grpc 1.63.0 → 1.64.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (1055) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +54 -51
  3. data/include/grpc/credentials.h +1222 -0
  4. data/include/grpc/grpc.h +7 -0
  5. data/include/grpc/grpc_crl_provider.h +1 -0
  6. data/include/grpc/grpc_security.h +0 -1171
  7. data/include/grpc/impl/channel_arg_names.h +0 -3
  8. data/include/grpc/module.modulemap +1 -0
  9. data/include/grpc/support/log.h +1 -1
  10. data/src/core/{lib/channel → channelz}/channel_trace.cc +56 -62
  11. data/src/core/{lib/channel → channelz}/channel_trace.h +21 -19
  12. data/src/core/{lib/channel → channelz}/channelz.cc +68 -6
  13. data/src/core/{lib/channel → channelz}/channelz.h +45 -6
  14. data/src/core/{lib/channel → channelz}/channelz_registry.cc +7 -6
  15. data/src/core/{lib/channel → channelz}/channelz_registry.h +6 -6
  16. data/src/core/client_channel/client_channel_filter.cc +58 -62
  17. data/src/core/client_channel/client_channel_filter.h +2 -4
  18. data/src/core/client_channel/client_channel_internal.h +3 -2
  19. data/src/core/client_channel/client_channel_service_config.h +1 -1
  20. data/src/core/client_channel/config_selector.h +4 -3
  21. data/src/core/client_channel/connector.h +1 -1
  22. data/src/core/client_channel/dynamic_filters.cc +3 -2
  23. data/src/core/client_channel/local_subchannel_pool.cc +5 -3
  24. data/src/core/client_channel/retry_filter.cc +1 -1
  25. data/src/core/client_channel/retry_filter.h +3 -2
  26. data/src/core/client_channel/retry_filter_legacy_call_data.cc +5 -4
  27. data/src/core/client_channel/subchannel.cc +13 -12
  28. data/src/core/client_channel/subchannel.h +0 -1
  29. data/src/core/client_channel/subchannel_stream_client.cc +5 -3
  30. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +4 -3
  31. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +2 -2
  32. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +24 -16
  33. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +10 -11
  34. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +8 -9
  35. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +4 -4
  36. data/src/core/ext/filters/http/client/http_client_filter.cc +5 -4
  37. data/src/core/ext/filters/http/client/http_client_filter.h +5 -5
  38. data/src/core/ext/filters/http/client_authority_filter.cc +4 -3
  39. data/src/core/ext/filters/http/client_authority_filter.h +5 -4
  40. data/src/core/ext/filters/http/message_compress/compression_filter.cc +9 -8
  41. data/src/core/ext/filters/http/message_compress/compression_filter.h +8 -8
  42. data/src/core/ext/filters/http/server/http_server_filter.cc +2 -2
  43. data/src/core/ext/filters/http/server/http_server_filter.h +5 -5
  44. data/src/core/ext/filters/message_size/message_size_filter.cc +10 -19
  45. data/src/core/ext/filters/message_size/message_size_filter.h +8 -6
  46. data/src/core/ext/filters/rbac/rbac_filter.cc +11 -6
  47. data/src/core/ext/filters/rbac/rbac_filter.h +5 -5
  48. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +12 -12
  49. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +3 -2
  50. data/src/core/ext/gcp/metadata_query.cc +4 -3
  51. data/src/core/ext/gcp/metadata_query.h +2 -2
  52. data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -3
  53. data/src/core/ext/transport/chttp2/alpn/alpn.h +2 -2
  54. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +13 -13
  55. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +2 -3
  56. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +10 -10
  57. data/src/core/ext/transport/chttp2/server/chttp2_server.h +3 -3
  58. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +6 -6
  59. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +1 -2
  60. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +8 -7
  61. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -2
  62. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +53 -52
  63. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -3
  64. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +2 -2
  65. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +2 -2
  66. data/src/core/ext/transport/chttp2/transport/decode_huff.h +2 -2
  67. data/src/core/ext/transport/chttp2/transport/flow_control.cc +4 -4
  68. data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -4
  69. data/src/core/ext/transport/chttp2/transport/frame.cc +4 -4
  70. data/src/core/ext/transport/chttp2/transport/frame.h +2 -2
  71. data/src/core/ext/transport/chttp2/transport/frame_data.cc +3 -3
  72. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -2
  73. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +5 -5
  74. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +1 -2
  75. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +3 -3
  76. data/src/core/ext/transport/chttp2/transport/frame_ping.h +1 -2
  77. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +3 -3
  78. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +1 -2
  79. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +1 -2
  80. data/src/core/ext/transport/chttp2/transport/frame_settings.h +1 -2
  81. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +4 -4
  82. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +1 -2
  83. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +2 -2
  84. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +4 -3
  85. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -2
  86. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +10 -9
  87. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -2
  88. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +4 -3
  89. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +3 -3
  90. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +24 -24
  91. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +1 -2
  92. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +5 -5
  93. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +2 -2
  94. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +2 -2
  95. data/src/core/ext/transport/chttp2/transport/http2_settings.h +2 -2
  96. data/src/core/ext/transport/chttp2/transport/http_trace.cc +2 -2
  97. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +2 -2
  98. data/src/core/ext/transport/chttp2/transport/internal.h +3 -5
  99. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.cc +4 -3
  100. data/src/core/ext/transport/chttp2/transport/max_concurrent_streams_policy.h +2 -2
  101. data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -14
  102. data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.cc +1 -2
  103. data/src/core/ext/transport/chttp2/transport/ping_abuse_policy.h +2 -2
  104. data/src/core/ext/transport/chttp2/transport/ping_callbacks.cc +3 -3
  105. data/src/core/ext/transport/chttp2/transport/ping_callbacks.h +1 -2
  106. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +1 -2
  107. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.h +2 -2
  108. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +7 -6
  109. data/src/core/ext/transport/chttp2/transport/varint.cc +2 -2
  110. data/src/core/ext/transport/chttp2/transport/varint.h +4 -3
  111. data/src/core/ext/transport/chttp2/transport/write_size_policy.cc +4 -3
  112. data/src/core/ext/transport/chttp2/transport/write_size_policy.h +2 -2
  113. data/src/core/ext/transport/chttp2/transport/writing.cc +35 -22
  114. data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
  115. data/src/core/ext/transport/inproc/inproc_transport.h +1 -2
  116. data/src/core/ext/transport/inproc/legacy_inproc_transport.cc +7 -8
  117. data/src/core/ext/transport/inproc/legacy_inproc_transport.h +1 -2
  118. data/src/core/{lib/transport → handshaker/endpoint_info}/endpoint_info_handshaker.cc +6 -6
  119. data/src/core/{lib/transport → handshaker/endpoint_info}/endpoint_info_handshaker.h +3 -3
  120. data/src/core/{lib/transport → handshaker}/handshaker.cc +8 -6
  121. data/src/core/{lib/transport → handshaker}/handshaker.h +4 -5
  122. data/src/core/{lib/transport → handshaker}/handshaker_factory.h +19 -3
  123. data/src/core/{lib/transport → handshaker}/handshaker_registry.cc +3 -3
  124. data/src/core/{lib/transport → handshaker}/handshaker_registry.h +6 -6
  125. data/src/core/{lib/transport → handshaker/http_connect}/http_connect_handshaker.cc +5 -6
  126. data/src/core/{lib/transport → handshaker/http_connect}/http_connect_handshaker.h +3 -3
  127. data/src/core/{client_channel → handshaker/http_connect}/http_proxy_mapper.cc +6 -6
  128. data/src/core/{client_channel → handshaker/http_connect}/http_proxy_mapper.h +6 -6
  129. data/src/core/{lib/handshaker → handshaker}/proxy_mapper.h +5 -5
  130. data/src/core/{lib/handshaker → handshaker}/proxy_mapper_registry.cc +3 -3
  131. data/src/core/{lib/handshaker → handshaker}/proxy_mapper_registry.h +6 -6
  132. data/src/core/{lib/security/transport → handshaker/security}/secure_endpoint.cc +5 -5
  133. data/src/core/{lib/security/transport → handshaker/security}/secure_endpoint.h +4 -5
  134. data/src/core/{lib/security/transport → handshaker/security}/security_handshaker.cc +11 -11
  135. data/src/core/{lib/security/transport → handshaker/security}/security_handshaker.h +5 -6
  136. data/src/core/{lib/security/transport → handshaker/security}/tsi_error.cc +2 -2
  137. data/src/core/{lib/security/transport → handshaker/security}/tsi_error.h +3 -3
  138. data/src/core/{lib/transport → handshaker/tcp_connect}/tcp_connect_handshaker.cc +8 -8
  139. data/src/core/{lib/transport → handshaker/tcp_connect}/tcp_connect_handshaker.h +3 -3
  140. data/src/core/lib/address_utils/parse_address.cc +5 -3
  141. data/src/core/lib/address_utils/parse_address.h +2 -2
  142. data/src/core/lib/address_utils/sockaddr_utils.cc +15 -9
  143. data/src/core/lib/address_utils/sockaddr_utils.h +2 -2
  144. data/src/core/lib/avl/avl.h +2 -2
  145. data/src/core/lib/backoff/backoff.cc +2 -2
  146. data/src/core/lib/backoff/backoff.h +2 -2
  147. data/src/core/lib/backoff/random_early_detection.cc +2 -2
  148. data/src/core/lib/backoff/random_early_detection.h +2 -2
  149. data/src/core/lib/channel/call_finalization.h +2 -2
  150. data/src/core/lib/channel/call_tracer.cc +7 -7
  151. data/src/core/lib/channel/call_tracer.h +1 -2
  152. data/src/core/lib/channel/channel_args.cc +4 -4
  153. data/src/core/lib/channel/channel_args.h +1 -2
  154. data/src/core/lib/channel/channel_args_preconditioning.cc +2 -2
  155. data/src/core/lib/channel/channel_args_preconditioning.h +1 -2
  156. data/src/core/lib/channel/channel_stack.cc +8 -7
  157. data/src/core/lib/channel/channel_stack.h +1 -2
  158. data/src/core/lib/channel/channel_stack_builder.cc +2 -2
  159. data/src/core/lib/channel/channel_stack_builder.h +2 -2
  160. data/src/core/lib/channel/channel_stack_builder_impl.cc +6 -13
  161. data/src/core/lib/channel/channel_stack_builder_impl.h +2 -2
  162. data/src/core/lib/channel/channel_stack_trace.cc +2 -2
  163. data/src/core/lib/channel/connected_channel.cc +25 -40
  164. data/src/core/lib/channel/context.h +29 -1
  165. data/src/core/lib/channel/metrics.cc +10 -72
  166. data/src/core/lib/channel/metrics.h +1 -42
  167. data/src/core/lib/channel/promise_based_filter.cc +70 -75
  168. data/src/core/lib/channel/promise_based_filter.h +189 -148
  169. data/src/core/lib/channel/status_util.cc +2 -2
  170. data/src/core/lib/channel/status_util.h +1 -2
  171. data/src/core/lib/channel/tcp_tracer.h +2 -2
  172. data/src/core/lib/compression/compression.cc +1 -2
  173. data/src/core/lib/compression/compression_internal.cc +3 -3
  174. data/src/core/lib/compression/compression_internal.h +1 -2
  175. data/src/core/lib/compression/message_compress.cc +9 -8
  176. data/src/core/lib/compression/message_compress.h +1 -2
  177. data/src/core/lib/config/config_vars.cc +2 -2
  178. data/src/core/lib/config/config_vars.h +2 -2
  179. data/src/core/lib/config/config_vars_non_generated.cc +2 -2
  180. data/src/core/lib/config/core_configuration.cc +9 -8
  181. data/src/core/lib/config/core_configuration.h +8 -8
  182. data/src/core/lib/config/load_config.cc +4 -4
  183. data/src/core/lib/config/load_config.h +2 -2
  184. data/src/core/lib/debug/event_log.cc +3 -3
  185. data/src/core/lib/debug/event_log.h +2 -2
  186. data/src/core/lib/debug/histogram_view.cc +2 -2
  187. data/src/core/lib/debug/histogram_view.h +2 -2
  188. data/src/core/lib/debug/stats.cc +2 -2
  189. data/src/core/lib/debug/stats.h +2 -2
  190. data/src/core/lib/debug/stats_data.cc +2 -2
  191. data/src/core/lib/debug/stats_data.h +2 -2
  192. data/src/core/lib/debug/trace.cc +1 -2
  193. data/src/core/lib/debug/trace.h +2 -2
  194. data/src/core/lib/event_engine/ares_resolver.cc +18 -19
  195. data/src/core/lib/event_engine/ares_resolver.h +2 -2
  196. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +3 -1
  197. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +3 -3
  198. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +2 -1
  199. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.h +2 -1
  200. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +1 -2
  201. data/src/core/lib/event_engine/channel_args_endpoint_config.h +1 -2
  202. data/src/core/lib/event_engine/common_closures.h +1 -2
  203. data/src/core/lib/event_engine/default_event_engine.cc +1 -2
  204. data/src/core/lib/event_engine/default_event_engine.h +1 -2
  205. data/src/core/lib/event_engine/default_event_engine_factory.cc +1 -2
  206. data/src/core/lib/event_engine/default_event_engine_factory.h +1 -2
  207. data/src/core/lib/event_engine/event_engine.cc +1 -2
  208. data/src/core/lib/event_engine/event_engine_context.h +1 -2
  209. data/src/core/lib/event_engine/extensions/can_track_errors.h +2 -2
  210. data/src/core/lib/event_engine/extensions/chaotic_good_extension.h +2 -2
  211. data/src/core/lib/event_engine/extensions/supports_fd.h +1 -2
  212. data/src/core/lib/event_engine/forkable.cc +7 -6
  213. data/src/core/lib/event_engine/forkable.h +1 -2
  214. data/src/core/lib/event_engine/grpc_polled_fd.h +1 -2
  215. data/src/core/lib/event_engine/handle_containers.h +1 -2
  216. data/src/core/lib/event_engine/memory_allocator_factory.h +1 -2
  217. data/src/core/lib/event_engine/poller.h +1 -2
  218. data/src/core/lib/event_engine/posix.h +1 -2
  219. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +8 -8
  220. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +1 -2
  221. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +11 -11
  222. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +1 -2
  223. data/src/core/lib/event_engine/posix_engine/event_poller.h +1 -2
  224. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +2 -2
  225. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +2 -2
  226. data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +1 -2
  227. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +1 -2
  228. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +2 -2
  229. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +3 -3
  230. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +2 -2
  231. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +2 -2
  232. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +24 -25
  233. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +11 -11
  234. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +10 -10
  235. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -2
  236. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +1 -2
  237. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +3 -2
  238. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +1 -2
  239. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +6 -6
  240. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +1 -2
  241. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +3 -3
  242. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +3 -3
  243. data/src/core/lib/event_engine/posix_engine/timer.cc +1 -2
  244. data/src/core/lib/event_engine/posix_engine/timer.h +1 -2
  245. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +2 -2
  246. data/src/core/lib/event_engine/posix_engine/timer_heap.h +2 -2
  247. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +5 -5
  248. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -2
  249. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +1 -2
  250. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +1 -2
  251. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +2 -2
  252. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +2 -2
  253. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +2 -2
  254. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +2 -2
  255. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +2 -2
  256. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +2 -2
  257. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +2 -2
  258. data/src/core/lib/event_engine/query_extensions.h +3 -2
  259. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +1 -2
  260. data/src/core/lib/event_engine/resolved_address.cc +5 -4
  261. data/src/core/lib/event_engine/resolved_address_internal.h +1 -2
  262. data/src/core/lib/event_engine/shim.cc +2 -2
  263. data/src/core/lib/event_engine/slice.cc +4 -3
  264. data/src/core/lib/event_engine/slice_buffer.cc +1 -2
  265. data/src/core/lib/event_engine/tcp_socket_utils.cc +12 -8
  266. data/src/core/lib/event_engine/tcp_socket_utils.h +1 -2
  267. data/src/core/lib/event_engine/thread_local.cc +2 -2
  268. data/src/core/lib/event_engine/thread_pool/thread_count.cc +1 -2
  269. data/src/core/lib/event_engine/thread_pool/thread_count.h +1 -2
  270. data/src/core/lib/event_engine/thread_pool/thread_pool.h +1 -2
  271. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +2 -2
  272. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +8 -8
  273. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +1 -2
  274. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +2 -2
  275. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +1 -2
  276. data/src/core/lib/event_engine/time_util.cc +1 -2
  277. data/src/core/lib/event_engine/time_util.h +1 -2
  278. data/src/core/lib/event_engine/trace.cc +2 -2
  279. data/src/core/lib/event_engine/trace.h +1 -2
  280. data/src/core/lib/event_engine/utils.cc +1 -2
  281. data/src/core/lib/event_engine/utils.h +1 -2
  282. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +31 -30
  283. data/src/core/lib/event_engine/windows/iocp.cc +10 -8
  284. data/src/core/lib/event_engine/windows/win_socket.cc +7 -5
  285. data/src/core/lib/event_engine/windows/windows_endpoint.cc +13 -12
  286. data/src/core/lib/event_engine/windows/windows_engine.cc +7 -6
  287. data/src/core/lib/event_engine/windows/windows_listener.cc +7 -6
  288. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +2 -2
  289. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +1 -2
  290. data/src/core/lib/event_engine/work_queue/work_queue.h +1 -2
  291. data/src/core/lib/experiments/config.cc +5 -5
  292. data/src/core/lib/experiments/config.h +2 -2
  293. data/src/core/lib/experiments/experiments.cc +23 -8
  294. data/src/core/lib/experiments/experiments.h +23 -6
  295. data/src/core/lib/gpr/alloc.cc +3 -1
  296. data/src/core/lib/gpr/posix/sync.cc +25 -23
  297. data/src/core/lib/gpr/posix/time.cc +9 -6
  298. data/src/core/lib/gpr/posix/tmpfile.cc +3 -1
  299. data/src/core/lib/gpr/sync.cc +5 -3
  300. data/src/core/lib/gpr/time.cc +10 -8
  301. data/src/core/lib/gpr/windows/sync.cc +3 -1
  302. data/src/core/lib/gpr/windows/time.cc +4 -1
  303. data/src/core/lib/gprpp/atomic_utils.h +2 -2
  304. data/src/core/lib/gprpp/bitset.h +2 -2
  305. data/src/core/lib/gprpp/chunked_vector.h +6 -5
  306. data/src/core/lib/gprpp/construct_destruct.h +2 -2
  307. data/src/core/lib/gprpp/crash.cc +1 -2
  308. data/src/core/lib/gprpp/crash.h +2 -2
  309. data/src/core/lib/gprpp/debug_location.h +2 -2
  310. data/src/core/lib/gprpp/directory_reader.h +2 -2
  311. data/src/core/lib/gprpp/down_cast.h +3 -3
  312. data/src/core/lib/gprpp/dual_ref_counted.h +9 -8
  313. data/src/core/lib/gprpp/env.h +2 -2
  314. data/src/core/lib/gprpp/examine_stack.cc +2 -2
  315. data/src/core/lib/gprpp/examine_stack.h +2 -2
  316. data/src/core/lib/gprpp/fork.cc +1 -2
  317. data/src/core/lib/gprpp/fork.h +2 -2
  318. data/src/core/lib/gprpp/host_port.cc +6 -4
  319. data/src/core/lib/gprpp/host_port.h +2 -2
  320. data/src/core/lib/gprpp/linux/env.cc +2 -2
  321. data/src/core/lib/gprpp/load_file.cc +1 -2
  322. data/src/core/lib/gprpp/load_file.h +2 -2
  323. data/src/core/lib/gprpp/manual_constructor.h +2 -2
  324. data/src/core/lib/gprpp/match.h +2 -2
  325. data/src/core/lib/gprpp/memory.h +1 -2
  326. data/src/core/lib/gprpp/mpscq.cc +2 -2
  327. data/src/core/lib/gprpp/mpscq.h +5 -4
  328. data/src/core/lib/gprpp/no_destruct.h +2 -2
  329. data/src/core/lib/gprpp/notification.h +2 -2
  330. data/src/core/lib/gprpp/orphanable.h +2 -2
  331. data/src/core/lib/gprpp/overload.h +2 -2
  332. data/src/core/lib/gprpp/per_cpu.cc +1 -2
  333. data/src/core/lib/gprpp/per_cpu.h +1 -2
  334. data/src/core/lib/gprpp/posix/directory_reader.cc +2 -2
  335. data/src/core/lib/gprpp/posix/stat.cc +6 -4
  336. data/src/core/lib/gprpp/posix/thd.cc +10 -10
  337. data/src/core/lib/gprpp/ref_counted.h +5 -4
  338. data/src/core/lib/gprpp/ref_counted_ptr.h +2 -2
  339. data/src/core/lib/gprpp/ref_counted_string.cc +1 -2
  340. data/src/core/lib/gprpp/ref_counted_string.h +2 -2
  341. data/src/core/lib/gprpp/single_set_ptr.h +4 -3
  342. data/src/core/lib/gprpp/sorted_pack.h +2 -2
  343. data/src/core/lib/gprpp/stat.h +2 -2
  344. data/src/core/lib/gprpp/status_helper.cc +3 -3
  345. data/src/core/lib/gprpp/status_helper.h +2 -2
  346. data/src/core/lib/gprpp/strerror.cc +2 -2
  347. data/src/core/lib/gprpp/strerror.h +2 -2
  348. data/src/core/lib/gprpp/sync.h +5 -5
  349. data/src/core/lib/gprpp/table.h +2 -2
  350. data/src/core/lib/gprpp/tchar.cc +2 -2
  351. data/src/core/lib/gprpp/thd.h +7 -7
  352. data/src/core/lib/gprpp/time.cc +6 -6
  353. data/src/core/lib/gprpp/time.h +1 -2
  354. data/src/core/lib/gprpp/time_averaged_stats.cc +2 -2
  355. data/src/core/lib/gprpp/time_util.cc +5 -4
  356. data/src/core/lib/gprpp/time_util.h +1 -2
  357. data/src/core/lib/gprpp/unique_type_name.h +2 -2
  358. data/src/core/lib/gprpp/uuid_v4.cc +2 -2
  359. data/src/core/lib/gprpp/uuid_v4.h +2 -2
  360. data/src/core/lib/gprpp/validation_errors.cc +2 -2
  361. data/src/core/lib/gprpp/validation_errors.h +2 -2
  362. data/src/core/lib/gprpp/windows/stat.cc +4 -2
  363. data/src/core/lib/gprpp/windows/thd.cc +4 -2
  364. data/src/core/lib/gprpp/work_serializer.cc +5 -5
  365. data/src/core/lib/gprpp/work_serializer.h +1 -2
  366. data/src/core/lib/http/format_request.cc +1 -2
  367. data/src/core/lib/http/format_request.h +1 -2
  368. data/src/core/lib/http/httpcli.cc +6 -6
  369. data/src/core/lib/http/httpcli.h +2 -3
  370. data/src/core/lib/http/httpcli_security_connector.cc +4 -4
  371. data/src/core/lib/http/httpcli_ssl_credentials.h +1 -2
  372. data/src/core/lib/http/parser.cc +5 -5
  373. data/src/core/lib/http/parser.h +1 -2
  374. data/src/core/lib/iomgr/buffer_list.cc +1 -2
  375. data/src/core/lib/iomgr/buffer_list.h +1 -2
  376. data/src/core/lib/iomgr/call_combiner.cc +5 -4
  377. data/src/core/lib/iomgr/call_combiner.h +1 -2
  378. data/src/core/lib/iomgr/closure.cc +2 -2
  379. data/src/core/lib/iomgr/closure.h +4 -3
  380. data/src/core/lib/iomgr/combiner.cc +7 -6
  381. data/src/core/lib/iomgr/combiner.h +1 -2
  382. data/src/core/lib/iomgr/endpoint.cc +2 -2
  383. data/src/core/lib/iomgr/endpoint.h +1 -2
  384. data/src/core/lib/iomgr/endpoint_cfstream.cc +7 -5
  385. data/src/core/lib/iomgr/endpoint_pair_posix.cc +5 -4
  386. data/src/core/lib/iomgr/endpoint_pair_windows.cc +11 -10
  387. data/src/core/lib/iomgr/error.cc +3 -3
  388. data/src/core/lib/iomgr/error.h +3 -3
  389. data/src/core/lib/iomgr/ev_epoll1_linux.cc +14 -13
  390. data/src/core/lib/iomgr/ev_poll_posix.cc +9 -9
  391. data/src/core/lib/iomgr/ev_posix.cc +1 -2
  392. data/src/core/lib/iomgr/ev_posix.h +2 -2
  393. data/src/core/lib/iomgr/event_engine_shims/closure.cc +1 -2
  394. data/src/core/lib/iomgr/event_engine_shims/closure.h +1 -2
  395. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +3 -3
  396. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +1 -2
  397. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +1 -2
  398. data/src/core/lib/iomgr/event_engine_shims/tcp_client.h +1 -2
  399. data/src/core/lib/iomgr/exec_ctx.cc +5 -5
  400. data/src/core/lib/iomgr/exec_ctx.h +6 -4
  401. data/src/core/lib/iomgr/executor.cc +7 -8
  402. data/src/core/lib/iomgr/grpc_if_nametoindex.h +2 -2
  403. data/src/core/lib/iomgr/internal_errqueue.cc +1 -2
  404. data/src/core/lib/iomgr/iocp_windows.cc +9 -6
  405. data/src/core/lib/iomgr/iocp_windows.h +0 -1
  406. data/src/core/lib/iomgr/iomgr.cc +1 -2
  407. data/src/core/lib/iomgr/iomgr.h +2 -2
  408. data/src/core/lib/iomgr/iomgr_internal.cc +2 -2
  409. data/src/core/lib/iomgr/iomgr_internal.h +2 -2
  410. data/src/core/lib/iomgr/iomgr_windows.cc +4 -2
  411. data/src/core/lib/iomgr/lockfree_event.cc +4 -3
  412. data/src/core/lib/iomgr/lockfree_event.h +1 -2
  413. data/src/core/lib/iomgr/polling_entity.cc +5 -5
  414. data/src/core/lib/iomgr/pollset.cc +2 -2
  415. data/src/core/lib/iomgr/pollset.h +0 -1
  416. data/src/core/lib/iomgr/pollset_set.cc +2 -2
  417. data/src/core/lib/iomgr/pollset_set_windows.cc +2 -2
  418. data/src/core/lib/iomgr/pollset_windows.h +0 -1
  419. data/src/core/lib/iomgr/python_util.h +1 -2
  420. data/src/core/lib/iomgr/resolve_address.cc +1 -2
  421. data/src/core/lib/iomgr/resolve_address.h +1 -2
  422. data/src/core/lib/iomgr/resolve_address_impl.h +2 -2
  423. data/src/core/lib/iomgr/resolve_address_posix.h +2 -2
  424. data/src/core/lib/iomgr/resolve_address_windows.h +2 -2
  425. data/src/core/lib/iomgr/resolved_address.h +2 -2
  426. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +3 -1
  427. data/src/core/lib/iomgr/socket_factory_posix.h +1 -2
  428. data/src/core/lib/iomgr/socket_mutator.cc +1 -2
  429. data/src/core/lib/iomgr/socket_mutator.h +1 -2
  430. data/src/core/lib/iomgr/socket_utils.h +2 -2
  431. data/src/core/lib/iomgr/socket_utils_common_posix.cc +3 -1
  432. data/src/core/lib/iomgr/socket_utils_posix.cc +2 -2
  433. data/src/core/lib/iomgr/socket_utils_posix.h +1 -2
  434. data/src/core/lib/iomgr/socket_windows.cc +4 -3
  435. data/src/core/lib/iomgr/tcp_client.cc +2 -2
  436. data/src/core/lib/iomgr/tcp_client.h +1 -2
  437. data/src/core/lib/iomgr/tcp_client_posix.cc +5 -4
  438. data/src/core/lib/iomgr/tcp_client_windows.cc +7 -5
  439. data/src/core/lib/iomgr/tcp_posix.cc +42 -41
  440. data/src/core/lib/iomgr/tcp_server.cc +2 -2
  441. data/src/core/lib/iomgr/tcp_server.h +1 -2
  442. data/src/core/lib/iomgr/tcp_server_posix.cc +23 -23
  443. data/src/core/lib/iomgr/tcp_server_utils_posix.h +2 -2
  444. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +6 -6
  445. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +2 -1
  446. data/src/core/lib/iomgr/tcp_server_windows.cc +15 -14
  447. data/src/core/lib/iomgr/tcp_windows.cc +8 -6
  448. data/src/core/lib/iomgr/timer.cc +2 -2
  449. data/src/core/lib/iomgr/timer.h +1 -2
  450. data/src/core/lib/iomgr/timer_generic.cc +3 -3
  451. data/src/core/lib/iomgr/timer_generic.h +0 -1
  452. data/src/core/lib/iomgr/timer_heap.cc +1 -2
  453. data/src/core/lib/iomgr/timer_manager.cc +4 -3
  454. data/src/core/lib/iomgr/timer_manager.h +2 -2
  455. data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -1
  456. data/src/core/lib/iomgr/unix_sockets_posix.h +1 -2
  457. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +3 -1
  458. data/src/core/lib/iomgr/vsock.cc +2 -2
  459. data/src/core/lib/iomgr/vsock.h +1 -2
  460. data/src/core/lib/json/json.h +1 -2
  461. data/src/core/lib/json/json_args.h +2 -2
  462. data/src/core/lib/json/json_channel_args.h +2 -2
  463. data/src/core/lib/json/json_object_loader.cc +1 -2
  464. data/src/core/lib/json/json_object_loader.h +2 -2
  465. data/src/core/lib/json/json_reader.cc +4 -4
  466. data/src/core/lib/json/json_reader.h +2 -2
  467. data/src/core/lib/json/json_util.cc +2 -2
  468. data/src/core/lib/json/json_util.h +2 -2
  469. data/src/core/lib/json/json_writer.cc +2 -2
  470. data/src/core/lib/json/json_writer.h +2 -2
  471. data/src/core/lib/matchers/matchers.cc +2 -2
  472. data/src/core/lib/matchers/matchers.h +2 -2
  473. data/src/core/lib/promise/activity.cc +4 -3
  474. data/src/core/lib/promise/activity.h +7 -7
  475. data/src/core/lib/promise/all_ok.h +2 -2
  476. data/src/core/lib/promise/arena_promise.h +2 -2
  477. data/src/core/lib/promise/context.h +3 -3
  478. data/src/core/lib/promise/detail/join_state.h +11 -10
  479. data/src/core/lib/promise/detail/promise_factory.h +2 -2
  480. data/src/core/lib/promise/detail/promise_like.h +2 -2
  481. data/src/core/lib/promise/detail/seq_state.h +194 -194
  482. data/src/core/lib/promise/detail/status.h +4 -3
  483. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +2 -2
  484. data/src/core/lib/promise/for_each.h +88 -27
  485. data/src/core/lib/promise/if.h +2 -2
  486. data/src/core/lib/promise/interceptor_list.h +3 -3
  487. data/src/core/lib/promise/latch.h +8 -8
  488. data/src/core/lib/promise/loop.h +2 -2
  489. data/src/core/lib/promise/map.h +2 -2
  490. data/src/core/lib/promise/party.cc +14 -14
  491. data/src/core/lib/promise/party.h +9 -9
  492. data/src/core/lib/promise/pipe.h +15 -15
  493. data/src/core/lib/promise/poll.h +6 -5
  494. data/src/core/lib/promise/prioritized_race.h +2 -2
  495. data/src/core/lib/promise/promise.h +2 -2
  496. data/src/core/lib/promise/race.h +2 -2
  497. data/src/core/lib/promise/seq.h +2 -2
  498. data/src/core/lib/promise/sleep.cc +1 -2
  499. data/src/core/lib/promise/sleep.h +1 -2
  500. data/src/core/lib/promise/status_flag.h +8 -8
  501. data/src/core/lib/promise/trace.cc +2 -2
  502. data/src/core/lib/promise/try_join.h +4 -3
  503. data/src/core/lib/promise/try_seq.h +4 -3
  504. data/src/core/lib/resource_quota/api.cc +1 -2
  505. data/src/core/lib/resource_quota/api.h +1 -2
  506. data/src/core/lib/resource_quota/arena.cc +1 -2
  507. data/src/core/lib/resource_quota/arena.h +1 -2
  508. data/src/core/lib/resource_quota/connection_quota.cc +8 -9
  509. data/src/core/lib/resource_quota/connection_quota.h +2 -2
  510. data/src/core/lib/resource_quota/memory_quota.cc +11 -11
  511. data/src/core/lib/resource_quota/memory_quota.h +4 -4
  512. data/src/core/lib/resource_quota/periodic_update.cc +2 -2
  513. data/src/core/lib/resource_quota/periodic_update.h +2 -2
  514. data/src/core/lib/resource_quota/resource_quota.cc +2 -2
  515. data/src/core/lib/resource_quota/resource_quota.h +1 -2
  516. data/src/core/lib/resource_quota/thread_quota.cc +4 -3
  517. data/src/core/lib/resource_quota/thread_quota.h +2 -2
  518. data/src/core/lib/resource_quota/trace.cc +2 -2
  519. data/src/core/lib/security/authorization/audit_logging.cc +6 -6
  520. data/src/core/lib/security/authorization/audit_logging.h +1 -2
  521. data/src/core/lib/security/authorization/authorization_engine.h +2 -2
  522. data/src/core/lib/security/authorization/authorization_policy_provider.h +1 -2
  523. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +1 -2
  524. data/src/core/lib/security/authorization/evaluate_args.cc +2 -3
  525. data/src/core/lib/security/authorization/evaluate_args.h +1 -2
  526. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +4 -3
  527. data/src/core/lib/security/authorization/grpc_authorization_engine.h +1 -2
  528. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -5
  529. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +7 -8
  530. data/src/core/lib/security/authorization/matchers.cc +1 -2
  531. data/src/core/lib/security/authorization/matchers.h +2 -2
  532. data/src/core/lib/security/authorization/rbac_policy.cc +2 -2
  533. data/src/core/lib/security/authorization/rbac_policy.h +1 -2
  534. data/src/core/lib/security/authorization/stdout_logger.cc +4 -3
  535. data/src/core/lib/security/authorization/stdout_logger.h +1 -2
  536. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +2 -2
  537. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +4 -3
  538. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +2 -2
  539. data/src/core/lib/security/context/security_context.cc +5 -3
  540. data/src/core/lib/security/context/security_context.h +2 -2
  541. data/src/core/lib/security/credentials/alts/alts_credentials.cc +1 -2
  542. data/src/core/lib/security/credentials/alts/alts_credentials.h +2 -2
  543. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -2
  544. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +1 -2
  545. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +1 -2
  546. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +2 -2
  547. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -2
  548. data/src/core/lib/security/credentials/call_creds_util.cc +1 -2
  549. data/src/core/lib/security/credentials/call_creds_util.h +2 -2
  550. data/src/core/lib/security/credentials/channel_creds_registry.h +2 -2
  551. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +2 -2
  552. data/src/core/lib/security/credentials/composite/composite_credentials.cc +9 -8
  553. data/src/core/lib/security/credentials/composite/composite_credentials.h +2 -2
  554. data/src/core/lib/security/credentials/credentials.cc +4 -3
  555. data/src/core/lib/security/credentials/credentials.h +5 -4
  556. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +5 -4
  557. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +2 -2
  558. data/src/core/lib/security/credentials/external/aws_request_signer.cc +2 -2
  559. data/src/core/lib/security/credentials/external/aws_request_signer.h +2 -2
  560. data/src/core/lib/security/credentials/external/external_account_credentials.cc +7 -6
  561. data/src/core/lib/security/credentials/external/external_account_credentials.h +2 -2
  562. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -2
  563. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +2 -2
  564. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +4 -3
  565. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +2 -2
  566. data/src/core/lib/security/credentials/fake/fake_credentials.cc +2 -2
  567. data/src/core/lib/security/credentials/fake/fake_credentials.h +2 -2
  568. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +1 -2
  569. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +8 -7
  570. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +2 -2
  571. data/src/core/lib/security/credentials/iam/iam_credentials.cc +5 -5
  572. data/src/core/lib/security/credentials/iam/iam_credentials.h +2 -2
  573. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
  574. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +2 -2
  575. data/src/core/lib/security/credentials/jwt/json_token.cc +5 -4
  576. data/src/core/lib/security/credentials/jwt/json_token.h +1 -2
  577. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -3
  578. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +2 -2
  579. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +15 -15
  580. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +1 -2
  581. data/src/core/lib/security/credentials/local/local_credentials.cc +1 -2
  582. data/src/core/lib/security/credentials/local/local_credentials.h +2 -2
  583. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -8
  584. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +2 -2
  585. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +3 -3
  586. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +2 -2
  587. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +13 -13
  588. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +5 -3
  589. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +26 -25
  590. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +2 -2
  591. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_match.cc +2 -2
  592. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +7 -6
  593. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +3 -3
  594. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +3 -3
  595. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +4 -3
  596. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +19 -18
  597. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +1 -0
  598. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +2 -2
  599. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +1 -2
  600. data/src/core/lib/security/credentials/tls/tls_credentials.cc +1 -2
  601. data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
  602. data/src/core/lib/security/credentials/tls/tls_utils.cc +1 -2
  603. data/src/core/lib/security/credentials/tls/tls_utils.h +1 -2
  604. data/src/core/lib/security/credentials/xds/xds_credentials.cc +7 -7
  605. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  606. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +14 -14
  607. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +2 -2
  608. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +5 -5
  609. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +2 -2
  610. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +6 -5
  611. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +3 -3
  612. data/src/core/lib/security/security_connector/load_system_roots.h +1 -2
  613. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +2 -2
  614. data/src/core/lib/security/security_connector/load_system_roots_supported.h +1 -2
  615. data/src/core/lib/security/security_connector/local/local_security_connector.cc +11 -11
  616. data/src/core/lib/security/security_connector/local/local_security_connector.h +2 -2
  617. data/src/core/lib/security/security_connector/security_connector.cc +7 -6
  618. data/src/core/lib/security/security_connector/security_connector.h +3 -3
  619. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +6 -6
  620. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +2 -2
  621. data/src/core/lib/security/security_connector/ssl_utils.cc +10 -9
  622. data/src/core/lib/security/security_connector/ssl_utils.h +1 -2
  623. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +13 -13
  624. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +3 -3
  625. data/src/core/lib/security/transport/auth_filters.h +13 -13
  626. data/src/core/lib/security/transport/client_auth_filter.cc +6 -5
  627. data/src/core/lib/security/transport/server_auth_filter.cc +7 -5
  628. data/src/core/lib/security/util/json_util.cc +1 -2
  629. data/src/core/lib/slice/percent_encoding.cc +4 -3
  630. data/src/core/lib/slice/slice.cc +11 -10
  631. data/src/core/lib/slice/slice.h +4 -4
  632. data/src/core/lib/slice/slice_buffer.cc +15 -14
  633. data/src/core/lib/slice/slice_buffer.h +1 -2
  634. data/src/core/lib/slice/slice_internal.h +3 -3
  635. data/src/core/lib/slice/slice_refcount.cc +2 -2
  636. data/src/core/lib/slice/slice_refcount.h +1 -2
  637. data/src/core/lib/slice/slice_string_helpers.cc +2 -2
  638. data/src/core/lib/slice/slice_string_helpers.h +1 -2
  639. data/src/core/lib/surface/api_trace.cc +2 -2
  640. data/src/core/lib/surface/api_trace.h +1 -2
  641. data/src/core/lib/surface/byte_buffer.cc +1 -2
  642. data/src/core/lib/surface/byte_buffer_reader.cc +4 -3
  643. data/src/core/lib/surface/call.cc +168 -290
  644. data/src/core/lib/surface/call.h +180 -10
  645. data/src/core/lib/surface/call_details.cc +1 -2
  646. data/src/core/lib/surface/call_log_batch.cc +1 -2
  647. data/src/core/lib/surface/call_test_only.h +1 -2
  648. data/src/core/lib/surface/channel.cc +9 -8
  649. data/src/core/lib/surface/channel.h +2 -3
  650. data/src/core/lib/surface/channel_create.cc +4 -3
  651. data/src/core/lib/surface/channel_create.h +2 -2
  652. data/src/core/lib/surface/channel_init.cc +6 -6
  653. data/src/core/lib/surface/channel_init.h +13 -8
  654. data/src/core/lib/surface/channel_stack_type.cc +2 -2
  655. data/src/core/lib/surface/completion_queue.cc +17 -18
  656. data/src/core/lib/surface/completion_queue.h +1 -2
  657. data/src/core/lib/surface/completion_queue_factory.cc +9 -8
  658. data/src/core/lib/surface/completion_queue_factory.h +1 -2
  659. data/src/core/lib/surface/event_string.cc +2 -2
  660. data/src/core/lib/surface/event_string.h +1 -2
  661. data/src/core/lib/surface/init.cc +1 -2
  662. data/src/core/lib/surface/init_internally.cc +2 -2
  663. data/src/core/lib/surface/lame_client.cc +9 -12
  664. data/src/core/lib/surface/lame_client.h +6 -11
  665. data/src/core/lib/surface/legacy_channel.cc +9 -9
  666. data/src/core/lib/surface/legacy_channel.h +2 -3
  667. data/src/core/lib/surface/metadata_array.cc +1 -2
  668. data/src/core/lib/surface/validate_metadata.cc +1 -2
  669. data/src/core/lib/surface/validate_metadata.h +3 -3
  670. data/src/core/lib/surface/version.cc +3 -4
  671. data/src/core/lib/surface/wait_for_cq_end_op.cc +2 -2
  672. data/src/core/lib/transport/batch_builder.cc +7 -5
  673. data/src/core/lib/transport/batch_builder.h +4 -6
  674. data/src/core/lib/transport/bdp_estimator.cc +5 -3
  675. data/src/core/lib/transport/bdp_estimator.h +4 -4
  676. data/src/core/lib/transport/{call_size_estimator.cc → call_arena_allocator.cc} +3 -3
  677. data/src/core/lib/transport/{call_size_estimator.h → call_arena_allocator.h} +26 -5
  678. data/src/core/lib/transport/call_filters.cc +28 -13
  679. data/src/core/lib/transport/call_filters.h +123 -73
  680. data/src/core/lib/transport/call_final_info.cc +2 -2
  681. data/src/core/lib/transport/call_final_info.h +1 -2
  682. data/src/core/lib/transport/call_spine.cc +18 -19
  683. data/src/core/lib/transport/call_spine.h +387 -189
  684. data/src/core/lib/transport/connectivity_state.cc +1 -2
  685. data/src/core/lib/transport/connectivity_state.h +1 -2
  686. data/src/core/lib/transport/error_utils.cc +1 -2
  687. data/src/core/lib/transport/error_utils.h +1 -2
  688. data/src/core/lib/transport/message.cc +1 -2
  689. data/src/core/lib/transport/metadata.cc +2 -2
  690. data/src/core/lib/transport/metadata_batch.cc +2 -2
  691. data/src/core/lib/transport/metadata_batch.h +33 -4
  692. data/src/core/lib/transport/metadata_compression_traits.h +2 -2
  693. data/src/core/lib/transport/metadata_info.cc +2 -2
  694. data/src/core/lib/transport/parsed_metadata.cc +2 -2
  695. data/src/core/lib/transport/parsed_metadata.h +1 -2
  696. data/src/core/lib/transport/simple_slice_based_metadata.h +2 -2
  697. data/src/core/lib/transport/status_conversion.cc +2 -2
  698. data/src/core/lib/transport/status_conversion.h +1 -2
  699. data/src/core/lib/transport/timeout_encoding.cc +5 -5
  700. data/src/core/lib/transport/timeout_encoding.h +2 -2
  701. data/src/core/lib/transport/transport.cc +1 -2
  702. data/src/core/lib/transport/transport.h +41 -38
  703. data/src/core/lib/transport/transport_op_string.cc +1 -2
  704. data/src/core/lib/uri/uri_parser.cc +3 -3
  705. data/src/core/lib/uri/uri_parser.h +2 -2
  706. data/src/core/load_balancing/address_filtering.cc +2 -2
  707. data/src/core/load_balancing/address_filtering.h +2 -2
  708. data/src/core/load_balancing/backend_metric_data.h +2 -2
  709. data/src/core/load_balancing/backend_metric_parser.cc +2 -2
  710. data/src/core/load_balancing/backend_metric_parser.h +2 -2
  711. data/src/core/load_balancing/child_policy_handler.cc +6 -6
  712. data/src/core/load_balancing/child_policy_handler.h +2 -2
  713. data/src/core/load_balancing/delegating_helper.h +2 -3
  714. data/src/core/load_balancing/endpoint_list.cc +6 -8
  715. data/src/core/load_balancing/endpoint_list.h +15 -9
  716. data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +28 -30
  717. data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +19 -8
  718. data/src/core/load_balancing/grpclb/grpclb.cc +26 -26
  719. data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.cc +2 -2
  720. data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.h +1 -2
  721. data/src/core/load_balancing/grpclb/grpclb_client_stats.cc +1 -2
  722. data/src/core/load_balancing/grpclb/grpclb_client_stats.h +1 -2
  723. data/src/core/load_balancing/grpclb/load_balancer_api.cc +1 -2
  724. data/src/core/load_balancing/grpclb/load_balancer_api.h +2 -3
  725. data/src/core/load_balancing/health_check_client.cc +4 -5
  726. data/src/core/load_balancing/health_check_client.h +2 -2
  727. data/src/core/load_balancing/health_check_client_internal.h +1 -2
  728. data/src/core/load_balancing/lb_policy.cc +2 -2
  729. data/src/core/load_balancing/lb_policy.h +1 -2
  730. data/src/core/load_balancing/lb_policy_factory.h +2 -2
  731. data/src/core/load_balancing/lb_policy_registry.cc +3 -3
  732. data/src/core/load_balancing/lb_policy_registry.h +2 -2
  733. data/src/core/load_balancing/oob_backend_metric.cc +4 -5
  734. data/src/core/load_balancing/oob_backend_metric.h +2 -2
  735. data/src/core/load_balancing/oob_backend_metric_internal.h +1 -2
  736. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +3 -3
  737. data/src/core/load_balancing/outlier_detection/outlier_detection.h +2 -2
  738. data/src/core/load_balancing/pick_first/pick_first.cc +1107 -122
  739. data/src/core/load_balancing/priority/priority.cc +15 -10
  740. data/src/core/load_balancing/ring_hash/ring_hash.cc +34 -17
  741. data/src/core/load_balancing/ring_hash/ring_hash.h +2 -2
  742. data/src/core/load_balancing/rls/rls.cc +24 -17
  743. data/src/core/load_balancing/round_robin/round_robin.cc +26 -15
  744. data/src/core/load_balancing/subchannel_interface.h +1 -2
  745. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +4 -4
  746. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.h +2 -2
  747. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +25 -15
  748. data/src/core/load_balancing/weighted_target/weighted_target.cc +8 -8
  749. data/src/core/load_balancing/weighted_target/weighted_target.h +1 -1
  750. data/src/core/load_balancing/xds/cds.cc +11 -12
  751. data/src/core/load_balancing/xds/xds_cluster_impl.cc +12 -10
  752. data/src/core/load_balancing/xds/xds_cluster_manager.cc +2 -3
  753. data/src/core/load_balancing/xds/xds_override_host.cc +6 -6
  754. data/src/core/load_balancing/xds/xds_override_host.h +2 -2
  755. data/src/core/load_balancing/xds/xds_wrr_locality.cc +2 -3
  756. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -9
  757. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +1 -2
  758. data/src/core/resolver/binder/binder_resolver.cc +4 -4
  759. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +5 -6
  760. data/src/core/resolver/dns/c_ares/dns_resolver_ares.h +2 -2
  761. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver.h +3 -3
  762. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -3
  763. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +35 -34
  764. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +13 -13
  765. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -2
  766. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
  767. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  768. data/src/core/resolver/dns/dns_resolver_plugin.cc +4 -5
  769. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +5 -5
  770. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.h +3 -3
  771. data/src/core/resolver/dns/event_engine/service_config_helper.cc +2 -2
  772. data/src/core/resolver/dns/event_engine/service_config_helper.h +2 -2
  773. data/src/core/resolver/dns/native/dns_resolver.cc +3 -4
  774. data/src/core/resolver/endpoint_addresses.cc +4 -4
  775. data/src/core/resolver/endpoint_addresses.h +2 -2
  776. data/src/core/resolver/fake/fake_resolver.cc +4 -4
  777. data/src/core/resolver/fake/fake_resolver.h +1 -2
  778. data/src/core/resolver/google_c2p/google_c2p_resolver.cc +9 -9
  779. data/src/core/resolver/polling_resolver.cc +5 -5
  780. data/src/core/resolver/polling_resolver.h +1 -2
  781. data/src/core/resolver/resolver.cc +2 -2
  782. data/src/core/resolver/resolver.h +2 -2
  783. data/src/core/resolver/resolver_factory.h +3 -3
  784. data/src/core/resolver/resolver_registry.cc +5 -5
  785. data/src/core/resolver/resolver_registry.h +3 -3
  786. data/src/core/resolver/sockaddr/sockaddr_resolver.cc +2 -3
  787. data/src/core/resolver/xds/xds_dependency_manager.cc +5 -4
  788. data/src/core/resolver/xds/xds_dependency_manager.h +7 -7
  789. data/src/core/resolver/xds/xds_resolver.cc +19 -24
  790. data/src/core/resolver/xds/xds_resolver_attributes.h +2 -2
  791. data/src/core/resolver/xds/xds_resolver_trace.cc +2 -2
  792. data/src/core/{lib/surface → server}/server.cc +61 -59
  793. data/src/core/{lib/surface → server}/server.h +7 -8
  794. data/src/core/{lib/channel → server}/server_call_tracer_filter.cc +10 -7
  795. data/src/core/{lib/channel → server}/server_call_tracer_filter.h +3 -3
  796. data/src/core/{ext/filters/server_config_selector → server}/server_config_selector.h +5 -5
  797. data/src/core/{ext/filters/server_config_selector → server}/server_config_selector_filter.cc +36 -37
  798. data/src/core/{ext/filters/server_config_selector → server}/server_config_selector_filter.h +3 -3
  799. data/src/core/{lib/surface → server}/server_interface.h +4 -4
  800. data/src/core/{ext/xds → server}/xds_channel_stack_modifier.cc +3 -3
  801. data/src/core/{ext/xds → server}/xds_channel_stack_modifier.h +4 -5
  802. data/src/core/{ext/xds → server}/xds_server_config_fetcher.cc +23 -22
  803. data/src/core/service_config/service_config.h +1 -2
  804. data/src/core/service_config/service_config_call_data.h +2 -2
  805. data/src/core/service_config/service_config_channel_arg_filter.cc +6 -7
  806. data/src/core/service_config/service_config_impl.cc +2 -2
  807. data/src/core/service_config/service_config_impl.h +3 -3
  808. data/src/core/service_config/service_config_parser.cc +1 -2
  809. data/src/core/service_config/service_config_parser.h +2 -2
  810. data/src/core/tsi/alts/crypt/aes_gcm.cc +1 -2
  811. data/src/core/tsi/alts/crypt/gsec.cc +1 -2
  812. data/src/core/tsi/alts/crypt/gsec.h +1 -2
  813. data/src/core/tsi/alts/frame_protector/alts_counter.cc +1 -2
  814. data/src/core/tsi/alts/frame_protector/alts_counter.h +1 -2
  815. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +1 -2
  816. data/src/core/tsi/alts/frame_protector/alts_crypter.h +1 -2
  817. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -2
  818. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +2 -2
  819. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +1 -2
  820. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +1 -2
  821. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +1 -2
  822. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -2
  823. data/src/core/tsi/alts/frame_protector/frame_handler.cc +1 -2
  824. data/src/core/tsi/alts/frame_protector/frame_handler.h +2 -2
  825. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +38 -37
  826. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +1 -2
  827. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +5 -4
  828. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +1 -2
  829. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +22 -20
  830. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -2
  831. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +5 -4
  832. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +1 -2
  833. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -2
  834. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +1 -2
  835. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +5 -4
  836. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +2 -2
  837. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +1 -2
  838. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +2 -2
  839. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +1 -2
  840. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +9 -5
  841. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +1 -2
  842. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +2 -2
  843. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -4
  844. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +2 -2
  845. data/src/core/tsi/fake_transport_security.cc +6 -4
  846. data/src/core/tsi/local_transport_security.cc +1 -2
  847. data/src/core/tsi/local_transport_security.h +1 -2
  848. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +6 -5
  849. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +1 -2
  850. data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -2
  851. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +11 -10
  852. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +1 -2
  853. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +3 -4
  854. data/src/core/tsi/ssl_transport_security.cc +20 -19
  855. data/src/core/tsi/ssl_transport_security.h +1 -2
  856. data/src/core/tsi/ssl_transport_security_utils.cc +11 -10
  857. data/src/core/tsi/ssl_transport_security_utils.h +1 -2
  858. data/src/core/tsi/ssl_types.h +2 -2
  859. data/src/core/tsi/transport_security.cc +1 -2
  860. data/src/core/tsi/transport_security.h +2 -2
  861. data/src/core/tsi/transport_security_grpc.cc +2 -2
  862. data/src/core/tsi/transport_security_grpc.h +1 -2
  863. data/src/core/tsi/transport_security_interface.h +2 -2
  864. data/src/core/{ext/xds → xds/grpc}/certificate_provider_store.cc +2 -3
  865. data/src/core/{ext/xds → xds/grpc}/certificate_provider_store.h +4 -5
  866. data/src/core/{ext/xds → xds/grpc}/file_watcher_certificate_provider_factory.cc +2 -3
  867. data/src/core/{ext/xds → xds/grpc}/file_watcher_certificate_provider_factory.h +4 -5
  868. data/src/core/{ext/xds → xds/grpc}/upb_utils.h +5 -5
  869. data/src/core/{ext/xds → xds/grpc}/xds_audit_logger_registry.cc +4 -4
  870. data/src/core/{ext/xds → xds/grpc}/xds_audit_logger_registry.h +6 -6
  871. data/src/core/{ext/xds → xds/grpc}/xds_bootstrap_grpc.cc +2 -3
  872. data/src/core/{ext/xds → xds/grpc}/xds_bootstrap_grpc.h +11 -11
  873. data/src/core/{ext/xds → xds/grpc}/xds_certificate_provider.cc +5 -5
  874. data/src/core/{ext/xds → xds/grpc}/xds_certificate_provider.h +4 -5
  875. data/src/core/{ext/xds → xds/grpc}/xds_client_grpc.cc +25 -12
  876. data/src/core/{ext/xds → xds/grpc}/xds_client_grpc.h +8 -9
  877. data/src/core/{ext/xds → xds/grpc}/xds_cluster.cc +18 -9
  878. data/src/core/{ext/xds → xds/grpc}/xds_cluster.h +11 -12
  879. data/src/core/{ext/xds → xds/grpc}/xds_cluster_specifier_plugin.cc +4 -4
  880. data/src/core/{ext/xds → xds/grpc}/xds_cluster_specifier_plugin.h +6 -6
  881. data/src/core/{ext/xds → xds/grpc}/xds_common_types.cc +5 -6
  882. data/src/core/{ext/xds → xds/grpc}/xds_common_types.h +6 -6
  883. data/src/core/{ext/xds → xds/grpc}/xds_endpoint.cc +7 -7
  884. data/src/core/{ext/xds → xds/grpc}/xds_endpoint.h +9 -9
  885. data/src/core/{ext/xds → xds/grpc}/xds_health_status.cc +3 -3
  886. data/src/core/{ext/xds → xds/grpc}/xds_health_status.h +5 -5
  887. data/src/core/{ext/xds → xds/grpc}/xds_http_fault_filter.cc +4 -5
  888. data/src/core/{ext/xds → xds/grpc}/xds_http_fault_filter.h +8 -8
  889. data/src/core/{ext/xds → xds/grpc}/xds_http_filters.cc +8 -9
  890. data/src/core/{ext/xds → xds/grpc}/xds_http_filters.h +7 -7
  891. data/src/core/{ext/xds → xds/grpc}/xds_http_rbac_filter.cc +6 -7
  892. data/src/core/{ext/xds → xds/grpc}/xds_http_rbac_filter.h +8 -8
  893. data/src/core/{ext/xds → xds/grpc}/xds_http_stateful_session_filter.cc +5 -6
  894. data/src/core/{ext/xds → xds/grpc}/xds_http_stateful_session_filter.h +8 -8
  895. data/src/core/{ext/xds → xds/grpc}/xds_lb_policy_registry.cc +3 -4
  896. data/src/core/{ext/xds → xds/grpc}/xds_lb_policy_registry.h +6 -6
  897. data/src/core/{ext/xds → xds/grpc}/xds_listener.cc +8 -8
  898. data/src/core/{ext/xds → xds/grpc}/xds_listener.h +12 -12
  899. data/src/core/{ext/xds → xds/grpc}/xds_route_config.cc +16 -16
  900. data/src/core/{ext/xds → xds/grpc}/xds_route_config.h +11 -11
  901. data/src/core/{ext/xds → xds/grpc}/xds_routing.cc +6 -6
  902. data/src/core/{ext/xds → xds/grpc}/xds_routing.h +8 -8
  903. data/src/core/{ext/xds → xds/grpc}/xds_transport_grpc.cc +14 -14
  904. data/src/core/{ext/xds → xds/grpc}/xds_transport_grpc.h +6 -7
  905. data/src/core/{ext/xds → xds/xds_client}/xds_api.cc +4 -5
  906. data/src/core/{ext/xds → xds/xds_client}/xds_api.h +7 -7
  907. data/src/core/{ext/xds → xds/xds_client}/xds_bootstrap.cc +3 -3
  908. data/src/core/{ext/xds → xds/xds_client}/xds_bootstrap.h +5 -5
  909. data/src/core/{ext/xds → xds/xds_client}/xds_channel_args.h +3 -3
  910. data/src/core/{ext/xds → xds/xds_client}/xds_client.cc +21 -17
  911. data/src/core/{ext/xds → xds/xds_client}/xds_client.h +10 -11
  912. data/src/core/{ext/xds → xds/xds_client}/xds_client_stats.cc +3 -4
  913. data/src/core/{ext/xds → xds/xds_client}/xds_client_stats.h +6 -6
  914. data/src/core/{ext/xds → xds/xds_client}/xds_metrics.h +7 -5
  915. data/src/core/{ext/xds → xds/xds_client}/xds_resource_type.h +6 -6
  916. data/src/core/{ext/xds → xds/xds_client}/xds_resource_type_impl.h +7 -7
  917. data/src/core/{ext/xds → xds/xds_client}/xds_transport.h +6 -6
  918. data/src/ruby/ext/grpc/rb_call_credentials.c +1 -0
  919. data/src/ruby/ext/grpc/rb_call_credentials.h +1 -0
  920. data/src/ruby/ext/grpc/rb_channel.c +1 -0
  921. data/src/ruby/ext/grpc/rb_channel_credentials.c +1 -0
  922. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +130 -130
  923. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +196 -195
  924. data/src/ruby/ext/grpc/rb_server.c +1 -0
  925. data/src/ruby/ext/grpc/rb_server_credentials.c +1 -0
  926. data/src/ruby/ext/grpc/rb_server_credentials.h +1 -0
  927. data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +1 -0
  928. data/src/ruby/ext/grpc/rb_xds_server_credentials.c +1 -0
  929. data/src/ruby/ext/grpc/rb_xds_server_credentials.h +1 -0
  930. data/src/ruby/lib/grpc/version.rb +1 -1
  931. data/third_party/abseil-cpp/absl/log/check.h +209 -0
  932. data/third_party/abseil-cpp/absl/log/internal/check_impl.h +150 -0
  933. data/third_party/abseil-cpp/absl/log/internal/check_op.cc +118 -0
  934. data/third_party/abseil-cpp/absl/log/internal/check_op.h +420 -0
  935. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +1 -6
  936. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +25 -10
  937. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +0 -13
  938. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +3 -2
  939. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +1 -1
  940. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +19 -15
  941. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_des.c +48 -66
  942. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +7 -3
  943. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +20 -28
  944. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +9 -4
  945. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +2 -2
  946. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +7 -7
  947. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +1 -0
  948. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +26 -17
  949. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +3 -2
  950. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +81 -60
  951. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +41 -120
  952. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +13 -13
  953. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +7 -0
  954. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dh.c +137 -0
  955. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dh_asn1.c +120 -0
  956. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +30 -0
  957. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +3 -4
  958. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +30 -0
  959. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +1 -4
  960. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +30 -0
  961. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +1 -4
  962. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +6 -7
  963. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +1 -1
  964. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +3 -3
  965. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  966. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1 -1
  967. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +8 -5
  968. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +1 -1
  969. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -2
  970. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +14 -7
  971. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +2 -1
  972. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +0 -3
  973. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +11 -7
  974. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +5 -1
  975. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +2 -1
  976. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +11 -11
  977. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +22 -8
  978. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +3 -6
  979. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +73 -29
  980. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +4 -4
  981. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +3 -3
  982. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +4 -4
  983. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +7 -0
  984. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +2 -0
  985. data/third_party/boringssl-with-bazel/src/crypto/internal.h +33 -17
  986. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +1 -1
  987. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +1 -1
  988. data/third_party/boringssl-with-bazel/src/crypto/mem.c +18 -9
  989. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -17
  990. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +44 -41
  991. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +13 -12
  992. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +7 -6
  993. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +26 -33
  994. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +1 -1
  995. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +4 -1
  996. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  997. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_cpols.c +9 -4
  998. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_crld.c +2 -2
  999. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_info.c +1 -1
  1000. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_lib.c +2 -0
  1001. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +21 -25
  1002. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1 -8
  1003. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +2 -2
  1004. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -6
  1005. data/third_party/boringssl-with-bazel/{err_data.c → src/gen/crypto/err_data.c} +487 -485
  1006. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +9 -1
  1007. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +77 -36
  1008. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +12 -4
  1009. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -0
  1010. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +17 -1
  1011. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +10 -3
  1012. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +13 -0
  1013. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -14
  1014. data/third_party/boringssl-with-bazel/src/include/openssl/evp_errors.h +1 -0
  1015. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +15 -3
  1016. data/third_party/boringssl-with-bazel/src/{crypto/spx/internal.h → include/openssl/experimental/spx.h} +24 -13
  1017. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +2 -2
  1018. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +63 -53
  1019. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +19 -10
  1020. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +275 -69
  1021. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +10 -3
  1022. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +13 -10
  1023. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -2
  1024. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2957 -2456
  1025. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +5 -5
  1026. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +3 -9
  1027. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +43 -43
  1028. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +1 -1
  1029. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +17 -7
  1030. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +67 -15
  1031. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +143 -113
  1032. data/third_party/boringssl-with-bazel/src/ssl/internal.h +227 -167
  1033. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +1 -1
  1034. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  1035. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +59 -385
  1036. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +21 -19
  1037. data/third_party/boringssl-with-bazel/src/ssl/ssl_credential.cc +423 -0
  1038. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +2 -2
  1039. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +1 -1
  1040. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +70 -54
  1041. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +59 -75
  1042. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +6 -14
  1043. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +48 -116
  1044. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +19 -26
  1045. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +36 -3
  1046. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +53 -18
  1047. metadata +109 -108
  1048. data/src/core/client_channel/client_channel_channelz.cc +0 -93
  1049. data/src/core/client_channel/client_channel_channelz.h +0 -85
  1050. data/src/core/ext/filters/deadline/deadline_filter.cc +0 -407
  1051. data/src/core/ext/filters/deadline/deadline_filter.h +0 -85
  1052. data/src/core/lib/gpr/log_internal.h +0 -55
  1053. data/third_party/boringssl-with-bazel/src/include/openssl/pki/certificate.h +0 -83
  1054. data/third_party/boringssl-with-bazel/src/include/openssl/pki/signature_verify_cache.h +0 -41
  1055. /data/third_party/boringssl-with-bazel/src/include/openssl/{kyber.h → experimental/kyber.h} +0 -0
@@ -550,8 +550,8 @@ OPENSSL_EXPORT int SSL_get_error(const SSL *ssl, int ret_code);
550
550
  // a private key operation was unfinished. The caller may retry the operation
551
551
  // when the private key operation is complete.
552
552
  //
553
- // See also |SSL_set_private_key_method| and
554
- // |SSL_CTX_set_private_key_method|.
553
+ // See also |SSL_set_private_key_method|, |SSL_CTX_set_private_key_method|, and
554
+ // |SSL_CREDENTIAL_set_private_key_method|.
555
555
  #define SSL_ERROR_WANT_PRIVATE_KEY_OPERATION 13
556
556
 
557
557
  // SSL_ERROR_PENDING_TICKET indicates that a ticket decryption is pending. The
@@ -841,6 +841,142 @@ OPENSSL_EXPORT void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx,
841
841
  CRYPTO_BUFFER_POOL *pool);
842
842
 
843
843
 
844
+ // Credentials.
845
+ //
846
+ // TLS endpoints may present authentication during the handshake, usually using
847
+ // X.509 certificates. This is typically required for servers and optional for
848
+ // clients. BoringSSL uses the |SSL_CREDENTIAL| object to abstract between
849
+ // different kinds of credentials, as well as configure automatic selection
850
+ // between multiple credentials. This may be used to select between ECDSA and
851
+ // RSA certificates.
852
+ //
853
+ // |SSL_CTX| and |SSL| objects maintain lists of credentials in preference
854
+ // order. During the handshake, BoringSSL will select the first usable
855
+ // credential from the list. Non-credential APIs, such as
856
+ // |SSL_CTX_use_certificate|, configure a "default credential", which is
857
+ // appended to this list if configured.
858
+ //
859
+ // When selecting credentials, BoringSSL considers the credential's type, its
860
+ // cryptographic capabilities, and capabilities advertised by the peer. This
861
+ // varies between TLS versions but includes:
862
+ //
863
+ // - Whether the peer supports the leaf certificate key
864
+ // - Whether there is a common signature algorithm that is compatible with the
865
+ // credential
866
+ // - Whether there is a common cipher suite that is compatible with the
867
+ // credential
868
+ //
869
+ // WARNING: In TLS 1.2 and below, there is no mechanism for servers to advertise
870
+ // supported ECDSA curves to the client. BoringSSL clients will assume the
871
+ // server accepts all ECDSA curves in client certificates.
872
+ //
873
+ // By default, BoringSSL does not check the following, though we may add APIs
874
+ // in the future to enable them on a per-credential basis.
875
+ //
876
+ // - Whether the peer supports the signature algorithms in the certificate chain
877
+ // - Whether the a server certificate is compatible with the server_name
878
+ // extension (SNI)
879
+ // - Whether the peer supports the certificate authority that issued the
880
+ // certificate
881
+ //
882
+ // Credentials may be configured before the handshake or dynamically in the
883
+ // early callback (see |SSL_CTX_set_select_certificate_cb|) and certificate
884
+ // callback (see |SSL_CTX_set_cert_cb|). These callbacks allow applications to
885
+ // use BoringSSL's built-in selection logic in tandem with custom logic. For
886
+ // example, a callback could evaluate application-specific SNI rules to filter
887
+ // down to an ECDSA and RSA credential, then configure both for BoringSSL to
888
+ // select between the two.
889
+
890
+ // SSL_CREDENTIAL_new_x509 returns a new, empty X.509 credential, or NULL on
891
+ // error. Callers should release the result with |SSL_CREDENTIAL_free| when
892
+ // done.
893
+ //
894
+ // Callers should configure a certificate chain and private key on the
895
+ // credential, along with other properties, then add it with
896
+ // |SSL_CTX_add1_credential|.
897
+ OPENSSL_EXPORT SSL_CREDENTIAL *SSL_CREDENTIAL_new_x509(void);
898
+
899
+ // SSL_CREDENTIAL_up_ref increments the reference count of |cred|.
900
+ OPENSSL_EXPORT void SSL_CREDENTIAL_up_ref(SSL_CREDENTIAL *cred);
901
+
902
+ // SSL_CREDENTIAL_free decrements the reference count of |cred|. If it reaches
903
+ // zero, all data referenced by |cred| and |cred| itself are released.
904
+ OPENSSL_EXPORT void SSL_CREDENTIAL_free(SSL_CREDENTIAL *cred);
905
+
906
+ // SSL_CREDENTIAL_set1_private_key sets |cred|'s private key to |cred|. It
907
+ // returns one on success and zero on failure.
908
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_private_key(SSL_CREDENTIAL *cred,
909
+ EVP_PKEY *key);
910
+
911
+ // SSL_CREDENTIAL_set1_signing_algorithm_prefs configures |cred| to use |prefs|
912
+ // as the preference list when signing with |cred|'s private key. It returns one
913
+ // on success and zero on error. |prefs| should not include the internal-only
914
+ // value |SSL_SIGN_RSA_PKCS1_MD5_SHA1|.
915
+ //
916
+ // It is an error to call this function with delegated credentials (see
917
+ // |SSL_CREDENTIAL_new_delegated|) because delegated credentials already
918
+ // constrain the key to a single algorithm.
919
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_signing_algorithm_prefs(
920
+ SSL_CREDENTIAL *cred, const uint16_t *prefs, size_t num_prefs);
921
+
922
+ // SSL_CREDENTIAL_set1_cert_chain sets |cred|'s certificate chain, starting from
923
+ // the leaf, to |num_cert|s certificates from |certs|. It returns one on success
924
+ // and zero on error.
925
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_cert_chain(SSL_CREDENTIAL *cred,
926
+ CRYPTO_BUFFER *const *certs,
927
+ size_t num_certs);
928
+
929
+ // SSL_CREDENTIAL_set1_ocsp_response sets |cred|'s stapled OCSP response to
930
+ // |ocsp|. It returns one on success and zero on error.
931
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_ocsp_response(SSL_CREDENTIAL *cred,
932
+ CRYPTO_BUFFER *ocsp);
933
+
934
+ // SSL_CREDENTIAL_set1_signed_cert_timestamp_list sets |cred|'s list of signed
935
+ // certificate timestamps |sct_list|. |sct_list| must contain one or more SCT
936
+ // structures serialised as a SignedCertificateTimestampList (see
937
+ // https://tools.ietf.org/html/rfc6962#section-3.3) – i.e. each SCT is prefixed
938
+ // by a big-endian, uint16 length and the concatenation of one or more such
939
+ // prefixed SCTs are themselves also prefixed by a uint16 length. It returns one
940
+ // on success and zero on error.
941
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_signed_cert_timestamp_list(
942
+ SSL_CREDENTIAL *cred, CRYPTO_BUFFER *sct_list);
943
+
944
+ // SSL_CTX_add1_credential appends |cred| to |ctx|'s credential list. It returns
945
+ // one on success and zero on error. The credential list is maintained in order
946
+ // of decreasing preference, so earlier calls are preferred over later calls.
947
+ //
948
+ // After calling this function, it is an error to modify |cred|. Doing so may
949
+ // result in inconsistent handshake behavior or race conditions.
950
+ OPENSSL_EXPORT int SSL_CTX_add1_credential(SSL_CTX *ctx, SSL_CREDENTIAL *cred);
951
+
952
+ // SSL_add1_credential appends |cred| to |ssl|'s credential list. It returns one
953
+ // on success and zero on error. The credential list is maintained in order of
954
+ // decreasing preference, so earlier calls are preferred over later calls.
955
+ //
956
+ // After calling this function, it is an error to modify |cred|. Doing so may
957
+ // result in inconsistent handshake behavior or race conditions.
958
+ OPENSSL_EXPORT int SSL_add1_credential(SSL *ssl, SSL_CREDENTIAL *cred);
959
+
960
+ // SSL_certs_clear removes all credentials configured on |ssl|. It also removes
961
+ // the certificate chain and private key on the default credential.
962
+ OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
963
+
964
+ // SSL_get0_selected_credential returns the credential in use in the current
965
+ // handshake on |ssl|. If there is current handshake on |ssl| or if the
966
+ // handshake has not progressed to this point, it returns NULL.
967
+ //
968
+ // This function is intended for use with |SSL_CREDENTIAL_get_ex_data|. It may
969
+ // be called from handshake callbacks, such as those in
970
+ // |SSL_PRIVATE_KEY_METHOD|, to trigger credential-specific behavior.
971
+ //
972
+ // In applications that use the older APIs, such as |SSL_use_certificate|, this
973
+ // function may return an internal |SSL_CREDENTIAL| object. This internal object
974
+ // will have no ex_data installed. To avoid this, it is recommended that callers
975
+ // moving to |SSL_CREDENTIAL| use the new APIs consistently.
976
+ OPENSSL_EXPORT const SSL_CREDENTIAL *SSL_get0_selected_credential(
977
+ const SSL *ssl);
978
+
979
+
844
980
  // Configuring certificates and private keys.
845
981
  //
846
982
  // These functions configure the connection's leaf certificate, private key, and
@@ -848,23 +984,32 @@ OPENSSL_EXPORT void SSL_CTX_set0_buffer_pool(SSL_CTX *ctx,
848
984
  // the wire) but does not include the leaf. Both client and server certificates
849
985
  // use these functions.
850
986
  //
851
- // Certificates and keys may be configured before the handshake or dynamically
852
- // in the early callback and certificate callback.
987
+ // Prefer to configure the certificate before the private key. If configured in
988
+ // the other order, inconsistent private keys will be silently dropped, rather
989
+ // than return an error. Additionally, overwriting a previously-configured
990
+ // certificate and key pair only works if the certificate is configured first.
991
+ //
992
+ // Each of these functions configures the default credential. To select between
993
+ // multiple certificates, see |SSL_CREDENTIAL_new_x509| and related APIs.
853
994
 
854
995
  // SSL_CTX_use_certificate sets |ctx|'s leaf certificate to |x509|. It returns
855
- // one on success and zero on failure.
996
+ // one on success and zero on failure. If |ctx| has a private key which is
997
+ // inconsistent with |x509|, the private key is silently dropped.
856
998
  OPENSSL_EXPORT int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x509);
857
999
 
858
1000
  // SSL_use_certificate sets |ssl|'s leaf certificate to |x509|. It returns one
859
- // on success and zero on failure.
1001
+ // on success and zero on failure. If |ssl| has a private key which is
1002
+ // inconsistent with |x509|, the private key is silently dropped.
860
1003
  OPENSSL_EXPORT int SSL_use_certificate(SSL *ssl, X509 *x509);
861
1004
 
862
1005
  // SSL_CTX_use_PrivateKey sets |ctx|'s private key to |pkey|. It returns one on
863
- // success and zero on failure.
1006
+ // success and zero on failure. If |ctx| had a private key or
1007
+ // |SSL_PRIVATE_KEY_METHOD| previously configured, it is replaced.
864
1008
  OPENSSL_EXPORT int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
865
1009
 
866
1010
  // SSL_use_PrivateKey sets |ssl|'s private key to |pkey|. It returns one on
867
- // success and zero on failure.
1011
+ // success and zero on failure. If |ssl| had a private key or
1012
+ // |SSL_PRIVATE_KEY_METHOD| previously configured, it is replaced.
868
1013
  OPENSSL_EXPORT int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
869
1014
 
870
1015
  // SSL_CTX_set0_chain sets |ctx|'s certificate chain, excluding the leaf, to
@@ -986,18 +1131,6 @@ OPENSSL_EXPORT size_t
986
1131
  SSL_get0_peer_delegation_algorithms(const SSL *ssl,
987
1132
  const uint16_t **out_sigalgs);
988
1133
 
989
- // SSL_certs_clear resets the private key, leaf certificate, and certificate
990
- // chain of |ssl|.
991
- OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
992
-
993
- // SSL_CTX_check_private_key returns one if the certificate and private key
994
- // configured in |ctx| are consistent and zero otherwise.
995
- OPENSSL_EXPORT int SSL_CTX_check_private_key(const SSL_CTX *ctx);
996
-
997
- // SSL_check_private_key returns one if the certificate and private key
998
- // configured in |ssl| are consistent and zero otherwise.
999
- OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl);
1000
-
1001
1134
  // SSL_CTX_get0_certificate returns |ctx|'s leaf certificate.
1002
1135
  OPENSSL_EXPORT X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
1003
1136
 
@@ -1229,6 +1362,11 @@ OPENSSL_EXPORT int SSL_use_PrivateKey_file(SSL *ssl, const char *file,
1229
1362
  // reads the contents of |file| as a PEM-encoded leaf certificate followed
1230
1363
  // optionally by the certificate chain to send to the peer. It returns one on
1231
1364
  // success and zero on failure.
1365
+ //
1366
+ // WARNING: If the input contains "TRUSTED CERTIFICATE" PEM blocks, this
1367
+ // function parses auxiliary properties as in |d2i_X509_AUX|. Passing untrusted
1368
+ // input to this function allows an attacker to influence those properties. See
1369
+ // |d2i_X509_AUX| for details.
1232
1370
  OPENSSL_EXPORT int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx,
1233
1371
  const char *file);
1234
1372
 
@@ -1264,11 +1402,6 @@ enum ssl_private_key_result_t BORINGSSL_ENUM_INT {
1264
1402
  // key hooks. This is used to off-load signing operations to a custom,
1265
1403
  // potentially asynchronous, backend. Metadata about the key such as the type
1266
1404
  // and size are parsed out of the certificate.
1267
- //
1268
- // Callers that use this structure should additionally call
1269
- // |SSL_set_signing_algorithm_prefs| or |SSL_CTX_set_signing_algorithm_prefs|
1270
- // with the private key's capabilities. This ensures BoringSSL will select a
1271
- // suitable signature algorithm for the private key.
1272
1405
  struct ssl_private_key_method_st {
1273
1406
  // sign signs the message |in| in using the specified signature algorithm. On
1274
1407
  // success, it returns |ssl_private_key_success| and writes at most |max_out|
@@ -1321,14 +1454,39 @@ struct ssl_private_key_method_st {
1321
1454
 
1322
1455
  // SSL_set_private_key_method configures a custom private key on |ssl|.
1323
1456
  // |key_method| must remain valid for the lifetime of |ssl|.
1457
+ //
1458
+ // If using an RSA or ECDSA key, callers should configure signing capabilities
1459
+ // with |SSL_set_signing_algorithm_prefs|. Otherwise, BoringSSL may select a
1460
+ // signature algorithm that |key_method| does not support.
1324
1461
  OPENSSL_EXPORT void SSL_set_private_key_method(
1325
1462
  SSL *ssl, const SSL_PRIVATE_KEY_METHOD *key_method);
1326
1463
 
1327
1464
  // SSL_CTX_set_private_key_method configures a custom private key on |ctx|.
1328
1465
  // |key_method| must remain valid for the lifetime of |ctx|.
1466
+ //
1467
+ // If using an RSA or ECDSA key, callers should configure signing capabilities
1468
+ // with |SSL_CTX_set_signing_algorithm_prefs|. Otherwise, BoringSSL may select a
1469
+ // signature algorithm that |key_method| does not support.
1329
1470
  OPENSSL_EXPORT void SSL_CTX_set_private_key_method(
1330
1471
  SSL_CTX *ctx, const SSL_PRIVATE_KEY_METHOD *key_method);
1331
1472
 
1473
+ // SSL_CREDENTIAL_set_private_key_method configures a custom private key on
1474
+ // |cred|. |key_method| must remain valid for the lifetime of |cred|. It returns
1475
+ // one on success and zero if |cred| does not use private keys.
1476
+ //
1477
+ // If using an RSA or ECDSA key, callers should configure signing capabilities
1478
+ // with |SSL_CREDENTIAL_set1_signing_algorithm_prefs|. Otherwise, BoringSSL may
1479
+ // select a signature algorithm that |key_method| does not support. This is not
1480
+ // necessary for delegated credentials (see |SSL_CREDENTIAL_new_delegated|)
1481
+ // because delegated credentials only support a single signature algorithm.
1482
+ //
1483
+ // Functions in |key_method| will be passed an |SSL| object, but not |cred|
1484
+ // directly. Use |SSL_get0_selected_credential| to determine the selected
1485
+ // credential. From there, |SSL_CREDENTIAL_get_ex_data| can be used to look up
1486
+ // credential-specific state, such as a handle to the private key.
1487
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set_private_key_method(
1488
+ SSL_CREDENTIAL *cred, const SSL_PRIVATE_KEY_METHOD *key_method);
1489
+
1332
1490
  // SSL_can_release_private_key returns one if |ssl| will no longer call into the
1333
1491
  // private key and zero otherwise. If the function returns one, the caller can
1334
1492
  // release state associated with the private key.
@@ -2674,19 +2832,17 @@ OPENSSL_EXPORT void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
2674
2832
  // SSL_CTX_get_cert_store returns |ctx|'s certificate store.
2675
2833
  OPENSSL_EXPORT X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
2676
2834
 
2677
- // SSL_CTX_set_default_verify_paths loads the OpenSSL system-default trust
2678
- // anchors into |ctx|'s store. It returns one on success and zero on failure.
2835
+ // SSL_CTX_set_default_verify_paths calls |X509_STORE_set_default_paths| on
2836
+ // |ctx|'s store. See that function for details.
2837
+ //
2838
+ // Using this function is not recommended. In OpenSSL, these defaults are
2839
+ // determined by OpenSSL's install prefix. There is no corresponding concept for
2840
+ // BoringSSL. Future versions of BoringSSL may change or remove this
2841
+ // functionality.
2679
2842
  OPENSSL_EXPORT int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
2680
2843
 
2681
- // SSL_CTX_load_verify_locations loads trust anchors into |ctx|'s store from
2682
- // |ca_file| and |ca_dir|, either of which may be NULL. If |ca_file| is passed,
2683
- // it is opened and PEM-encoded CA certificates are read. If |ca_dir| is passed,
2684
- // it is treated as a directory in OpenSSL's hashed directory format. It returns
2685
- // one on success and zero on failure.
2686
- //
2687
- // See
2688
- // https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_load_verify_locations.html
2689
- // for documentation on the directory format.
2844
+ // SSL_CTX_load_verify_locations calls |X509_STORE_load_locations| on |ctx|'s
2845
+ // store. See that function for details.
2690
2846
  OPENSSL_EXPORT int SSL_CTX_load_verify_locations(SSL_CTX *ctx,
2691
2847
  const char *ca_file,
2692
2848
  const char *ca_dir);
@@ -3335,41 +3491,34 @@ OPENSSL_EXPORT const char *SSL_get_psk_identity(const SSL *ssl);
3335
3491
 
3336
3492
  // Delegated credentials.
3337
3493
  //
3338
- // *** EXPERIMENTAL PRONE TO CHANGE ***
3339
- //
3340
- // draft-ietf-tls-subcerts is a proposed extension for TLS 1.3 and above that
3341
- // allows an end point to use its certificate to delegate credentials for
3342
- // authentication. If the peer indicates support for this extension, then this
3343
- // host may use a delegated credential to sign the handshake. Once issued,
3494
+ // Delegated credentials (RFC 9345) allow a TLS 1.3 endpoint to use its
3495
+ // certificate to issue new credentials for authentication. Once issued,
3344
3496
  // credentials can't be revoked. In order to mitigate the damage in case the
3345
3497
  // credential secret key is compromised, the credential is only valid for a
3346
- // short time (days, hours, or even minutes). This library implements draft-03
3347
- // of the protocol spec.
3348
- //
3349
- // The extension ID has not been assigned; we're using 0xff02 for the time
3350
- // being. Currently only the server side is implemented.
3498
+ // short time (days, hours, or even minutes).
3351
3499
  //
3352
- // Servers configure a DC for use in the handshake via
3353
- // |SSL_set1_delegated_credential|. It must be signed by the host's end-entity
3354
- // certificate as defined in draft-ietf-tls-subcerts-03.
3500
+ // Currently only the authenticating side, as a server, is implemented. To
3501
+ // authenticate with delegated credentials, construct an |SSL_CREDENTIAL| with
3502
+ // |SSL_CREDENTIAL_new_delegated| and add it to the credential list. See also
3503
+ // |SSL_CTX_add1_credential|. Callers may configure a mix of delegated
3504
+ // credentials and X.509 credentials on the same |SSL| or |SSL_CTX| to support a
3505
+ // range of clients.
3355
3506
 
3356
- // SSL_set1_delegated_credential configures the delegated credential (DC) that
3357
- // will be sent to the peer for the current connection. |dc| is the DC in wire
3358
- // format, and |pkey| or |key_method| is the corresponding private key.
3359
- // Currently (as of draft-03), only servers may configure a DC to use in the
3360
- // handshake.
3507
+ // SSL_CREDENTIAL_new_delegated returns a new, empty delegated credential, or
3508
+ // NULL on error. Callers should release the result with |SSL_CREDENTIAL_free|
3509
+ // when done.
3361
3510
  //
3362
- // The DC will only be used if the protocol version is correct and the signature
3363
- // scheme is supported by the peer. If not, the DC will not be negotiated and
3364
- // the handshake will use the private key (or private key method) associated
3365
- // with the certificate.
3366
- OPENSSL_EXPORT int SSL_set1_delegated_credential(
3367
- SSL *ssl, CRYPTO_BUFFER *dc, EVP_PKEY *pkey,
3368
- const SSL_PRIVATE_KEY_METHOD *key_method);
3511
+ // Callers should configure a delegated credential, certificate chain and
3512
+ // private key on the credential, along with other properties, then add it with
3513
+ // |SSL_CTX_add1_credential|.
3514
+ OPENSSL_EXPORT SSL_CREDENTIAL *SSL_CREDENTIAL_new_delegated(void);
3369
3515
 
3370
- // SSL_delegated_credential_used returns one if a delegated credential was used
3371
- // and zero otherwise.
3372
- OPENSSL_EXPORT int SSL_delegated_credential_used(const SSL *ssl);
3516
+ // SSL_CREDENTIAL_set1_delegated_credential sets |cred|'s delegated credentials
3517
+ // structure to |dc|. It returns one on success and zero on error, including if
3518
+ // |dc| is malformed. This should be a DelegatedCredential structure, signed by
3519
+ // the end-entity certificate, as described in RFC 9345.
3520
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set1_delegated_credential(
3521
+ SSL_CREDENTIAL *cred, CRYPTO_BUFFER *dc);
3373
3522
 
3374
3523
 
3375
3524
  // QUIC integration.
@@ -3838,7 +3987,7 @@ OPENSSL_EXPORT void SSL_get0_ech_retry_configs(
3838
3987
  // to the size of the buffer. The caller must call |OPENSSL_free| on |*out| to
3839
3988
  // release the memory. On failure, it returns zero.
3840
3989
  //
3841
- // The |config_id| field is a single byte identifer for the ECHConfig. Reusing
3990
+ // The |config_id| field is a single byte identifier for the ECHConfig. Reusing
3842
3991
  // config IDs is allowed, but if multiple ECHConfigs with the same config ID are
3843
3992
  // active at a time, server load may increase. See
3844
3993
  // |SSL_ECH_KEYS_has_duplicate_config_id|.
@@ -4034,6 +4183,15 @@ OPENSSL_EXPORT int SSL_CTX_get_ex_new_index(long argl, void *argp,
4034
4183
  CRYPTO_EX_dup *dup_unused,
4035
4184
  CRYPTO_EX_free *free_func);
4036
4185
 
4186
+ OPENSSL_EXPORT int SSL_CREDENTIAL_set_ex_data(SSL_CREDENTIAL *cred, int idx,
4187
+ void *data);
4188
+ OPENSSL_EXPORT void *SSL_CREDENTIAL_get_ex_data(const SSL_CREDENTIAL *cred,
4189
+ int idx);
4190
+ OPENSSL_EXPORT int SSL_CREDENTIAL_get_ex_new_index(long argl, void *argp,
4191
+ CRYPTO_EX_unused *unused,
4192
+ CRYPTO_EX_dup *dup_unused,
4193
+ CRYPTO_EX_free *free_func);
4194
+
4037
4195
 
4038
4196
  // Low-level record-layer state.
4039
4197
 
@@ -4217,9 +4375,18 @@ OPENSSL_EXPORT void SSL_set_msg_callback_arg(SSL *ssl, void *arg);
4217
4375
  // access to the log.
4218
4376
  //
4219
4377
  // The format is described in
4220
- // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format.
4221
- OPENSSL_EXPORT void SSL_CTX_set_keylog_callback(
4222
- SSL_CTX *ctx, void (*cb)(const SSL *ssl, const char *line));
4378
+ // https://www.ietf.org/archive/id/draft-ietf-tls-keylogfile-01.html
4379
+ //
4380
+ // WARNING: The data in |line| allows an attacker to break security properties
4381
+ // of the TLS protocol, including confidentiality, integrity, and forward
4382
+ // secrecy. This impacts both the current connection, and, in TLS 1.2, future
4383
+ // connections that resume a session from it. Both direct access to the data and
4384
+ // side channel leaks from application code are possible attack vectors. This
4385
+ // callback is intended for debugging and should not be used in production
4386
+ // connections.
4387
+ OPENSSL_EXPORT void SSL_CTX_set_keylog_callback(SSL_CTX *ctx,
4388
+ void (*cb)(const SSL *ssl,
4389
+ const char *line));
4223
4390
 
4224
4391
  // SSL_CTX_get_keylog_callback returns the callback configured by
4225
4392
  // |SSL_CTX_set_keylog_callback|.
@@ -4626,6 +4793,24 @@ OPENSSL_EXPORT int SSL_used_hello_retry_request(const SSL *ssl);
4626
4793
  // https://bugs.openjdk.java.net/browse/JDK-8213202
4627
4794
  OPENSSL_EXPORT void SSL_set_jdk11_workaround(SSL *ssl, int enable);
4628
4795
 
4796
+ // SSL_set_check_client_certificate_type configures whether the client, in
4797
+ // TLS 1.2 and below, will check its certificate against the server's requested
4798
+ // certificate types.
4799
+ //
4800
+ // By default, this option is enabled. If disabled, certificate selection within
4801
+ // the library may not function correctly. This flag is provided temporarily in
4802
+ // case of compatibility issues. It will be removed sometime after June 2024.
4803
+ OPENSSL_EXPORT void SSL_set_check_client_certificate_type(SSL *ssl, int enable);
4804
+
4805
+ // SSL_set_check_ecdsa_curve configures whether the server, in TLS 1.2 and
4806
+ // below, will check its certificate against the client's supported ECDSA
4807
+ // curves.
4808
+ //
4809
+ // By default, this option is enabled. If disabled, certificate selection within
4810
+ // the library may not function correctly. This flag is provided temporarily in
4811
+ // case of compatibility issues. It will be removed sometime after June 2024.
4812
+ OPENSSL_EXPORT void SSL_set_check_ecdsa_curve(SSL *ssl, int enable);
4813
+
4629
4814
 
4630
4815
  // Deprecated functions.
4631
4816
 
@@ -5315,6 +5500,25 @@ OPENSSL_EXPORT int SSL_set1_curves_list(SSL *ssl, const char *curves);
5315
5500
  // returns this value, but we define this constant for compatibility.
5316
5501
  #define TLSEXT_nid_unknown 0x1000000
5317
5502
 
5503
+ // SSL_CTX_check_private_key returns one if |ctx| has both a certificate and
5504
+ // private key, and zero otherwise.
5505
+ //
5506
+ // This function does not check consistency because the library checks when the
5507
+ // certificate and key are individually configured. However, if the private key
5508
+ // is configured before the certificate, inconsistent private keys are silently
5509
+ // dropped. Some callers are inadvertently relying on this function to detect
5510
+ // when this happens.
5511
+ //
5512
+ // Instead, callers should configure the certificate first, then the private
5513
+ // key, checking for errors in each. This function is then unnecessary.
5514
+ OPENSSL_EXPORT int SSL_CTX_check_private_key(const SSL_CTX *ctx);
5515
+
5516
+ // SSL_check_private_key returns one if |ssl| has both a certificate and private
5517
+ // key, and zero otherwise.
5518
+ //
5519
+ // See discussion in |SSL_CTX_check_private_key|.
5520
+ OPENSSL_EXPORT int SSL_check_private_key(const SSL *ssl);
5521
+
5318
5522
 
5319
5523
  // Compliance policy configurations
5320
5524
  //
@@ -5543,6 +5747,8 @@ extern "C++" {
5543
5747
  BSSL_NAMESPACE_BEGIN
5544
5748
 
5545
5749
  BORINGSSL_MAKE_DELETER(SSL, SSL_free)
5750
+ BORINGSSL_MAKE_DELETER(SSL_CREDENTIAL, SSL_CREDENTIAL_free)
5751
+ BORINGSSL_MAKE_UP_REF(SSL_CREDENTIAL, SSL_CREDENTIAL_up_ref)
5546
5752
  BORINGSSL_MAKE_DELETER(SSL_CTX, SSL_CTX_free)
5547
5753
  BORINGSSL_MAKE_UP_REF(SSL_CTX, SSL_CTX_up_ref)
5548
5754
  BORINGSSL_MAKE_DELETER(SSL_ECH_KEYS, SSL_ECH_KEYS_free)
@@ -139,7 +139,8 @@ STACK_OF(SAMPLE) *sk_SAMPLE_new(sk_SAMPLE_cmp_func comp);
139
139
  STACK_OF(SAMPLE) *sk_SAMPLE_new_null(void);
140
140
 
141
141
  // sk_SAMPLE_num returns the number of elements in |sk|. It is safe to cast this
142
- // value to |int|. |sk| is guaranteed to have at most |INT_MAX| elements.
142
+ // value to |int|. |sk| is guaranteed to have at most |INT_MAX| elements. If
143
+ // |sk| is NULL, it is treated as the empty list and this function returns zero.
143
144
  size_t sk_SAMPLE_num(const STACK_OF(SAMPLE) *sk);
144
145
 
145
146
  // sk_SAMPLE_zero resets |sk| to the empty state but does nothing to free the
@@ -147,7 +148,8 @@ size_t sk_SAMPLE_num(const STACK_OF(SAMPLE) *sk);
147
148
  void sk_SAMPLE_zero(STACK_OF(SAMPLE) *sk);
148
149
 
149
150
  // sk_SAMPLE_value returns the |i|th pointer in |sk|, or NULL if |i| is out of
150
- // range.
151
+ // range. If |sk| is NULL, it is treated as an empty list and the function
152
+ // returns NULL.
151
153
  SAMPLE *sk_SAMPLE_value(const STACK_OF(SAMPLE) *sk, size_t i);
152
154
 
153
155
  // sk_SAMPLE_set sets the |i|th pointer in |sk| to |p| and returns |p|. If |i|
@@ -195,7 +197,8 @@ void sk_SAMPLE_delete_if(STACK_OF(SAMPLE) *sk, sk_SAMPLE_delete_if_func func,
195
197
  // If the stack is sorted (see |sk_SAMPLE_sort|), this function uses a binary
196
198
  // search. Otherwise it performs a linear search. If it finds a matching
197
199
  // element, it writes the index to |*out_index| (if |out_index| is not NULL) and
198
- // returns one. Otherwise, it returns zero.
200
+ // returns one. Otherwise, it returns zero. If |sk| is NULL, it is treated as
201
+ // the empty list and the function returns zero.
199
202
  //
200
203
  // Note this differs from OpenSSL. The type signature is slightly different, and
201
204
  // OpenSSL's version will implicitly sort |sk| if it has a comparison function
@@ -399,6 +402,9 @@ BSSL_NAMESPACE_END
399
402
  * positive warning. */ \
400
403
  OPENSSL_MSVC_PRAGMA(warning(push)) \
401
404
  OPENSSL_MSVC_PRAGMA(warning(disable : 4191)) \
405
+ OPENSSL_CLANG_PRAGMA("clang diagnostic push") \
406
+ OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wunknown-warning-option\"") \
407
+ OPENSSL_CLANG_PRAGMA("clang diagnostic ignored \"-Wcast-function-type-strict\"") \
402
408
  \
403
409
  DECLARE_STACK_OF(name) \
404
410
  \
@@ -534,6 +540,7 @@ BSSL_NAMESPACE_END
534
540
  (OPENSSL_sk_free_func)free_func); \
535
541
  } \
536
542
  \
543
+ OPENSSL_CLANG_PRAGMA("clang diagnostic pop") \
537
544
  OPENSSL_MSVC_PRAGMA(warning(pop))
538
545
 
539
546
 
@@ -84,18 +84,18 @@
84
84
 
85
85
  // Trusty and Android baremetal aren't Linux but currently define __linux__.
86
86
  // As a workaround, we exclude them here.
87
- // We also exclude nanolibc/CrOS EC/Zephyr. nanolibc/CrOS EC/Zephyr
88
- // sometimes build for a non-Linux target (which should not define __linux__),
89
- // but also sometimes build for Linux. Although technically running in Linux
90
- // userspace, this lacks all the libc APIs we'd normally expect on Linux, so we
91
- // treat it as a non-Linux target.
87
+ // We also exclude nanolibc/CrOS EC. nanolibc/CrOS EC sometimes build for a
88
+ // non-Linux target (which should not define __linux__), but also sometimes
89
+ // build for Linux. Although technically running in Linux userspace, this lacks
90
+ // all the libc APIs we'd normally expect on Linux, so we treat it as a
91
+ // non-Linux target.
92
92
  //
93
93
  // TODO(b/169780122): Remove this workaround once Trusty no longer defines it.
94
94
  // TODO(b/291101350): Remove this workaround once Android baremetal no longer
95
95
  // defines it.
96
96
  #if defined(__linux__) && !defined(__TRUSTY__) && \
97
97
  !defined(ANDROID_BAREMETAL) && !defined(OPENSSL_NANOLIBC) && \
98
- !defined(CROS_EC) && !defined(CROS_ZEPHYR)
98
+ !defined(CROS_EC)
99
99
  #define OPENSSL_LINUX
100
100
  #endif
101
101
 
@@ -148,16 +148,19 @@
148
148
  #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
149
149
  #endif
150
150
 
151
- // CROS_ZEPHYR is an embedded target for ChromeOS Zephyr Embedded Controller.
151
+ // Zephyr is an open source RTOS, optimized for embedded devices.
152
152
  // Defining this on any other platform is not supported. Other embedded
153
153
  // platforms must introduce their own defines.
154
154
  //
155
- // https://chromium.googlesource.com/chromiumos/platform/ec/+/HEAD/docs/zephyr/README.md
156
- #if defined(CROS_ZEPHYR)
155
+ // Zephyr supports multithreading with cooperative and preemptive scheduling.
156
+ // It also implements POSIX Threads (pthread) API, so it's not necessary to
157
+ // implement BoringSSL internal threading API using some custom API.
158
+ //
159
+ // https://www.zephyrproject.org/
160
+ #if defined(__ZEPHYR__)
157
161
  #define OPENSSL_NO_FILESYSTEM
158
162
  #define OPENSSL_NO_POSIX_IO
159
163
  #define OPENSSL_NO_SOCK
160
- #define OPENSSL_NO_THREADS_CORRUPT_MEMORY_AND_LEAK_SECRETS_IF_THREADED
161
164
  #endif
162
165
 
163
166
  #if defined(__ANDROID_API__)
@@ -239,8 +239,8 @@ extern "C" {
239
239
  // ExtensionType value from RFC 5746
240
240
  #define TLSEXT_TYPE_renegotiate 0xff01
241
241
 
242
- // ExtensionType value from draft-ietf-tls-subcerts.
243
- #define TLSEXT_TYPE_delegated_credential 0x22
242
+ // ExtensionType value from RFC 9345
243
+ #define TLSEXT_TYPE_delegated_credential 34
244
244
 
245
245
  // ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined
246
246
  // extension number.