.h +11 -1
  44. data/src/core/ext/filters/client_channel/lb_policy_factory.h +1 -0
  45. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +139 -0
  46. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +11 -5
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -3
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +12 -39
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +21 -1
  50. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
  51. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +3 -1
  52. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +77 -68
  53. data/src/core/ext/filters/client_channel/resolver.h +1 -1
  54. data/src/core/ext/filters/client_channel/resolver_factory.h +2 -0
  55. data/src/core/ext/filters/client_channel/resolver_registry.cc +6 -8
  56. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +1 -1
  57. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +1 -1
  58. data/src/core/ext/filters/client_channel/retry_filter.cc +48 -86
  59. data/src/core/ext/filters/client_channel/retry_service_config.h +1 -1
  60. data/src/core/ext/filters/client_channel/retry_throttle.cc +17 -48
  61. data/src/core/ext/filters/client_channel/server_address.h +1 -1
  62. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +49 -36
  63. data/src/core/ext/filters/client_channel/subchannel.cc +85 -143
  64. data/src/core/ext/filters/client_channel/subchannel.h +29 -49
  65. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +22 -7
  66. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +11 -2
  67. data/src/core/ext/filters/client_idle/client_idle_filter.cc +27 -210
  68. data/src/core/ext/filters/client_idle/idle_filter_state.cc +96 -0
  69. data/src/core/ext/filters/client_idle/idle_filter_state.h +66 -0
  70. data/src/core/ext/filters/deadline/deadline_filter.cc +23 -26
  71. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -19
  72. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -1
  73. data/src/core/ext/filters/fault_injection/service_config_parser.h +1 -1
  74. data/src/core/ext/filters/http/client/http_client_filter.cc +41 -44
  75. data/src/core/ext/filters/http/client_authority_filter.cc +14 -15
  76. data/src/core/ext/filters/http/http_filters_plugin.cc +53 -71
  77. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +17 -12
  78. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +1 -1
  79. data/src/core/ext/filters/http/server/http_server_filter.cc +72 -69
  80. data/src/core/ext/filters/max_age/max_age_filter.cc +24 -26
  81. data/src/core/ext/filters/message_size/message_size_filter.cc +19 -16
  82. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  83. data/src/core/ext/{filters/client_channel → service_config}/service_config.cc +2 -2
  84. data/src/core/ext/{filters/client_channel → service_config}/service_config.h +4 -4
  85. data/src/core/ext/service_config/service_config_call_data.h +72 -0
  86. data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.cc +3 -3
  87. data/src/core/ext/{filters/client_channel → service_config}/service_config_parser.h +8 -6
  88. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +2 -5
  89. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +19 -24
  90. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +27 -50
  91. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +14 -16
  92. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +59 -58
  93. data/src/core/ext/transport/chttp2/transport/flow_control.cc +19 -16
  94. data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -4
  95. data/src/core/ext/transport/chttp2/transport/frame_data.cc +4 -4
  96. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
  97. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +2 -1
  98. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +2 -3
  99. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
  100. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +1 -1
  101. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +41 -1
  102. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +8 -4
  103. data/src/core/ext/transport/chttp2/transport/hpack_encoder_index.h +1 -1
  104. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +136 -98
  105. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +27 -8
  106. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +12 -25
  107. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +37 -30
  108. data/src/core/ext/transport/chttp2/transport/internal.h +4 -3
  109. data/src/core/ext/transport/chttp2/transport/parsing.cc +30 -173
  110. data/src/core/ext/transport/chttp2/transport/popularity_count.h +1 -1
  111. data/src/core/ext/transport/chttp2/transport/writing.cc +29 -22
  112. data/src/core/ext/transport/inproc/inproc_transport.cc +105 -109
  113. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +68 -34
  114. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +139 -1
  115. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +16 -4
  116. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +53 -4
  117. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +3 -2
  118. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +15 -0
  119. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +13 -8
  120. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +23 -0
  121. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +0 -1
  122. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +14 -11
  123. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +17 -0
  124. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +15 -12
  125. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +49 -19
  126. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +55 -0
  127. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +154 -0
  128. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +0 -2
  129. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +58 -0
  130. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +182 -0
  131. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +1 -1
  132. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +1 -1
  133. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +1 -1
  134. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +1 -1
  135. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +1 -1
  136. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +1 -1
  137. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +58 -0
  138. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +130 -0
  139. data/src/core/ext/upb-generated/{udpa/type/v1 → xds/type/v3}/typed_struct.upb.c +7 -7
  140. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +83 -0
  141. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +310 -286
  142. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +10 -0
  143. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +101 -88
  144. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +5 -0
  145. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +59 -56
  146. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +59 -46
  147. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +78 -82
  148. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +323 -316
  149. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +5 -4
  150. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +19 -23
  151. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +4 -3
  152. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +5 -3
  153. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +5 -4
  154. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +75 -0
  155. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +50 -0
  156. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +13 -12
  157. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +25 -24
  158. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +16 -15
  159. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +17 -16
  160. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +33 -32
  161. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +19 -18
  162. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +45 -0
  163. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +35 -0
  164. data/src/core/ext/xds/xds_api.cc +325 -362
  165. data/src/core/ext/xds/xds_api.h +134 -82
  166. data/src/core/ext/xds/xds_bootstrap.h +10 -0
  167. data/src/core/ext/xds/xds_certificate_provider.cc +3 -3
  168. data/src/core/ext/xds/xds_channel_stack_modifier.cc +113 -0
  169. data/src/core/ext/xds/xds_channel_stack_modifier.h +52 -0
  170. data/src/core/ext/xds/xds_client.cc +527 -314
  171. data/src/core/ext/xds/xds_client.h +42 -37
  172. data/src/core/ext/xds/xds_client_stats.h +1 -1
  173. data/src/core/ext/xds/xds_server_config_fetcher.cc +5 -7
  174. data/src/core/lib/address_utils/parse_address.cc +2 -0
  175. data/src/core/lib/avl/avl.cc +5 -5
  176. data/src/core/lib/backoff/backoff.cc +1 -1
  177. data/src/core/lib/channel/channel_args.cc +24 -6
  178. data/src/core/lib/channel/channel_args.h +9 -0
  179. data/src/core/lib/channel/channel_stack_builder.cc +3 -3
  180. data/src/core/lib/channel/channel_trace.cc +1 -1
  181. data/src/core/lib/channel/channel_trace.h +1 -1
  182. data/src/core/lib/channel/channelz.cc +3 -3
  183. data/src/core/lib/channel/channelz.h +2 -2
  184. data/src/core/lib/channel/channelz_registry.cc +1 -1
  185. data/src/core/lib/channel/channelz_registry.h +1 -1
  186. data/src/core/lib/channel/connected_channel.cc +1 -3
  187. data/src/core/lib/channel/connected_channel.h +1 -2
  188. data/src/core/lib/compression/compression.cc +2 -2
  189. data/src/core/lib/compression/compression_args.cc +6 -4
  190. data/src/core/lib/compression/compression_internal.cc +2 -2
  191. data/src/core/lib/compression/compression_internal.h +1 -1
  192. data/src/core/lib/config/core_configuration.cc +44 -2
  193. data/src/core/lib/config/core_configuration.h +39 -1
  194. data/src/core/lib/debug/stats.cc +1 -1
  195. data/src/core/lib/debug/stats_data.cc +13 -13
  196. data/src/core/lib/gpr/atm.cc +1 -1
  197. data/src/core/lib/gpr/cpu_posix.cc +1 -1
  198. data/src/core/lib/gpr/string.cc +2 -2
  199. data/src/core/lib/gpr/tls.h +1 -1
  200. data/src/core/lib/gpr/useful.h +79 -32
  201. data/src/core/lib/gprpp/arena.h +10 -0
  202. data/src/core/lib/gprpp/bitset.h +38 -16
  203. data/src/core/lib/gprpp/chunked_vector.h +211 -0
  204. data/src/core/lib/gprpp/construct_destruct.h +1 -1
  205. data/src/core/lib/gprpp/match.h +1 -1
  206. data/src/core/lib/gprpp/memory.h +6 -0
  207. data/src/core/lib/gprpp/overload.h +1 -1
  208. data/src/core/lib/gprpp/status_helper.cc +23 -3
  209. data/src/core/lib/gprpp/status_helper.h +12 -1
  210. data/src/core/lib/gprpp/table.h +411 -0
  211. data/src/core/lib/http/httpcli.cc +200 -182
  212. data/src/core/lib/http/parser.cc +2 -2
  213. data/src/core/lib/iomgr/call_combiner.cc +28 -10
  214. data/src/core/lib/iomgr/combiner.cc +6 -21
  215. data/src/core/lib/iomgr/endpoint_cfstream.cc +7 -6
  216. data/src/core/lib/iomgr/error.cc +113 -52
  217. data/src/core/lib/iomgr/error.h +50 -9
  218. data/src/core/lib/iomgr/error_cfstream.cc +5 -0
  219. data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -2
  220. data/src/core/lib/iomgr/ev_epollex_linux.cc +7 -7
  221. data/src/core/lib/iomgr/ev_poll_posix.cc +29 -20
  222. data/src/core/lib/iomgr/event_engine/closure.cc +41 -18
  223. data/src/core/lib/iomgr/event_engine/closure.h +10 -1
  224. data/src/core/lib/iomgr/event_engine/endpoint.cc +3 -3
  225. data/src/core/lib/iomgr/event_engine/iomgr.cc +1 -1
  226. data/src/core/lib/iomgr/event_engine/pollset.cc +5 -4
  227. data/src/core/lib/iomgr/event_engine/resolver.cc +10 -7
  228. data/src/core/lib/iomgr/event_engine/tcp.cc +9 -8
  229. data/src/core/lib/iomgr/event_engine/timer.cc +7 -2
  230. data/src/core/lib/iomgr/exec_ctx.cc +1 -9
  231. data/src/core/lib/iomgr/executor/mpmcqueue.cc +5 -7
  232. data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -8
  233. data/src/core/lib/iomgr/executor.cc +6 -20
  234. data/src/core/lib/iomgr/iomgr.cc +3 -1
  235. data/src/core/lib/iomgr/iomgr_internal.cc +4 -9
  236. data/src/core/lib/iomgr/iomgr_internal.h +3 -2
  237. data/src/core/lib/iomgr/load_file.cc +2 -2
  238. data/src/core/lib/iomgr/lockfree_event.cc +18 -0
  239. data/src/core/lib/iomgr/pollset_custom.cc +1 -1
  240. data/src/core/lib/iomgr/pollset_custom.h +1 -1
  241. data/src/core/lib/iomgr/resolve_address_posix.cc +5 -7
  242. data/src/core/lib/iomgr/resource_quota.cc +13 -11
  243. data/src/core/lib/iomgr/socket_factory_posix.cc +2 -2
  244. data/src/core/lib/iomgr/socket_mutator.cc +2 -2
  245. data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -2
  246. data/src/core/lib/iomgr/tcp_client_cfstream.cc +5 -3
  247. data/src/core/lib/iomgr/tcp_client_custom.cc +1 -1
  248. data/src/core/lib/iomgr/tcp_client_posix.cc +9 -18
  249. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -3
  250. data/src/core/lib/iomgr/tcp_posix.cc +4 -5
  251. data/src/core/lib/iomgr/tcp_server_custom.cc +2 -1
  252. data/src/core/lib/iomgr/tcp_server_posix.cc +3 -4
  253. data/src/core/lib/iomgr/tcp_server_windows.cc +4 -5
  254. data/src/core/lib/iomgr/tcp_windows.cc +2 -2
  255. data/src/core/lib/iomgr/timer_generic.cc +13 -13
  256. data/src/core/lib/iomgr/timer_heap.cc +1 -1
  257. data/src/core/lib/json/json_util.cc +68 -0
  258. data/src/core/lib/json/json_util.h +57 -99
  259. data/src/core/lib/json/json_writer.cc +0 -3
  260. data/src/core/lib/security/authorization/authorization_policy_provider.h +1 -1
  261. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +1 -1
  262. data/src/core/lib/security/authorization/evaluate_args.cc +14 -12
  263. data/src/core/lib/security/authorization/sdk_server_authz_filter.cc +13 -1
  264. data/src/core/lib/security/context/security_context.cc +4 -2
  265. data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
  266. data/src/core/lib/security/credentials/credentials.cc +4 -2
  267. data/src/core/lib/security/credentials/credentials.h +6 -1
  268. data/src/core/lib/security/credentials/external/external_account_credentials.cc +47 -11
  269. data/src/core/lib/security/credentials/external/external_account_credentials.h +1 -0
  270. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -1
  271. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -9
  272. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -2
  273. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +2 -2
  274. data/src/core/lib/security/security_connector/security_connector.cc +9 -4
  275. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  276. data/src/core/lib/security/security_connector/ssl_utils.cc +1 -1
  277. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +1 -0
  278. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +0 -2
  279. data/src/core/lib/security/transport/client_auth_filter.cc +5 -5
  280. data/src/core/lib/security/transport/security_handshaker.cc +73 -43
  281. data/src/core/lib/security/transport/server_auth_filter.cc +3 -5
  282. data/src/core/lib/security/transport/tsi_error.cc +3 -5
  283. data/src/core/lib/slice/slice.cc +0 -16
  284. data/src/core/lib/slice/slice_api.cc +39 -0
  285. data/src/core/lib/slice/slice_buffer.cc +5 -5
  286. data/src/core/lib/slice/slice_intern.cc +8 -13
  287. data/src/core/lib/slice/slice_internal.h +1 -244
  288. data/src/core/lib/slice/slice_refcount.cc +17 -0
  289. data/src/core/lib/slice/slice_refcount.h +121 -0
  290. data/src/core/lib/slice/slice_refcount_base.h +173 -0
  291. data/src/core/lib/slice/slice_split.cc +100 -0
  292. data/src/core/lib/slice/slice_split.h +40 -0
  293. data/src/core/lib/slice/slice_string_helpers.cc +0 -83
  294. data/src/core/lib/slice/slice_string_helpers.h +0 -11
  295. data/src/core/lib/slice/static_slice.cc +529 -0
  296. data/src/core/lib/slice/static_slice.h +331 -0
  297. data/src/core/lib/surface/builtins.cc +49 -0
  298. data/src/core/{ext/filters/workarounds/workaround_cronet_compression_filter.h → lib/surface/builtins.h} +8 -9
  299. data/src/core/lib/surface/call.cc +103 -120
  300. data/src/core/lib/surface/call.h +0 -6
  301. data/src/core/lib/surface/channel.cc +19 -32
  302. data/src/core/lib/surface/channel.h +0 -9
  303. data/src/core/lib/surface/channel_init.cc +23 -76
  304. data/src/core/lib/surface/channel_init.h +52 -44
  305. data/src/core/lib/surface/completion_queue.cc +6 -5
  306. data/src/core/lib/surface/init.cc +0 -39
  307. data/src/core/lib/surface/init_secure.cc +17 -14
  308. data/src/core/lib/surface/lame_client.cc +18 -11
  309. data/src/core/lib/surface/lame_client.h +1 -1
  310. data/src/core/lib/surface/server.cc +25 -17
  311. data/src/core/lib/surface/server.h +17 -10
  312. data/src/core/lib/surface/validate_metadata.cc +5 -2
  313. data/src/core/lib/surface/version.cc +2 -2
  314. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  315. data/src/core/lib/transport/error_utils.cc +42 -17
  316. data/src/core/lib/transport/error_utils.h +1 -1
  317. data/src/core/lib/transport/metadata.cc +31 -10
  318. data/src/core/lib/transport/metadata.h +2 -1
  319. data/src/core/lib/transport/metadata_batch.cc +35 -371
  320. data/src/core/lib/transport/metadata_batch.h +905 -71
  321. data/src/core/lib/transport/parsed_metadata.h +263 -0
  322. data/src/core/lib/transport/pid_controller.cc +4 -4
  323. data/src/core/lib/transport/static_metadata.cc +714 -846
  324. data/src/core/lib/transport/static_metadata.h +115 -379
  325. data/src/core/lib/transport/status_metadata.cc +1 -0
  326. data/src/core/lib/transport/transport.cc +4 -5
  327. data/src/core/lib/transport/transport_op_string.cc +40 -20
  328. data/src/core/plugin_registry/grpc_plugin_registry.cc +64 -43
  329. data/src/core/tsi/alts/crypt/aes_gcm.cc +3 -1
  330. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +13 -12
  331. data/src/core/tsi/alts/frame_protector/frame_handler.cc +10 -11
  332. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -2
  333. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +12 -2
  334. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
  335. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +2 -2
  336. data/src/core/tsi/fake_transport_security.cc +15 -7
  337. data/src/core/tsi/local_transport_security.cc +36 -73
  338. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +16 -50
  339. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -3
  340. data/src/core/tsi/ssl_transport_security.cc +10 -2
  341. data/src/core/tsi/transport_security.cc +12 -0
  342. data/src/core/tsi/transport_security.h +16 -1
  343. data/src/core/tsi/transport_security_interface.h +26 -0
  344. data/src/ruby/ext/grpc/extconf.rb +12 -9
  345. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +4 -0
  346. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +6 -0
  347. data/src/ruby/lib/grpc/version.rb +1 -1
  348. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
  349. data/src/ruby/spec/client_server_spec.rb +1 -1
  350. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +4 -4
  351. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +11 -6
  352. data/third_party/address_sorting/address_sorting_posix.c +1 -0
  353. data/third_party/boringssl-with-bazel/err_data.c +278 -272
  354. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +21 -22
  355. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +0 -2
  356. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +5 -0
  357. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +15 -22
  358. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +13 -7
  359. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +19 -29
  360. data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/a_strex.c +268 -271
  361. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +106 -153
  362. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  363. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +0 -39
  364. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +1 -1
  365. data/third_party/boringssl-with-bazel/src/crypto/{x509 → asn1}/charmap.h +0 -0
  366. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +38 -0
  367. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +8 -8
  368. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +289 -198
  369. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +8 -8
  370. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +9 -13
  371. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +1 -0
  372. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +11 -8
  373. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +1 -7
  374. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -5
  375. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +0 -4
  376. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +1 -7
  377. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -6
  378. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -17
  379. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +4 -6
  380. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +9 -0
  381. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +8 -0
  382. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +38 -47
  383. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +45 -65
  384. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +1 -0
  385. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +32 -34
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +21 -3
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +3 -2
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +5 -2
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +5 -9
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +10 -0
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +10 -11
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +1 -3
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +4 -7
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +4 -7
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +1 -1
  396. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +1 -1
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +24 -9
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +4 -2
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +35 -35
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +11 -10
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +10 -37
  402. data/third_party/boringssl-with-bazel/src/crypto/internal.h +39 -0
  403. data/third_party/boringssl-with-bazel/src/crypto/mem.c +12 -9
  404. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +0 -9
  405. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +0 -2
  406. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +0 -8
  407. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +0 -2
  408. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +0 -4
  409. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +16 -7
  410. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +9 -4
  411. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +151 -12
  412. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1 -1
  413. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +6 -6
  414. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +2 -0
  415. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +181 -1
  416. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +246 -0
  417. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +11 -2
  418. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +0 -2
  419. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +0 -179
  420. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +4 -2
  421. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +0 -5
  422. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -0
  423. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +11 -50
  424. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +1 -1
  425. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +2 -4
  426. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +0 -16
  427. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +22 -18
  428. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +11 -8
  429. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +16 -0
  430. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +1 -0
  431. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +1 -1
  432. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +1 -1
  433. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +1 -0
  434. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +4 -3
  435. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +24 -5
  436. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +17 -8
  437. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -0
  438. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +6 -6
  439. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +4 -0
  440. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +5 -0
  441. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +112 -55
  442. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +2 -1
  443. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +0 -2
  444. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
  445. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +71 -26
  446. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +366 -227
  447. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +2 -9
  448. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -4
  449. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +3 -1
  450. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +3 -3
  451. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +9 -0
  452. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +8 -2
  453. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +4 -0
  454. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +9 -3
  455. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -20
  456. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +12 -5
  457. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +5 -0
  458. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +37 -15
  459. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +28 -14
  460. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +31 -32
  461. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +529 -91
  462. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +16 -695
  463. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +48 -8
  464. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +266 -357
  465. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +90 -152
  466. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +15 -13
  467. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +75 -79
  468. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +96 -97
  469. data/third_party/boringssl-with-bazel/src/ssl/internal.h +63 -43
  470. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +2 -2
  471. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +2 -2
  472. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +6 -12
  473. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +14 -17
  474. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +14 -27
  475. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +203 -203
  476. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +30 -41
  477. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +47 -33
  478. data/third_party/re2/re2/compile.cc +91 -109
  479. data/third_party/re2/re2/dfa.cc +27 -39
  480. data/third_party/re2/re2/filtered_re2.cc +18 -2
  481. data/third_party/re2/re2/filtered_re2.h +10 -5
  482. data/third_party/re2/re2/nfa.cc +1 -1
  483. data/third_party/re2/re2/parse.cc +42 -23
  484. data/third_party/re2/re2/perl_groups.cc +34 -34
  485. data/third_party/re2/re2/prefilter.cc +3 -2
  486. data/third_party/re2/re2/prog.cc +182 -4
  487. data/third_party/re2/re2/prog.h +28 -9
  488. data/third_party/re2/re2/re2.cc +87 -118
  489. data/third_party/re2/re2/re2.h +156 -141
  490. data/third_party/re2/re2/regexp.cc +12 -5
  491. data/third_party/re2/re2/regexp.h +8 -2
  492. data/third_party/re2/re2/set.cc +31 -9
  493. data/third_party/re2/re2/set.h +9 -4
  494. data/third_party/re2/re2/simplify.cc +11 -3
  495. data/third_party/re2/re2/tostring.cc +1 -1
  496. data/third_party/re2/re2/walker-inl.h +1 -1
  497. data/third_party/re2/util/mutex.h +2 -2
  498. data/third_party/re2/util/pcre.h +3 -3
  499. metadata +77 -64
  500. data/include/grpc/event_engine/slice_allocator.h +0 -71
  501. data/src/core/ext/filters/client_channel/service_config_call_data.h +0 -126
  502. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +0 -211
  503. data/src/core/ext/filters/workarounds/workaround_utils.cc +0 -53
  504. data/src/core/ext/filters/workarounds/workaround_utils.h +0 -39
  505. data/src/core/ext/transport/chttp2/client/authority.cc +0 -42
  506. data/src/core/ext/transport/chttp2/client/authority.h +0 -36
  507. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.cc +0 -67
  508. data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +0 -74
  509. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +0 -66
  510. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +0 -58
  511. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +0 -58
  512. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +0 -130
  513. data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +0 -83
  514. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +0 -44
  515. data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +0 -35
  516. data/src/core/lib/iomgr/udp_server.cc +0 -747
  517. data/src/core/lib/iomgr/udp_server.h +0 -103
  518. data/src/core/lib/transport/authority_override.cc +0 -40
  519. data/src/core/lib/transport/authority_override.h +0 -37
@@ -389,13 +389,6 @@ struct ASN1_ADB_TABLE_st {
389
389
  /* Field is a SEQUENCE OF */
390
390
  #define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
391
391
 
392
- /* Special case: this refers to a SET OF that
393
- * will be sorted into DER order when encoded *and*
394
- * the corresponding STACK will be modified to match
395
- * the new order.
396
- */
397
- #define ASN1_TFLG_SET_ORDER (0x3 << 1)
398
-
399
392
  /* Mask for SET OF or SEQUENCE OF */
400
393
  #define ASN1_TFLG_SK_MASK (0x3 << 1)
401
394
 
@@ -602,8 +595,8 @@ typedef struct ASN1_AUX_st {
602
595
  #define ASN1_OP_FREE_POST 3
603
596
  #define ASN1_OP_D2I_PRE 4
604
597
  #define ASN1_OP_D2I_POST 5
605
- #define ASN1_OP_I2D_PRE 6
606
- #define ASN1_OP_I2D_POST 7
598
+ /* ASN1_OP_I2D_PRE and ASN1_OP_I2D_POST are not supported. We leave the
599
+ * constants undefined so code relying on them does not accidentally compile. */
607
600
  #define ASN1_OP_PRINT_PRE 8
608
601
  #define ASN1_OP_PRINT_POST 9
609
602
  #define ASN1_OP_STREAM_PRE 10
@@ -145,7 +145,7 @@ extern "C" {
145
145
  // Trusty isn't Linux but currently defines __linux__. As a workaround, we
146
146
  // exclude it here.
147
147
  // TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
148
- #if defined(__linux__) && !defined(TRUSTY)
148
+ #if defined(__linux__) && !defined(__TRUSTY__)
149
149
  #define OPENSSL_LINUX
150
150
  #endif
151
151
 
@@ -153,7 +153,7 @@ extern "C" {
153
153
  #define OPENSSL_FUCHSIA
154
154
  #endif
155
155
 
156
- #if defined(TRUSTY)
156
+ #if defined(__TRUSTY__)
157
157
  #define OPENSSL_TRUSTY
158
158
  #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
159
159
  #endif
@@ -328,8 +328,11 @@ enum ssl_verify_result_t BORINGSSL_ENUM_INT;
328
328
  // CRYPTO_THREADID is a dummy value.
329
329
  typedef int CRYPTO_THREADID;
330
330
 
331
+ // An |ASN1_NULL| is an opaque type. asn1.h represents the ASN.1 NULL value as
332
+ // an opaque, non-NULL |ASN1_NULL*| pointer.
333
+ typedef struct asn1_null_st ASN1_NULL;
334
+
331
335
  typedef int ASN1_BOOLEAN;
332
- typedef int ASN1_NULL;
333
336
  typedef struct ASN1_ITEM_st ASN1_ITEM;
334
337
  typedef struct asn1_object_st ASN1_OBJECT;
335
338
  typedef struct asn1_pctx_st ASN1_PCTX;
@@ -422,6 +425,7 @@ typedef struct private_key_st X509_PKEY;
422
425
  typedef struct rand_meth_st RAND_METHOD;
423
426
  typedef struct rc4_key_st RC4_KEY;
424
427
  typedef struct rsa_meth_st RSA_METHOD;
428
+ typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
425
429
  typedef struct rsa_st RSA;
426
430
  typedef struct sha256_state_st SHA256_CTX;
427
431
  typedef struct sha512_state_st SHA512_CTX;
@@ -430,6 +434,7 @@ typedef struct spake2_ctx_st SPAKE2_CTX;
430
434
  typedef struct srtp_protection_profile_st SRTP_PROTECTION_PROFILE;
431
435
  typedef struct ssl_cipher_st SSL_CIPHER;
432
436
  typedef struct ssl_ctx_st SSL_CTX;
437
+ typedef struct ssl_early_callback_ctx SSL_CLIENT_HELLO;
433
438
  typedef struct ssl_ech_keys_st SSL_ECH_KEYS;
434
439
  typedef struct ssl_method_st SSL_METHOD;
435
440
  typedef struct ssl_private_key_method_st SSL_PRIVATE_KEY_METHOD;
@@ -445,9 +450,10 @@ typedef struct trust_token_method_st TRUST_TOKEN_METHOD;
445
450
  typedef struct v3_ext_ctx X509V3_CTX;
446
451
  typedef struct x509_attributes_st X509_ATTRIBUTE;
447
452
  typedef struct x509_cert_aux_st X509_CERT_AUX;
448
- typedef struct x509_cinf_st X509_CINF;
449
453
  typedef struct x509_crl_method_st X509_CRL_METHOD;
450
454
  typedef struct x509_lookup_st X509_LOOKUP;
455
+ typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
456
+ typedef struct x509_object_st X509_OBJECT;
451
457
  typedef struct x509_revoked_st X509_REVOKED;
452
458
  typedef struct x509_st X509;
453
459
  typedef struct x509_store_ctx_st X509_STORE_CTX;
@@ -377,7 +377,9 @@ OPENSSL_EXPORT int BIO_read_asn1(BIO *bio, uint8_t **out, size_t *out_len,
377
377
  OPENSSL_EXPORT const BIO_METHOD *BIO_s_mem(void);
378
378
 
379
379
  // BIO_new_mem_buf creates read-only BIO that reads from |len| bytes at |buf|.
380
- // It does not take ownership of |buf|. It returns the BIO or NULL on error.
380
+ // It returns the BIO or NULL on error. This function does not copy or take
381
+ // ownership of |buf|. The caller must ensure the memory pointed to by |buf|
382
+ // outlives the |BIO|.
381
383
  //
382
384
  // If |len| is negative, then |buf| is treated as a NUL-terminated string, but
383
385
  // don't depend on this in new code.
@@ -687,9 +687,9 @@ OPENSSL_EXPORT int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
687
687
  // BN_prime_checks_for_validation can be used as the |checks| argument to the
688
688
  // primarily testing functions when validating an externally-supplied candidate
689
689
  // prime. It gives a false positive rate of at most 2^{-128}. (The worst case
690
- // false positive rate for a single iteration is 1/4, so we perform 32
691
- // iterations.)
692
- #define BN_prime_checks_for_validation 32
690
+ // false positive rate for a single iteration is 1/4 per
691
+ // https://eprint.iacr.org/2018/749. (1/4)^64 = 2^{-128}.)
692
+ #define BN_prime_checks_for_validation 64
693
693
 
694
694
  // BN_prime_checks_for_generation can be used as the |checks| argument to the
695
695
  // primality testing functions when generating random primes. It gives a false
@@ -154,6 +154,11 @@ OPENSSL_EXPORT int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
154
154
  // returns one on success and zero on error.
155
155
  OPENSSL_EXPORT int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
156
156
 
157
+ // CBS_get_until_first finds the first instance of |c| in |cbs|. If found, it
158
+ // sets |*out| to the text before the match, advances |cbs| over it, and returns
159
+ // one. Otherwise, it returns zero and leaves |cbs| unmodified.
160
+ OPENSSL_EXPORT int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c);
161
+
157
162
 
158
163
  // Parsing ASN.1
159
164
  //
@@ -463,6 +468,10 @@ OPENSSL_EXPORT int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag);
463
468
  // success and zero otherwise.
464
469
  OPENSSL_EXPORT int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
465
470
 
471
+ // CBB_add_zeros append |len| bytes with value zero to |cbb|. It returns one on
472
+ // success and zero otherwise.
473
+ OPENSSL_EXPORT int CBB_add_zeros(CBB *cbb, size_t len);
474
+
466
475
  // CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
467
476
  // the beginning of that space. The caller must then write |len| bytes of
468
477
  // actual contents to |*out_data|. It returns one on success and zero
@@ -106,7 +106,10 @@ OPENSSL_EXPORT const EVP_CIPHER *EVP_rc2_cbc(void);
106
106
  const EVP_CIPHER *EVP_rc2_40_cbc(void);
107
107
 
108
108
  // EVP_get_cipherbynid returns the cipher corresponding to the given NID, or
109
- // NULL if no such cipher is known.
109
+ // NULL if no such cipher is known. Note using this function links almost every
110
+ // cipher implemented by BoringSSL into the binary, whether the caller uses them
111
+ // or not. Size-conscious callers, such as client software, should not use this
112
+ // function.
110
113
  OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbynid(int nid);
111
114
 
112
115
 
@@ -409,7 +412,10 @@ OPENSSL_EXPORT int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,
409
412
  OPENSSL_EXPORT int EVP_add_cipher_alias(const char *a, const char *b);
410
413
 
411
414
  // EVP_get_cipherbyname returns an |EVP_CIPHER| given a human readable name in
412
- // |name|, or NULL if the name is unknown.
415
+ // |name|, or NULL if the name is unknown. Note using this function links almost
416
+ // every cipher implemented by BoringSSL into the binary, not just the ones the
417
+ // caller requests. Size-conscious callers, such as client software, should not
418
+ // use this function.
413
419
  OPENSSL_EXPORT const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
414
420
 
415
421
  // These AEADs are deprecated AES-GCM implementations that set
@@ -41,6 +41,10 @@ OPENSSL_EXPORT int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
41
41
  // keying material |secret| and salt |salt| using |digest|, and outputs
42
42
  // |out_len| bytes to |out_key|. The maximum output size is |EVP_MAX_MD_SIZE|.
43
43
  // It returns one on success and zero on error.
44
+ //
45
+ // WARNING: This function orders the inputs differently from RFC 5869
46
+ // specification. Double-check which parameter is the secret/IKM and which is
47
+ // the salt when using.
44
48
  OPENSSL_EXPORT int HKDF_extract(uint8_t *out_key, size_t *out_len,
45
49
  const EVP_MD *digest, const uint8_t *secret,
46
50
  size_t secret_len, const uint8_t *salt,
@@ -150,9 +150,15 @@ OPENSSL_EXPORT size_t OPENSSL_strlcat(char *dst, const char *src,
150
150
 
151
151
  // Deprecated functions.
152
152
 
153
- #define CRYPTO_malloc OPENSSL_malloc
154
- #define CRYPTO_realloc OPENSSL_realloc
155
- #define CRYPTO_free OPENSSL_free
153
+ // CRYPTO_malloc calls |OPENSSL_malloc|. |file| and |line| are ignored.
154
+ OPENSSL_EXPORT void *CRYPTO_malloc(size_t size, const char *file, int line);
155
+
156
+ // CRYPTO_realloc calls |OPENSSL_realloc|. |file| and |line| are ignored.
157
+ OPENSSL_EXPORT void *CRYPTO_realloc(void *ptr, size_t new_size,
158
+ const char *file, int line);
159
+
160
+ // CRYPTO_free calls |OPENSSL_free|. |file| and |line| are ignored.
161
+ OPENSSL_EXPORT void CRYPTO_free(void *ptr, const char *file, int line);
156
162
 
157
163
  // OPENSSL_clear_free calls |OPENSSL_free|. BoringSSL automatically clears all
158
164
  // allocations on free, but we define |OPENSSL_clear_free| for compatibility.
@@ -112,15 +112,6 @@ extern "C" {
112
112
  // write. Now they are all implemented with either:
113
113
  // IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
114
114
 
115
- #ifdef OPENSSL_NO_FP_API
116
-
117
- #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) //
118
- #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) //
119
- #define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) //
120
- #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) //
121
- #define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) //
122
-
123
- #else
124
115
 
125
116
  #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
126
117
  static void *pem_read_##name##_d2i(void **x, const unsigned char **inp, \
@@ -173,7 +164,6 @@ extern "C" {
173
164
  cb, u); \
174
165
  }
175
166
 
176
- #endif
177
167
 
178
168
  #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
179
169
  static void *pem_read_bio_##name##_d2i(void **x, const unsigned char **inp, \
@@ -260,14 +250,6 @@ extern "C" {
260
250
 
261
251
  // These are the same except they are for the declarations
262
252
 
263
- #if defined(OPENSSL_NO_FP_API)
264
-
265
- #define DECLARE_PEM_read_fp(name, type) //
266
- #define DECLARE_PEM_write_fp(name, type) //
267
- #define DECLARE_PEM_write_cb_fp(name, type) //
268
-
269
- #else
270
-
271
253
  #define DECLARE_PEM_read_fp(name, type) \
272
254
  OPENSSL_EXPORT type *PEM_read_##name(FILE *fp, type **x, \
273
255
  pem_password_cb *cb, void *u);
@@ -283,8 +265,6 @@ extern "C" {
283
265
  FILE *fp, type *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, \
284
266
  pem_password_cb *cb, void *u);
285
267
 
286
- #endif
287
-
288
268
  #define DECLARE_PEM_read_bio(name, type) \
289
269
  OPENSSL_EXPORT type *PEM_read_bio_##name(BIO *bp, type **x, \
290
270
  pem_password_cb *cb, void *u);
@@ -200,15 +200,22 @@ OPENSSL_EXPORT int PKCS7_type_is_signedAndEnveloped(const PKCS7 *p7);
200
200
  #define PKCS7_STREAM 0x1000
201
201
  #define PKCS7_PARTIAL 0x4000
202
202
 
203
- // PKCS7_sign assembles |certs| into a PKCS#7 signed data ContentInfo with
203
+ // PKCS7_sign can operate in two modes to provide some backwards compatibility:
204
+ //
205
+ // The first mode assembles |certs| into a PKCS#7 signed data ContentInfo with
204
206
  // external data and no signatures. It returns a newly-allocated |PKCS7| on
205
207
  // success or NULL on error. |sign_cert| and |pkey| must be NULL. |data| is
206
- // ignored. |flags| must be equal to |PKCS7_DETACHED|.
207
- //
208
- // Note this function only implements a subset of the corresponding OpenSSL
209
- // function. It is provided for backwards compatibility only. Additionally,
208
+ // ignored. |flags| must be equal to |PKCS7_DETACHED|. Additionally,
210
209
  // certificates in SignedData structures are unordered. The order of |certs|
211
210
  // will not be preserved.
211
+ //
212
+ // The second mode generates a detached RSA SHA-256 signature of |data| using
213
+ // |pkey| and produces a PKCS#7 SignedData structure containing it. |certs|
214
+ // must be NULL and |flags| must be exactly |PKCS7_NOATTR | PKCS7_BINARY |
215
+ // PKCS7_NOCERTS | PKCS7_DETACHED|.
216
+ //
217
+ // Note this function only implements a subset of the corresponding OpenSSL
218
+ // function. It is provided for backwards compatibility only.
212
219
  OPENSSL_EXPORT PKCS7 *PKCS7_sign(X509 *sign_cert, EVP_PKEY *pkey,
213
220
  STACK_OF(X509) *certs, BIO *data, int flags);
214
221
 
@@ -684,6 +684,11 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_OAEP(uint8_t *to, size_t to_len,
684
684
  // on success or zero otherwise.
685
685
  OPENSSL_EXPORT int RSA_print(BIO *bio, const RSA *rsa, int indent);
686
686
 
687
+ // RSA_get0_pss_params returns NULL. In OpenSSL, this function retries RSA-PSS
688
+ // parameters associated with |RSA| objects, but BoringSSL does not support
689
+ // the id-RSASSA-PSS key encoding.
690
+ OPENSSL_EXPORT const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *rsa);
691
+
687
692
 
688
693
  struct rsa_meth_st {
689
694
  struct openssl_method_common_st common;
@@ -94,18 +94,6 @@ class SpanBase {
94
94
  template <typename T>
95
95
  class Span : private internal::SpanBase<const T> {
96
96
  private:
97
- // Heuristically test whether C is a container type that can be converted into
98
- // a Span by checking for data() and size() member functions.
99
- //
100
- // TODO(davidben): Switch everything to std::enable_if_t when we remove
101
- // support for MSVC 2015. Although we could write our own enable_if_t and MSVC
102
- // 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE implementation is
103
- // problematic and does not work below unless we write the ::type at use.
104
- template <typename C>
105
- using EnableIfContainer = std::enable_if<
106
- std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
107
- std::is_integral<decltype(std::declval<C>().size())>::value>;
108
-
109
97
  static const size_t npos = static_cast<size_t>(-1);
110
98
 
111
99
  public:
@@ -116,12 +104,27 @@ class Span : private internal::SpanBase<const T> {
116
104
  constexpr Span(T (&array)[N]) : Span(array, N) {}
117
105
 
118
106
  template <
119
- typename C, typename = typename EnableIfContainer<C>::type,
107
+ typename C,
108
+ // TODO(davidben): Switch everything to std::enable_if_t when we remove
109
+ // support for MSVC 2015. Although we could write our own enable_if_t and
110
+ // MSVC 2015 has std::enable_if_t anyway, MSVC 2015's SFINAE
111
+ // implementation is problematic and does not work below unless we write
112
+ // the ::type at use.
113
+ //
114
+ // TODO(davidben): Move this and the identical copy below into an
115
+ // EnableIfContainer alias when we drop MSVC 2015 support. MSVC 2015's
116
+ // SFINAE support cannot handle type aliases.
117
+ typename = typename std::enable_if<
118
+ std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
119
+ std::is_integral<decltype(std::declval<C>().size())>::value>::type,
120
120
  typename = typename std::enable_if<std::is_const<T>::value, C>::type>
121
121
  Span(const C &container) : data_(container.data()), size_(container.size()) {}
122
122
 
123
123
  template <
124
- typename C, typename = typename EnableIfContainer<C>::type,
124
+ typename C,
125
+ typename = typename std::enable_if<
126
+ std::is_convertible<decltype(std::declval<C>().data()), T *>::value &&
127
+ std::is_integral<decltype(std::declval<C>().size())>::value>::type,
125
128
  typename = typename std::enable_if<!std::is_const<T>::value, C>::type>
126
129
  explicit Span(C &container)
127
130
  : data_(container.data()), size_(container.size()) {}
@@ -158,11 +161,30 @@ class Span : private internal::SpanBase<const T> {
158
161
 
159
162
  Span subspan(size_t pos = 0, size_t len = npos) const {
160
163
  if (pos > size_) {
161
- abort(); // absl::Span throws an exception here.
164
+ // absl::Span throws an exception here. Note std::span and Chromium
165
+ // base::span additionally forbid pos + len being out of range, with a
166
+ // special case at npos/dynamic_extent, while absl::Span::subspan clips
167
+ // the span. For now, we align with absl::Span in case we switch to it in
168
+ // the future.
169
+ abort();
162
170
  }
163
171
  return Span(data_ + pos, std::min(size_ - pos, len));
164
172
  }
165
173
 
174
+ Span first(size_t len) {
175
+ if (len > size_) {
176
+ abort();
177
+ }
178
+ return Span(data_, len);
179
+ }
180
+
181
+ Span last(size_t len) {
182
+ if (len > size_) {
183
+ abort();
184
+ }
185
+ return Span(data_ + size_ - len, len);
186
+ }
187
+
166
188
  private:
167
189
  T *data_;
168
190
  size_t size_;
@@ -1649,6 +1649,11 @@ OPENSSL_EXPORT int SSL_export_keying_material(
1649
1649
  // abbreviated handshake. It is reference-counted and immutable. Once
1650
1650
  // established, an |SSL_SESSION| may be shared by multiple |SSL| objects on
1651
1651
  // different threads and must not be modified.
1652
+ //
1653
+ // Note the TLS notion of "session" is not suitable for application-level
1654
+ // session state. It is an optional caching mechanism for the handshake. Not all
1655
+ // connections within an application-level session will reuse TLS sessions. TLS
1656
+ // sessions may be dropped by the client or ignored by the server at any time.
1652
1657
 
1653
1658
  DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
1654
1659
 
@@ -1703,6 +1708,19 @@ OPENSSL_EXPORT int SSL_SESSION_set_protocol_version(SSL_SESSION *session,
1703
1708
 
1704
1709
  // SSL_SESSION_get_id returns a pointer to a buffer containing |session|'s
1705
1710
  // session ID and sets |*out_len| to its length.
1711
+ //
1712
+ // This function should only be used for implementing a TLS session cache. TLS
1713
+ // sessions are not suitable for application-level session state, and a session
1714
+ // ID is an implementation detail of the TLS resumption handshake mechanism. Not
1715
+ // all resumption flows use session IDs, and not all connections within an
1716
+ // application-level session will reuse TLS sessions.
1717
+ //
1718
+ // To determine if resumption occurred, use |SSL_session_reused| instead.
1719
+ // Comparing session IDs will not give the right result in all cases.
1720
+ //
1721
+ // As a workaround for some broken applications, BoringSSL sometimes synthesizes
1722
+ // arbitrary session IDs for non-ID-based sessions. This behavior may be
1723
+ // removed in the future.
1706
1724
  OPENSSL_EXPORT const uint8_t *SSL_SESSION_get_id(const SSL_SESSION *session,
1707
1725
  unsigned *out_len);
1708
1726
 
@@ -3569,7 +3587,7 @@ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
3569
3587
  //
3570
3588
  // ECH support in BoringSSL is still experimental and under development.
3571
3589
  //
3572
- // See https://tools.ietf.org/html/draft-ietf-tls-esni-10.
3590
+ // See https://tools.ietf.org/html/draft-ietf-tls-esni-13.
3573
3591
 
3574
3592
  // SSL_set_enable_ech_grease configures whether the client will send a GREASE
3575
3593
  // ECH extension when no supported ECHConfig is available.
@@ -3601,12 +3619,12 @@ OPENSSL_EXPORT int SSL_set1_ech_config_list(SSL *ssl,
3601
3619
  const uint8_t *ech_config_list,
3602
3620
  size_t ech_config_list_len);
3603
3621
 
3604
- // SSL_get0_ech_name_override sets |*out_name| and |*out_name_len| to point to a
3605
- // buffer containing the ECH public name, if the server rejected ECH, or the
3606
- // empty string otherwise.
3622
+ // SSL_get0_ech_name_override, if |ssl| is a client and the server rejected ECH,
3623
+ // sets |*out_name| and |*out_name_len| to point to a buffer containing the ECH
3624
+ // public name. Otherwise, the buffer will be empty.
3607
3625
  //
3608
- // This function should be called during the certificate verification callback
3609
- // (see |SSL_CTX_set_custom_verify|) if |ssl| is a client offering ECH. If
3626
+ // When offering ECH as a client, this function should be called during the
3627
+ // certificate verification callback (see |SSL_CTX_set_custom_verify|). If
3610
3628
  // |*out_name_len| is non-zero, the caller should verify the certificate against
3611
3629
  // the result, interpreted as a DNS name, rather than the true server name. In
3612
3630
  // this case, the handshake will never succeed and is only used to authenticate
@@ -4140,7 +4158,7 @@ OPENSSL_EXPORT int SSL_set_max_send_fragment(SSL *ssl,
4140
4158
  // callbacks that are called very early on during the server handshake. At this
4141
4159
  // point, much of the SSL* hasn't been filled out and only the ClientHello can
4142
4160
  // be depended on.
4143
- typedef struct ssl_early_callback_ctx {
4161
+ struct ssl_early_callback_ctx {
4144
4162
  SSL *ssl;
4145
4163
  const uint8_t *client_hello;
4146
4164
  size_t client_hello_len;
@@ -4155,7 +4173,7 @@ typedef struct ssl_early_callback_ctx {
4155
4173
  size_t compression_methods_len;
4156
4174
  const uint8_t *extensions;
4157
4175
  size_t extensions_len;
4158
- } SSL_CLIENT_HELLO;
4176
+ } /* SSL_CLIENT_HELLO */;
4159
4177
 
4160
4178
  // ssl_select_cert_result_t enumerates the possible results from selecting a
4161
4179
  // certificate with |select_certificate_cb|.
@@ -4894,12 +4912,6 @@ OPENSSL_EXPORT int SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ec_key);
4894
4912
  OPENSSL_EXPORT int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *out,
4895
4913
  const char *dir);
4896
4914
 
4897
- // SSL_set_verify_result calls |abort| unless |result| is |X509_V_OK|.
4898
- //
4899
- // TODO(davidben): Remove this function once it has been removed from
4900
- // netty-tcnative.
4901
- OPENSSL_EXPORT void SSL_set_verify_result(SSL *ssl, long result);
4902
-
4903
4915
  // SSL_CTX_enable_tls_channel_id calls |SSL_CTX_set_tls_channel_id_enabled|.
4904
4916
  OPENSSL_EXPORT int SSL_CTX_enable_tls_channel_id(SSL_CTX *ctx);
4905
4917
 
@@ -5554,6 +5566,8 @@ BSSL_NAMESPACE_END
5554
5566
  #define SSL_R_INVALID_ECH_PUBLIC_NAME 317
5555
5567
  #define SSL_R_INVALID_ECH_CONFIG_LIST 318
5556
5568
  #define SSL_R_ECH_REJECTED 319
5569
+ #define SSL_R_OUTER_EXTENSION_NOT_FOUND 320
5570
+ #define SSL_R_INCONSISTENT_ECH_NEGOTIATION 321
5557
5571
  #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
5558
5572
  #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
5559
5573
  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020