grpc 1.21.0 → 1.32.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1843) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +2516 -19950
  3. data/etc/roots.pem +44 -100
  4. data/include/grpc/grpc.h +3 -1
  5. data/include/grpc/grpc_security.h +238 -55
  6. data/include/grpc/grpc_security_constants.h +32 -1
  7. data/include/grpc/impl/codegen/README.md +22 -0
  8. data/include/grpc/impl/codegen/gpr_types.h +1 -1
  9. data/include/grpc/impl/codegen/grpc_types.h +61 -13
  10. data/include/grpc/impl/codegen/port_platform.h +74 -30
  11. data/include/grpc/impl/codegen/sync.h +5 -3
  12. data/include/grpc/impl/codegen/sync_abseil.h +36 -0
  13. data/include/grpc/impl/codegen/sync_generic.h +1 -1
  14. data/include/grpc/module.modulemap +25 -37
  15. data/include/grpc/slice.h +2 -2
  16. data/include/grpc/support/alloc.h +0 -16
  17. data/include/grpc/support/sync_abseil.h +26 -0
  18. data/src/core/ext/filters/client_channel/backend_metric.cc +84 -0
  19. data/src/core/ext/filters/client_channel/backend_metric.h +36 -0
  20. data/src/core/ext/filters/client_channel/backup_poller.cc +10 -8
  21. data/src/core/ext/filters/client_channel/backup_poller.h +5 -2
  22. data/src/core/ext/filters/client_channel/channel_connectivity.cc +18 -4
  23. data/src/core/ext/filters/client_channel/client_channel.cc +1516 -742
  24. data/src/core/ext/filters/client_channel/client_channel.h +25 -9
  25. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +50 -139
  26. data/src/core/ext/filters/client_channel/client_channel_channelz.h +15 -39
  27. data/src/core/ext/filters/client_channel/client_channel_factory.cc +1 -1
  28. data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -9
  29. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +8 -13
  30. data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
  31. data/src/core/ext/filters/client_channel/config_selector.h +93 -0
  32. data/src/core/ext/filters/client_channel/connector.h +42 -39
  33. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +34 -12
  34. data/src/core/ext/filters/client_channel/health/health_check_client.cc +75 -115
  35. data/src/core/ext/filters/client_channel/health/health_check_client.h +8 -16
  36. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +75 -46
  37. data/src/core/ext/filters/client_channel/http_proxy.cc +126 -120
  38. data/src/core/ext/filters/client_channel/http_proxy.h +5 -1
  39. data/src/core/ext/filters/client_channel/lb_policy.cc +35 -35
  40. data/src/core/ext/filters/client_channel/lb_policy.h +225 -152
  41. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  42. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  43. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +299 -0
  44. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  45. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +41 -25
  46. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +635 -734
  47. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +7 -0
  48. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +76 -0
  49. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +37 -0
  50. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +9 -2
  51. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +33 -49
  52. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +4 -3
  53. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +7 -6
  54. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +157 -271
  55. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +42 -58
  56. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +113 -166
  57. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +890 -0
  58. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +61 -101
  59. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +116 -260
  60. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +744 -0
  61. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +423 -0
  62. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +946 -0
  63. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +537 -0
  64. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +3 -7
  65. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +1141 -0
  66. data/src/core/ext/filters/client_channel/lb_policy_factory.h +6 -9
  67. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +53 -77
  68. data/src/core/ext/filters/client_channel/lb_policy_registry.h +3 -3
  69. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +8 -8
  70. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +2 -1
  71. data/src/core/ext/filters/client_channel/proxy_mapper.h +14 -34
  72. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +46 -79
  73. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +23 -17
  74. data/src/core/ext/filters/client_channel/resolver.cc +6 -9
  75. data/src/core/ext/filters/client_channel/resolver.h +19 -37
  76. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +156 -130
  77. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +74 -39
  78. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +15 -21
  79. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +33 -33
  80. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +16 -13
  81. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +476 -129
  82. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +231 -193
  83. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +6 -4
  84. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +9 -6
  85. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -2
  86. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -2
  87. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +73 -48
  88. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +165 -116
  89. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +8 -7
  90. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +45 -29
  91. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +536 -0
  92. data/src/core/ext/filters/client_channel/resolver_factory.h +11 -11
  93. data/src/core/ext/filters/client_channel/resolver_registry.cc +39 -24
  94. data/src/core/ext/filters/client_channel/resolver_registry.h +17 -12
  95. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +251 -313
  96. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +28 -26
  97. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +100 -325
  98. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +48 -53
  99. data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
  100. data/src/core/ext/filters/client_channel/retry_throttle.h +2 -6
  101. data/src/core/ext/filters/client_channel/server_address.cc +40 -14
  102. data/src/core/ext/filters/client_channel/server_address.h +45 -15
  103. data/src/core/ext/filters/client_channel/service_config.cc +143 -253
  104. data/src/core/ext/filters/client_channel/service_config.h +47 -131
  105. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  106. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  107. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  108. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  109. data/src/core/ext/filters/client_channel/subchannel.cc +436 -288
  110. data/src/core/ext/filters/client_channel/subchannel.h +181 -53
  111. data/src/core/ext/filters/client_channel/subchannel_interface.h +94 -0
  112. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
  113. data/src/core/ext/filters/client_idle/client_idle_filter.cc +440 -0
  114. data/src/core/ext/filters/deadline/deadline_filter.cc +30 -28
  115. data/src/core/ext/filters/http/client/http_client_filter.cc +66 -70
  116. data/src/core/ext/filters/http/client_authority_filter.cc +21 -21
  117. data/src/core/ext/filters/http/http_filters_plugin.cc +28 -12
  118. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +335 -301
  119. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +399 -0
  120. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +31 -0
  121. data/src/core/ext/filters/http/server/http_server_filter.cc +66 -39
  122. data/src/core/ext/filters/max_age/max_age_filter.cc +72 -60
  123. data/src/core/ext/filters/message_size/message_size_filter.cc +116 -144
  124. data/src/core/ext/filters/message_size/message_size_filter.h +12 -6
  125. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +19 -17
  126. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +193 -171
  127. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +48 -1
  128. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +29 -25
  129. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +44 -64
  130. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +384 -305
  131. data/src/core/ext/transport/chttp2/server/chttp2_server.h +7 -2
  132. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -3
  133. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +10 -16
  134. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +9 -9
  135. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +4 -6
  136. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +640 -560
  137. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +2 -0
  138. data/src/core/ext/transport/chttp2/transport/context_list.cc +5 -3
  139. data/src/core/ext/transport/chttp2/transport/flow_control.cc +26 -31
  140. data/src/core/ext/transport/chttp2/transport/flow_control.h +28 -38
  141. data/src/core/ext/transport/chttp2/transport/frame_data.cc +45 -54
  142. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +7 -9
  143. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +2 -3
  144. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +7 -7
  145. data/src/core/ext/transport/chttp2/transport/frame_ping.h +2 -3
  146. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +21 -13
  147. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +9 -3
  148. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +13 -12
  149. data/src/core/ext/transport/chttp2/transport/frame_settings.h +2 -3
  150. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
  151. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +2 -3
  152. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +531 -348
  153. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +26 -15
  154. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +213 -143
  155. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +11 -4
  156. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +41 -196
  157. data/src/core/ext/transport/chttp2/transport/hpack_table.h +62 -18
  158. data/src/core/ext/transport/chttp2/transport/http2_settings.h +4 -5
  159. data/src/core/ext/transport/chttp2/transport/huffsyms.h +2 -3
  160. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +2 -1
  161. data/src/core/ext/transport/chttp2/transport/internal.h +64 -47
  162. data/src/core/ext/transport/chttp2/transport/parsing.cc +148 -162
  163. data/src/core/ext/transport/chttp2/transport/stream_map.cc +28 -18
  164. data/src/core/ext/transport/chttp2/transport/stream_map.h +2 -3
  165. data/src/core/ext/transport/chttp2/transport/writing.cc +38 -30
  166. data/src/core/ext/transport/inproc/inproc_transport.cc +164 -114
  167. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
  168. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +29 -0
  169. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
  170. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +53 -0
  171. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +224 -0
  172. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +700 -0
  173. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  174. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
  175. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +380 -0
  176. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1378 -0
  177. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +35 -0
  178. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
  179. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +55 -0
  180. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
  181. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +112 -0
  182. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +334 -0
  183. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +35 -0
  184. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
  185. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +309 -0
  186. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
  187. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +96 -0
  188. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +328 -0
  189. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  190. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
  191. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +195 -0
  192. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +634 -0
  193. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  194. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
  195. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +36 -0
  196. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
  197. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +152 -0
  198. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +536 -0
  199. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
  200. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
  201. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +34 -0
  202. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
  203. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
  204. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
  205. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  206. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
  207. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  208. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
  209. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +33 -0
  210. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
  211. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +108 -0
  212. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +401 -0
  213. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +138 -0
  214. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +490 -0
  215. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
  216. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
  217. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +174 -0
  218. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +599 -0
  219. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
  220. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
  221. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +773 -0
  222. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2855 -0
  223. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +59 -0
  224. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +135 -0
  225. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
  226. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
  227. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +312 -0
  228. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1125 -0
  229. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
  230. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
  231. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +111 -0
  232. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +401 -0
  233. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +72 -0
  234. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +198 -0
  235. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +105 -0
  236. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +388 -0
  237. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.c +27 -0
  238. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
  239. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +25 -0
  240. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
  241. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +129 -0
  242. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +386 -0
  243. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +30 -0
  244. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
  245. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +30 -0
  246. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
  247. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
  248. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
  249. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +29 -0
  250. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
  251. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.c +27 -0
  252. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
  253. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  254. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
  255. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  256. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
  257. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  258. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
  259. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  260. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
  261. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
  262. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +127 -0
  263. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  264. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
  265. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  266. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
  267. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  268. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
  269. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +17 -0
  270. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +35 -0
  271. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +40 -0
  272. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
  273. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +51 -0
  274. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
  275. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +30 -0
  276. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
  277. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +17 -0
  278. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +29 -0
  279. data/src/core/ext/upb-generated/google/api/annotations.upb.c +18 -0
  280. data/src/core/ext/upb-generated/google/api/annotations.upb.h +29 -0
  281. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
  282. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
  283. data/src/core/ext/upb-generated/google/api/http.upb.c +66 -0
  284. data/src/core/ext/upb-generated/google/api/http.upb.h +191 -0
  285. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +27 -0
  286. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +57 -0
  287. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +486 -0
  288. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1722 -0
  289. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +27 -0
  290. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +57 -0
  291. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +22 -0
  292. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +49 -0
  293. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +79 -0
  294. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +194 -0
  295. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +27 -0
  296. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +57 -0
  297. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +106 -0
  298. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +237 -0
  299. data/src/core/ext/upb-generated/google/rpc/status.upb.c +33 -0
  300. data/src/core/ext/upb-generated/google/rpc/status.upb.h +74 -0
  301. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +49 -0
  302. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +113 -0
  303. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +212 -0
  304. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +672 -0
  305. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +42 -0
  306. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +110 -0
  307. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +36 -0
  308. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +83 -0
  309. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +141 -0
  310. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +396 -0
  311. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
  312. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +103 -0
  313. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
  314. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +29 -0
  315. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  316. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +64 -0
  317. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  318. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
  319. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +58 -0
  320. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +117 -0
  321. data/src/core/ext/upb-generated/validate/validate.upb.c +448 -0
  322. data/src/core/ext/upb-generated/validate/validate.upb.h +2074 -0
  323. data/src/core/ext/xds/xds_api.cc +2388 -0
  324. data/src/core/ext/xds/xds_api.h +360 -0
  325. data/src/core/ext/xds/xds_bootstrap.cc +373 -0
  326. data/src/core/ext/xds/xds_bootstrap.h +93 -0
  327. data/src/core/ext/xds/xds_channel.h +46 -0
  328. data/src/core/ext/xds/xds_channel_args.h +26 -0
  329. data/src/core/ext/xds/xds_channel_secure.cc +103 -0
  330. data/src/core/ext/xds/xds_client.cc +2114 -0
  331. data/src/core/ext/xds/xds_client.h +276 -0
  332. data/src/core/ext/xds/xds_client_stats.cc +115 -0
  333. data/src/core/ext/xds/xds_client_stats.h +211 -0
  334. data/src/core/lib/avl/avl.cc +1 -1
  335. data/src/core/lib/channel/channel_args.cc +52 -14
  336. data/src/core/lib/channel/channel_args.h +41 -3
  337. data/src/core/lib/channel/channel_stack.cc +1 -1
  338. data/src/core/lib/channel/channel_stack.h +38 -18
  339. data/src/core/lib/channel/channel_trace.cc +32 -45
  340. data/src/core/lib/channel/channel_trace.h +3 -3
  341. data/src/core/lib/channel/channelz.cc +377 -318
  342. data/src/core/lib/channel/channelz.h +128 -90
  343. data/src/core/lib/channel/channelz_registry.cc +123 -178
  344. data/src/core/lib/channel/channelz_registry.h +14 -32
  345. data/src/core/lib/channel/connected_channel.cc +28 -25
  346. data/src/core/lib/channel/context.h +2 -2
  347. data/src/core/lib/channel/handshaker.cc +18 -14
  348. data/src/core/lib/channel/handshaker.h +7 -6
  349. data/src/core/lib/channel/handshaker_factory.h +1 -3
  350. data/src/core/lib/channel/handshaker_registry.cc +9 -21
  351. data/src/core/lib/channel/handshaker_registry.h +3 -3
  352. data/src/core/lib/channel/status_util.cc +2 -3
  353. data/src/core/lib/compression/compression.cc +16 -11
  354. data/src/core/lib/compression/compression_args.cc +13 -6
  355. data/src/core/lib/compression/compression_args.h +3 -2
  356. data/src/core/lib/compression/compression_internal.cc +15 -11
  357. data/src/core/lib/compression/compression_internal.h +9 -1
  358. data/src/core/lib/compression/message_compress.cc +8 -3
  359. data/src/core/lib/compression/stream_compression.cc +3 -2
  360. data/src/core/lib/compression/stream_compression.h +2 -2
  361. data/src/core/lib/compression/stream_compression_gzip.cc +9 -9
  362. data/src/core/lib/compression/stream_compression_identity.cc +5 -7
  363. data/src/core/lib/debug/stats.cc +21 -27
  364. data/src/core/lib/debug/stats.h +3 -1
  365. data/src/core/lib/debug/trace.h +3 -2
  366. data/src/core/lib/gpr/alloc.cc +4 -29
  367. data/src/core/lib/gpr/cpu_linux.cc +1 -1
  368. data/src/core/lib/gpr/env.h +1 -1
  369. data/src/core/lib/gpr/env_linux.cc +10 -21
  370. data/src/core/lib/gpr/env_posix.cc +0 -5
  371. data/src/core/lib/gpr/log_linux.cc +8 -10
  372. data/src/core/lib/gpr/log_posix.cc +7 -9
  373. data/src/core/lib/gpr/spinlock.h +2 -3
  374. data/src/core/lib/gpr/string.cc +25 -36
  375. data/src/core/lib/gpr/string.h +11 -19
  376. data/src/core/lib/gpr/sync_abseil.cc +116 -0
  377. data/src/core/lib/gpr/sync_posix.cc +10 -142
  378. data/src/core/lib/gpr/sync_windows.cc +4 -2
  379. data/src/core/lib/gpr/time.cc +4 -0
  380. data/src/core/lib/gpr/time_posix.cc +1 -1
  381. data/src/core/lib/gpr/time_precise.cc +123 -36
  382. data/src/core/lib/gpr/time_precise.h +37 -0
  383. data/src/core/lib/gprpp/arena.cc +3 -3
  384. data/src/core/lib/gprpp/arena.h +2 -3
  385. data/src/core/lib/gprpp/atomic.h +10 -6
  386. data/src/core/lib/gprpp/debug_location.h +3 -2
  387. data/src/core/lib/gprpp/fork.cc +19 -26
  388. data/src/core/lib/gprpp/fork.h +18 -3
  389. data/src/core/lib/gprpp/global_config.h +9 -0
  390. data/src/core/lib/gprpp/global_config_custom.h +1 -1
  391. data/src/core/lib/gprpp/global_config_env.cc +15 -13
  392. data/src/core/lib/gprpp/global_config_env.h +2 -2
  393. data/src/core/lib/gprpp/host_port.cc +112 -0
  394. data/src/core/lib/gprpp/host_port.h +56 -0
  395. data/src/core/lib/gprpp/map.h +16 -382
  396. data/src/core/lib/gprpp/memory.h +12 -75
  397. data/src/core/lib/gprpp/mpscq.cc +108 -0
  398. data/src/core/lib/gprpp/mpscq.h +98 -0
  399. data/src/core/lib/gprpp/orphanable.h +9 -14
  400. data/src/core/lib/gprpp/ref_counted.h +97 -44
  401. data/src/core/lib/gprpp/ref_counted_ptr.h +8 -1
  402. data/src/core/lib/gprpp/sync.h +9 -0
  403. data/src/core/lib/gprpp/thd.h +13 -6
  404. data/src/core/lib/gprpp/thd_posix.cc +29 -3
  405. data/src/core/lib/gprpp/thd_windows.cc +12 -4
  406. data/src/core/lib/http/format_request.cc +46 -65
  407. data/src/core/lib/http/httpcli.cc +18 -16
  408. data/src/core/lib/http/httpcli.h +2 -3
  409. data/src/core/lib/http/httpcli_security_connector.cc +27 -21
  410. data/src/core/lib/http/parser.cc +1 -1
  411. data/src/core/lib/http/parser.h +2 -3
  412. data/src/core/lib/iomgr/buffer_list.cc +45 -40
  413. data/src/core/lib/iomgr/buffer_list.h +27 -27
  414. data/src/core/lib/iomgr/call_combiner.cc +12 -12
  415. data/src/core/lib/iomgr/call_combiner.h +10 -8
  416. data/src/core/lib/iomgr/cfstream_handle.cc +11 -3
  417. data/src/core/lib/iomgr/cfstream_handle.h +11 -3
  418. data/src/core/lib/iomgr/closure.h +43 -141
  419. data/src/core/lib/iomgr/combiner.cc +46 -90
  420. data/src/core/lib/iomgr/combiner.h +30 -8
  421. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  422. data/src/core/lib/iomgr/endpoint.cc +5 -1
  423. data/src/core/lib/iomgr/endpoint.h +7 -3
  424. data/src/core/lib/iomgr/endpoint_cfstream.cc +41 -19
  425. data/src/core/lib/iomgr/endpoint_pair.h +2 -3
  426. data/src/core/lib/iomgr/endpoint_pair_posix.cc +11 -11
  427. data/src/core/lib/iomgr/error.cc +26 -19
  428. data/src/core/lib/iomgr/error.h +15 -8
  429. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  430. data/src/core/lib/iomgr/error_internal.h +1 -1
  431. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  432. data/src/core/lib/iomgr/ev_apple.h +43 -0
  433. data/src/core/lib/iomgr/ev_epoll1_linux.cc +48 -47
  434. data/src/core/lib/iomgr/ev_epollex_linux.cc +80 -94
  435. data/src/core/lib/iomgr/ev_poll_posix.cc +42 -26
  436. data/src/core/lib/iomgr/ev_posix.cc +9 -8
  437. data/src/core/lib/iomgr/ev_posix.h +3 -2
  438. data/src/core/lib/iomgr/ev_windows.cc +2 -2
  439. data/src/core/lib/iomgr/exec_ctx.cc +78 -21
  440. data/src/core/lib/iomgr/exec_ctx.h +27 -7
  441. data/src/core/lib/iomgr/executor.cc +25 -41
  442. data/src/core/lib/iomgr/executor.h +7 -7
  443. data/src/core/lib/iomgr/executor/mpmcqueue.cc +183 -0
  444. data/src/core/lib/iomgr/executor/mpmcqueue.h +175 -0
  445. data/src/core/lib/iomgr/executor/threadpool.cc +137 -0
  446. data/src/core/lib/iomgr/executor/threadpool.h +149 -0
  447. data/src/core/lib/iomgr/fork_posix.cc +8 -2
  448. data/src/core/lib/iomgr/iocp_windows.cc +2 -2
  449. data/src/core/lib/iomgr/iomgr.cc +4 -4
  450. data/src/core/lib/iomgr/iomgr_custom.cc +1 -1
  451. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +87 -9
  452. data/src/core/lib/iomgr/iomgr_uv.cc +3 -0
  453. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  454. data/src/core/lib/iomgr/load_file.cc +1 -0
  455. data/src/core/lib/iomgr/lockfree_event.cc +13 -12
  456. data/src/core/lib/iomgr/parse_address.cc +238 -0
  457. data/src/core/lib/iomgr/parse_address.h +53 -0
  458. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
  459. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
  460. data/src/core/lib/iomgr/pollset_custom.cc +5 -5
  461. data/src/core/lib/iomgr/pollset_set_custom.cc +10 -10
  462. data/src/core/lib/iomgr/pollset_uv.h +32 -0
  463. data/src/core/lib/iomgr/pollset_windows.cc +16 -2
  464. data/src/core/lib/iomgr/port.h +10 -22
  465. data/src/core/lib/iomgr/python_util.h +46 -0
  466. data/src/core/lib/iomgr/resolve_address.h +4 -6
  467. data/src/core/lib/iomgr/resolve_address_custom.cc +49 -68
  468. data/src/core/lib/iomgr/resolve_address_custom.h +4 -2
  469. data/src/core/lib/iomgr/resolve_address_posix.cc +20 -24
  470. data/src/core/lib/iomgr/resolve_address_windows.cc +22 -35
  471. data/src/core/lib/iomgr/resource_quota.cc +120 -110
  472. data/src/core/lib/iomgr/resource_quota.h +13 -9
  473. data/src/core/lib/iomgr/sockaddr_utils.cc +33 -36
  474. data/src/core/lib/iomgr/sockaddr_utils.h +12 -16
  475. data/src/core/lib/iomgr/socket_factory_posix.h +2 -3
  476. data/src/core/lib/iomgr/socket_mutator.h +2 -3
  477. data/src/core/lib/iomgr/socket_utils_common_posix.cc +140 -82
  478. data/src/core/lib/iomgr/socket_utils_posix.h +19 -0
  479. data/src/core/lib/iomgr/socket_windows.cc +6 -7
  480. data/src/core/lib/iomgr/socket_windows.h +1 -1
  481. data/src/core/lib/iomgr/tcp_client_cfstream.cc +18 -21
  482. data/src/core/lib/iomgr/tcp_client_custom.cc +9 -11
  483. data/src/core/lib/iomgr/tcp_client_posix.cc +47 -59
  484. data/src/core/lib/iomgr/tcp_client_posix.h +6 -6
  485. data/src/core/lib/iomgr/tcp_client_windows.cc +12 -13
  486. data/src/core/lib/iomgr/tcp_custom.cc +58 -36
  487. data/src/core/lib/iomgr/tcp_custom.h +4 -1
  488. data/src/core/lib/iomgr/tcp_posix.cc +697 -124
  489. data/src/core/lib/iomgr/tcp_server.cc +8 -4
  490. data/src/core/lib/iomgr/tcp_server.h +28 -5
  491. data/src/core/lib/iomgr/tcp_server_custom.cc +46 -41
  492. data/src/core/lib/iomgr/tcp_server_posix.cc +102 -46
  493. data/src/core/lib/iomgr/tcp_server_utils_posix.h +6 -4
  494. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +17 -19
  495. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +10 -18
  496. data/src/core/lib/iomgr/tcp_server_windows.cc +33 -29
  497. data/src/core/lib/iomgr/tcp_uv.cc +8 -8
  498. data/src/core/lib/iomgr/tcp_windows.cc +49 -30
  499. data/src/core/lib/iomgr/time_averaged_stats.h +2 -3
  500. data/src/core/lib/iomgr/timer.h +2 -1
  501. data/src/core/lib/iomgr/timer_custom.cc +7 -5
  502. data/src/core/lib/iomgr/timer_generic.cc +26 -24
  503. data/src/core/lib/iomgr/timer_generic.h +39 -0
  504. data/src/core/lib/iomgr/timer_heap.h +2 -3
  505. data/src/core/lib/iomgr/timer_manager.cc +8 -30
  506. data/src/core/lib/iomgr/timer_manager.h +2 -0
  507. data/src/core/lib/iomgr/udp_server.cc +53 -53
  508. data/src/core/lib/iomgr/udp_server.h +11 -14
  509. data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
  510. data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
  511. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
  512. data/src/core/lib/iomgr/work_serializer.cc +155 -0
  513. data/src/core/lib/iomgr/work_serializer.h +65 -0
  514. data/src/core/lib/json/json.h +209 -68
  515. data/src/core/lib/json/json_reader.cc +508 -317
  516. data/src/core/lib/json/json_writer.cc +202 -110
  517. data/src/core/lib/profiling/basic_timers.cc +2 -2
  518. data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
  519. data/src/core/lib/security/authorization/authorization_engine.h +84 -0
  520. data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
  521. data/src/core/lib/security/authorization/evaluate_args.h +59 -0
  522. data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
  523. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
  524. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
  525. data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
  526. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
  527. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
  528. data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
  529. data/src/core/lib/security/credentials/alts/alts_credentials.cc +10 -7
  530. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +1 -1
  531. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +45 -57
  532. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
  533. data/src/core/lib/security/credentials/composite/composite_credentials.cc +26 -6
  534. data/src/core/lib/security/credentials/composite/composite_credentials.h +11 -4
  535. data/src/core/lib/security/credentials/credentials.h +31 -25
  536. data/src/core/lib/security/credentials/fake/fake_credentials.cc +9 -9
  537. data/src/core/lib/security/credentials/fake/fake_credentials.h +6 -1
  538. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  539. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +74 -56
  540. data/src/core/lib/security/credentials/iam/iam_credentials.cc +12 -10
  541. data/src/core/lib/security/credentials/iam/iam_credentials.h +4 -0
  542. data/src/core/lib/security/credentials/jwt/json_token.cc +32 -58
  543. data/src/core/lib/security/credentials/jwt/json_token.h +5 -7
  544. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +19 -26
  545. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +12 -0
  546. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +153 -170
  547. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +4 -6
  548. data/src/core/lib/security/credentials/local/local_credentials.cc +3 -3
  549. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +332 -87
  550. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +27 -7
  551. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +31 -15
  552. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +4 -1
  553. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +43 -5
  554. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +12 -2
  555. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +70 -17
  556. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +118 -5
  557. data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
  558. data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
  559. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +67 -32
  560. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +5 -0
  561. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +64 -47
  562. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +2 -2
  563. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +9 -5
  564. data/src/core/lib/security/security_connector/local/local_security_connector.cc +42 -16
  565. data/src/core/lib/security/security_connector/security_connector.cc +4 -1
  566. data/src/core/lib/security/security_connector/security_connector.h +22 -20
  567. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +55 -62
  568. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +8 -5
  569. data/src/core/lib/security/security_connector/ssl_utils.cc +150 -53
  570. data/src/core/lib/security/security_connector/ssl_utils.h +41 -17
  571. data/src/core/lib/security/security_connector/ssl_utils_config.cc +32 -0
  572. data/src/core/lib/security/security_connector/ssl_utils_config.h +30 -0
  573. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +606 -0
  574. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
  575. data/src/core/lib/security/transport/auth_filters.h +0 -2
  576. data/src/core/lib/security/transport/client_auth_filter.cc +74 -28
  577. data/src/core/lib/security/transport/secure_endpoint.cc +16 -9
  578. data/src/core/lib/security/transport/security_handshaker.cc +103 -43
  579. data/src/core/lib/security/transport/security_handshaker.h +4 -2
  580. data/src/core/lib/security/transport/server_auth_filter.cc +18 -17
  581. data/src/core/lib/security/util/json_util.cc +35 -15
  582. data/src/core/lib/security/util/json_util.h +5 -3
  583. data/src/core/lib/slice/b64.cc +3 -4
  584. data/src/core/lib/slice/b64.h +3 -4
  585. data/src/core/lib/slice/slice.cc +188 -73
  586. data/src/core/lib/slice/slice_buffer.cc +55 -26
  587. data/src/core/lib/slice/slice_intern.cc +164 -64
  588. data/src/core/lib/slice/slice_internal.h +110 -8
  589. data/src/core/lib/slice/slice_string_helpers.cc +10 -1
  590. data/src/core/lib/slice/slice_string_helpers.h +3 -1
  591. data/src/core/lib/slice/slice_utils.h +200 -0
  592. data/src/core/lib/surface/byte_buffer_reader.cc +2 -47
  593. data/src/core/lib/surface/call.cc +166 -117
  594. data/src/core/lib/surface/call.h +8 -8
  595. data/src/core/lib/surface/call_log_batch.cc +51 -60
  596. data/src/core/lib/surface/channel.cc +188 -137
  597. data/src/core/lib/surface/channel.h +91 -11
  598. data/src/core/lib/surface/channel_ping.cc +3 -4
  599. data/src/core/lib/surface/completion_queue.cc +144 -111
  600. data/src/core/lib/surface/completion_queue.h +6 -3
  601. data/src/core/lib/surface/completion_queue_factory.cc +1 -1
  602. data/src/core/lib/surface/event_string.cc +18 -25
  603. data/src/core/lib/surface/event_string.h +3 -1
  604. data/src/core/lib/surface/init.cc +6 -2
  605. data/src/core/lib/surface/init_secure.cc +2 -2
  606. data/src/core/lib/surface/lame_client.cc +43 -30
  607. data/src/core/lib/surface/server.cc +1275 -1316
  608. data/src/core/lib/surface/server.h +373 -52
  609. data/src/core/lib/surface/validate_metadata.cc +18 -8
  610. data/src/core/lib/surface/validate_metadata.h +13 -2
  611. data/src/core/lib/surface/version.cc +2 -2
  612. data/src/core/lib/transport/authority_override.cc +38 -0
  613. data/src/core/lib/transport/authority_override.h +32 -0
  614. data/src/core/lib/transport/byte_stream.cc +5 -7
  615. data/src/core/lib/transport/byte_stream.h +13 -12
  616. data/src/core/lib/transport/connectivity_state.cc +118 -98
  617. data/src/core/lib/transport/connectivity_state.h +114 -50
  618. data/src/core/lib/transport/error_utils.cc +23 -1
  619. data/src/core/lib/transport/error_utils.h +6 -0
  620. data/src/core/lib/transport/metadata.cc +252 -57
  621. data/src/core/lib/transport/metadata.h +168 -80
  622. data/src/core/lib/transport/metadata_batch.cc +78 -16
  623. data/src/core/lib/transport/metadata_batch.h +40 -3
  624. data/src/core/lib/transport/static_metadata.cc +1169 -495
  625. data/src/core/lib/transport/static_metadata.h +279 -282
  626. data/src/core/lib/transport/status_conversion.cc +7 -15
  627. data/src/core/lib/transport/status_metadata.cc +8 -1
  628. data/src/core/lib/transport/status_metadata.h +18 -0
  629. data/src/core/lib/transport/timeout_encoding.cc +7 -0
  630. data/src/core/lib/transport/timeout_encoding.h +3 -2
  631. data/src/core/lib/transport/transport.cc +14 -13
  632. data/src/core/lib/transport/transport.h +48 -8
  633. data/src/core/lib/transport/transport_op_string.cc +67 -105
  634. data/src/core/lib/uri/uri_parser.cc +30 -35
  635. data/src/core/lib/uri/uri_parser.h +5 -4
  636. data/src/core/plugin_registry/grpc_plugin_registry.cc +36 -4
  637. data/src/core/tsi/alts/crypt/aes_gcm.cc +0 -2
  638. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
  639. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +414 -120
  640. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +8 -4
  641. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
  642. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +1 -1
  643. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +293 -61
  644. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +15 -5
  645. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +5 -0
  646. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +10 -6
  647. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +4 -3
  648. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +76 -48
  649. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +34 -26
  650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +2 -3
  651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
  652. data/src/core/tsi/fake_transport_security.cc +22 -21
  653. data/src/core/tsi/fake_transport_security.h +2 -0
  654. data/src/core/tsi/local_transport_security.cc +8 -6
  655. data/src/core/tsi/ssl/session_cache/ssl_session.h +2 -6
  656. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +2 -3
  657. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +11 -9
  658. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -13
  659. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +2 -3
  660. data/src/core/tsi/ssl_transport_security.cc +345 -103
  661. data/src/core/tsi/ssl_transport_security.h +42 -11
  662. data/src/core/tsi/ssl_types.h +0 -2
  663. data/src/core/tsi/transport_security.cc +13 -0
  664. data/src/core/tsi/transport_security.h +6 -9
  665. data/src/core/tsi/transport_security_grpc.cc +7 -0
  666. data/src/core/tsi/transport_security_grpc.h +8 -3
  667. data/src/core/tsi/transport_security_interface.h +20 -3
  668. data/src/ruby/bin/math_pb.rb +5 -5
  669. data/src/ruby/bin/math_services_pb.rb +4 -4
  670. data/src/ruby/ext/grpc/ext-export.clang +1 -0
  671. data/src/ruby/ext/grpc/ext-export.gcc +6 -0
  672. data/src/ruby/ext/grpc/extconf.rb +11 -2
  673. data/src/ruby/ext/grpc/rb_call.c +13 -4
  674. data/src/ruby/ext/grpc/rb_call.h +4 -0
  675. data/src/ruby/ext/grpc/rb_call_credentials.c +61 -13
  676. data/src/ruby/ext/grpc/rb_channel.c +1 -1
  677. data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
  678. data/src/ruby/ext/grpc/rb_enable_cpp.cc +22 -0
  679. data/src/ruby/ext/grpc/rb_grpc.c +1 -42
  680. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +16 -6
  681. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +28 -13
  682. data/src/ruby/lib/grpc.rb +2 -0
  683. data/src/ruby/lib/grpc/core/status_codes.rb +135 -0
  684. data/src/ruby/lib/grpc/errors.rb +107 -49
  685. data/src/ruby/lib/grpc/generic/active_call.rb +2 -3
  686. data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
  687. data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
  688. data/src/ruby/lib/grpc/generic/interceptors.rb +5 -5
  689. data/src/ruby/lib/grpc/generic/rpc_server.rb +11 -12
  690. data/src/ruby/lib/grpc/generic/service.rb +5 -4
  691. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +9 -4
  692. data/src/ruby/lib/grpc/grpc.rb +1 -1
  693. data/src/ruby/lib/grpc/structs.rb +15 -0
  694. data/src/ruby/lib/grpc/version.rb +1 -1
  695. data/src/ruby/pb/generate_proto_ruby.sh +5 -3
  696. data/src/ruby/pb/grpc/health/v1/health_pb.rb +3 -3
  697. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
  698. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +1 -1
  699. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +39 -13
  700. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +43 -11
  701. data/src/ruby/spec/channel_credentials_spec.rb +10 -0
  702. data/src/ruby/spec/debug_message_spec.rb +134 -0
  703. data/src/ruby/spec/errors_spec.rb +1 -0
  704. data/src/ruby/spec/generic/active_call_spec.rb +19 -8
  705. data/src/ruby/spec/generic/service_spec.rb +2 -0
  706. data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
  707. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import.proto +22 -0
  708. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  709. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +41 -0
  710. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  711. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  712. data/src/ruby/spec/pb/codegen/package_option_spec.rb +79 -29
  713. data/src/ruby/spec/support/services.rb +10 -4
  714. data/src/ruby/spec/testdata/ca.pem +18 -13
  715. data/src/ruby/spec/testdata/client.key +26 -14
  716. data/src/ruby/spec/testdata/client.pem +18 -12
  717. data/src/ruby/spec/testdata/server1.key +26 -14
  718. data/src/ruby/spec/testdata/server1.pem +20 -14
  719. data/src/ruby/spec/user_agent_spec.rb +74 -0
  720. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
  721. data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
  722. data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
  723. data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
  724. data/third_party/abseil-cpp/absl/base/casts.h +184 -0
  725. data/third_party/abseil-cpp/absl/base/config.h +671 -0
  726. data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
  727. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
  728. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
  729. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
  730. data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
  731. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
  732. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
  733. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
  734. data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
  735. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
  736. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  737. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  738. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
  739. data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
  740. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
  741. data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
  742. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  743. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  744. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
  745. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
  746. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
  747. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
  748. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
  749. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
  750. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
  751. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
  752. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
  753. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
  754. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
  755. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
  756. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
  757. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
  758. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
  759. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
  760. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
  761. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
  762. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
  763. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
  764. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
  765. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
  766. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
  767. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
  768. data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
  769. data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
  770. data/third_party/abseil-cpp/absl/base/macros.h +220 -0
  771. data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
  772. data/third_party/abseil-cpp/absl/base/options.h +211 -0
  773. data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
  774. data/third_party/abseil-cpp/absl/base/port.h +26 -0
  775. data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
  776. data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
  777. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
  778. data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
  779. data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
  780. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
  781. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
  782. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
  783. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
  784. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  785. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
  786. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
  787. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  788. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
  789. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
  790. data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
  791. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  792. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
  793. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
  794. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  795. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
  796. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  797. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  798. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  799. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
  800. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
  801. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
  802. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
  803. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  804. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  805. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
  806. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  807. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
  808. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
  809. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  810. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  811. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  812. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
  813. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  814. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
  815. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  816. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  817. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  818. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  819. data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
  820. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  821. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  822. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  823. data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
  824. data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
  825. data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
  826. data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
  827. data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
  828. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
  829. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
  830. data/third_party/abseil-cpp/absl/status/status.cc +447 -0
  831. data/third_party/abseil-cpp/absl/status/status.h +428 -0
  832. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
  833. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  834. data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
  835. data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
  836. data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
  837. data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
  838. data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
  839. data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
  840. data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
  841. data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
  842. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
  843. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
  844. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
  845. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
  846. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
  847. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
  848. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
  849. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
  850. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
  851. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
  852. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
  853. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
  854. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
  855. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
  856. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
  857. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
  858. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
  859. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
  860. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
  861. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
  862. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
  863. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
  864. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
  865. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
  866. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
  867. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
  868. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
  869. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
  870. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
  871. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
  872. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
  873. data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
  874. data/third_party/abseil-cpp/absl/strings/match.h +90 -0
  875. data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
  876. data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
  877. data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
  878. data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
  879. data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
  880. data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
  881. data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
  882. data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
  883. data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
  884. data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
  885. data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
  886. data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
  887. data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
  888. data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
  889. data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
  890. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  891. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  892. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  893. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  894. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  895. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  896. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
  897. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  898. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  899. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
  900. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  901. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  902. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
  903. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  904. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
  905. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
  906. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  907. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  908. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  909. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  910. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  911. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  912. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  913. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  914. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  915. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  916. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  917. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  918. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  919. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  920. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  921. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  922. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  923. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  924. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  925. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  926. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  927. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  928. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  929. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  930. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  931. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  932. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  933. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  934. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  935. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  936. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  937. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  938. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  939. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
  940. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
  941. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  942. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  943. data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
  944. data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
  945. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  946. data/third_party/abseil-cpp/absl/types/optional.h +776 -0
  947. data/third_party/abseil-cpp/absl/types/span.h +713 -0
  948. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  949. data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
  950. data/third_party/boringssl-with-bazel/err_data.c +1451 -0
  951. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +271 -0
  952. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +123 -0
  953. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +93 -0
  954. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +87 -0
  955. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +195 -0
  956. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_gentm.c +0 -0
  957. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +88 -0
  958. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +420 -0
  959. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +305 -0
  960. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +286 -0
  961. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_octet.c +0 -0
  962. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_print.c +0 -0
  963. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +313 -0
  964. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
  965. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +151 -0
  966. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utctm.c +0 -0
  967. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/a_utf8.c +0 -0
  968. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +446 -0
  969. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_locl.h +0 -0
  970. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/asn1_par.c +0 -0
  971. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +105 -0
  972. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +93 -0
  973. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +97 -0
  974. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +91 -0
  975. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_dec.c +0 -0
  976. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +664 -0
  977. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_fre.c +0 -0
  978. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_new.c +0 -0
  979. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_typ.c +0 -0
  980. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/tasn_utl.c +0 -0
  981. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/asn1/time_support.c +0 -0
  982. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +466 -0
  983. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +700 -0
  984. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/bio_mem.c +0 -0
  985. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
  986. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
  987. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
  988. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/hexdump.c +0 -0
  989. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/internal.h +0 -0
  990. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
  991. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bio/printf.c +0 -0
  992. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +206 -0
  993. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +118 -0
  994. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bn_extra/bn_asn1.c +0 -0
  995. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +470 -0
  996. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
  997. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/bytestring/asn1_compat.c +0 -0
  998. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +265 -0
  999. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
  1000. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
  1001. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +96 -0
  1002. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +155 -0
  1003. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +184 -0
  1004. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +45 -0
  1005. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +143 -0
  1006. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
  1007. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesccm.c +447 -0
  1008. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +283 -0
  1009. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
  1010. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +418 -0
  1011. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_null.c +0 -0
  1012. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc2.c +0 -0
  1013. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/e_rc4.c +0 -0
  1014. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +688 -0
  1015. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cipher_extra/internal.h +0 -0
  1016. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +492 -0
  1017. data/third_party/boringssl-with-bazel/src/crypto/cmac/cmac.c +278 -0
  1018. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +810 -0
  1019. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/conf_def.h +0 -0
  1020. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/conf/internal.h +0 -0
  1021. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-fuchsia.c +0 -0
  1022. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-aarch64-linux.c +0 -0
  1023. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
  1024. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.h +201 -0
  1025. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-arm.c +0 -0
  1026. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
  1027. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/cpu-ppc64le.c +0 -0
  1028. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
  1029. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
  1030. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
  1031. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
  1032. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
  1033. data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
  1034. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
  1035. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/dh_asn1.c +0 -0
  1036. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dh/params.c +0 -0
  1037. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/digest_extra/digest_extra.c +0 -0
  1038. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
  1039. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/dsa/dsa_asn1.c +0 -0
  1040. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +574 -0
  1041. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
  1042. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +385 -0
  1043. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +56 -0
  1044. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
  1045. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +267 -0
  1046. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +99 -0
  1047. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
  1048. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +58 -0
  1049. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/digestsign.c +0 -0
  1050. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +443 -0
  1051. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +547 -0
  1052. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +484 -0
  1053. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +269 -0
  1054. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +273 -0
  1055. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
  1056. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +255 -0
  1057. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +104 -0
  1058. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +221 -0
  1059. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
  1060. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +194 -0
  1061. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +110 -0
  1062. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
  1063. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/pbkdf.c +0 -0
  1064. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/print.c +0 -0
  1065. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +213 -0
  1066. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/evp/sign.c +0 -0
  1067. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/ex_data.c +0 -0
  1068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
  1069. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
  1070. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
  1071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +236 -0
  1072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +122 -0
  1073. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
  1074. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/add.c +0 -0
  1075. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/asm/x86_64-gcc.c +0 -0
  1076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +445 -0
  1077. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/bytes.c +0 -0
  1078. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +200 -0
  1079. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +236 -0
  1080. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +886 -0
  1081. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +87 -0
  1082. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
  1083. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +378 -0
  1084. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  1085. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/generic.c +0 -0
  1086. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +704 -0
  1087. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/jacobi.c +0 -0
  1088. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
  1089. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +186 -0
  1090. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
  1091. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
  1092. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +341 -0
  1093. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +226 -0
  1094. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +104 -0
  1095. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +364 -0
  1096. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/bn/sqrt.c +0 -0
  1097. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/cipher/aead.c +0 -0
  1098. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +620 -0
  1099. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
  1100. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_des.c +237 -0
  1101. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +128 -0
  1102. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +89 -0
  1103. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/des.c +0 -0
  1104. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/des/internal.h +0 -0
  1105. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +271 -0
  1106. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
  1107. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/digest/internal.h +0 -0
  1108. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +268 -0
  1109. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
  1110. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
  1111. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
  1112. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
  1113. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +776 -0
  1114. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
  1115. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1180 -0
  1116. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
  1117. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +633 -0
  1118. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.h +153 -0
  1119. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +740 -0
  1120. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  1121. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
  1122. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
  1123. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
  1124. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +255 -0
  1125. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
  1126. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  1127. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
  1128. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +32 -0
  1129. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/hmac/hmac.c +0 -0
  1130. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +29 -0
  1131. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +256 -0
  1132. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +37 -0
  1133. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +301 -0
  1134. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +167 -0
  1135. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +202 -0
  1136. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +200 -0
  1137. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
  1138. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
  1139. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
  1140. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +96 -0
  1141. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/modes/polyval.c +0 -0
  1142. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +202 -0
  1143. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  1144. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  1145. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  1146. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
  1147. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
  1148. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
  1149. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
  1150. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
  1151. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +695 -0
  1152. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
  1153. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
  1154. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +716 -0
  1155. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +53 -0
  1156. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/sha/sha1-altivec.c +0 -0
  1157. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +371 -0
  1158. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +343 -0
  1159. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
  1160. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/internal.h +0 -0
  1161. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/fipsmodule/tls/kdf.c +0 -0
  1162. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/hkdf/hkdf.c +0 -0
  1163. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +456 -0
  1164. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +192 -0
  1165. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
  1166. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
  1167. data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
  1168. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +348 -0
  1169. data/third_party/boringssl-with-bazel/src/crypto/mem.c +373 -0
  1170. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
  1171. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
  1172. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/obj/obj_xref.c +0 -0
  1173. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +261 -0
  1174. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
  1175. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
  1176. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
  1177. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
  1178. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
  1179. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_x509.c +0 -0
  1180. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pem/pem_xaux.c +0 -0
  1181. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/pkcs7/internal.h +0 -0
  1182. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +159 -0
  1183. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
  1184. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +138 -0
  1185. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +316 -0
  1186. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +530 -0
  1187. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1336 -0
  1188. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/poly1305/internal.h +0 -0
  1189. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
  1190. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
  1191. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
  1192. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +45 -0
  1193. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
  1194. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
  1195. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/forkunsafe.c +0 -0
  1196. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +30 -0
  1197. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rand_extra/rand_extra.c +0 -0
  1198. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
  1199. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rc4/rc4.c +0 -0
  1200. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/refcount_c11.c +0 -0
  1201. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +53 -0
  1202. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/rsa_extra/rsa_asn1.c +0 -0
  1203. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +22 -0
  1204. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
  1205. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +431 -0
  1206. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/thread.c +0 -0
  1207. data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +59 -0
  1208. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
  1209. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
  1210. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +249 -0
  1211. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1227 -0
  1212. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +682 -0
  1213. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_digest.c +0 -0
  1214. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/a_sign.c +0 -0
  1215. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +653 -0
  1216. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
  1217. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +161 -0
  1218. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +842 -0
  1219. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
  1220. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
  1221. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/charmap.h +0 -0
  1222. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/i2d_pr.c +0 -0
  1223. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/internal.h +0 -0
  1224. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/rsa_pss.c +0 -0
  1225. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +125 -0
  1226. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +244 -0
  1227. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +544 -0
  1228. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/t_x509a.c +0 -0
  1229. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/vpm_int.h +0 -0
  1230. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +90 -0
  1231. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_att.c +0 -0
  1232. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +483 -0
  1233. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_d2.c +0 -0
  1234. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +103 -0
  1235. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_ext.c +0 -0
  1236. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +834 -0
  1237. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
  1238. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
  1239. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +351 -0
  1240. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +226 -0
  1241. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +329 -0
  1242. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +204 -0
  1243. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509_v3.c +0 -0
  1244. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2506 -0
  1245. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
  1246. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +235 -0
  1247. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
  1248. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509rset.c +0 -0
  1249. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x509spki.c +0 -0
  1250. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_algor.c +0 -0
  1251. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
  1252. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_attrib.c +0 -0
  1253. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +563 -0
  1254. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_exten.c +0 -0
  1255. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_info.c +0 -0
  1256. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_name.c +0 -0
  1257. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_pkey.c +0 -0
  1258. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +214 -0
  1259. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_req.c +0 -0
  1260. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +89 -0
  1261. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_spki.c +0 -0
  1262. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_val.c +0 -0
  1263. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +356 -0
  1264. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509/x_x509a.c +0 -0
  1265. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +141 -0
  1266. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +61 -0
  1267. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +286 -0
  1268. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_data.c +0 -0
  1269. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_int.h +0 -0
  1270. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_lib.c +0 -0
  1271. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/pcy_map.c +0 -0
  1272. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +189 -0
  1273. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +842 -0
  1274. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +207 -0
  1275. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_akeya.c +0 -0
  1276. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
  1277. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bcons.c +0 -0
  1278. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_bitst.c +0 -0
  1279. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +463 -0
  1280. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +503 -0
  1281. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_crld.c +0 -0
  1282. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
  1283. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_extku.c +0 -0
  1284. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +246 -0
  1285. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ia5.c +0 -0
  1286. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
  1287. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_int.c +0 -0
  1288. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +371 -0
  1289. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_ncons.c +0 -0
  1290. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +68 -0
  1291. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +288 -0
  1292. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcia.c +0 -0
  1293. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pcons.c +0 -0
  1294. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pku.c +0 -0
  1295. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_pmaps.c +0 -0
  1296. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_prn.c +0 -0
  1297. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +882 -0
  1298. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +155 -0
  1299. data/third_party/{boringssl → boringssl-with-bazel/src}/crypto/x509v3/v3_sxnet.c +0 -0
  1300. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
  1301. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +459 -0
  1302. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +207 -0
  1303. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +173 -0
  1304. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +911 -0
  1305. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1_mac.h +0 -0
  1306. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/asn1t.h +0 -0
  1307. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
  1308. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +190 -0
  1309. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +933 -0
  1310. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +93 -0
  1311. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
  1312. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
  1313. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/buffer.h +0 -0
  1314. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
  1315. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +96 -0
  1316. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/chacha.h +0 -0
  1317. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +638 -0
  1318. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +91 -0
  1319. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +180 -0
  1320. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +212 -0
  1321. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
  1322. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +201 -0
  1323. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/des.h +0 -0
  1324. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
  1325. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
  1326. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
  1327. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/dtls1.h +0 -0
  1328. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +18 -0
  1329. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
  1330. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
  1331. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +118 -0
  1332. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
  1333. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +109 -0
  1334. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
  1335. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1119 -0
  1336. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ex_data.h +0 -0
  1337. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/hkdf.h +0 -0
  1338. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +186 -0
  1339. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +100 -0
  1340. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/is_boringssl.h +0 -0
  1341. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +282 -0
  1342. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +108 -0
  1343. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +109 -0
  1344. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
  1345. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
  1346. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +236 -0
  1347. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/obj_mac.h +0 -0
  1348. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/objects.h +0 -0
  1349. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslconf.h +0 -0
  1350. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/opensslv.h +0 -0
  1351. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/ossl_typ.h +0 -0
  1352. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +435 -0
  1353. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/pkcs12.h +0 -0
  1354. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +215 -0
  1355. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +269 -0
  1356. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
  1357. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +102 -0
  1358. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
  1359. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/rc4.h +0 -0
  1360. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +108 -0
  1361. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
  1362. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/safestack.h +0 -0
  1363. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
  1364. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +37 -0
  1365. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +199 -0
  1366. data/third_party/{boringssl → boringssl-with-bazel/src}/include/openssl/srtp.h +0 -0
  1367. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5247 -0
  1368. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +333 -0
  1369. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +542 -0
  1370. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +191 -0
  1371. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +631 -0
  1372. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +282 -0
  1373. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +90 -0
  1374. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1292 -0
  1375. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
  1376. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +831 -0
  1377. data/third_party/{boringssl → boringssl-with-bazel/src}/ssl/bio_ssl.cc +0 -0
  1378. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
  1379. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
  1380. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
  1381. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +232 -0
  1382. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
  1383. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +353 -0
  1384. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
  1385. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +710 -0
  1386. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
  1387. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1814 -0
  1388. data/third_party/boringssl-with-bazel/src/ssl/internal.h +3579 -0
  1389. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
  1390. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
  1391. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
  1392. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +432 -0
  1393. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
  1394. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
  1395. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1016 -0
  1396. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
  1397. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +585 -0
  1398. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +397 -0
  1399. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3053 -0
  1400. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
  1401. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1313 -0
  1402. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
  1403. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +277 -0
  1404. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
  1405. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +1358 -0
  1406. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +386 -0
  1407. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3895 -0
  1408. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
  1409. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1027 -0
  1410. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
  1411. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1104 -0
  1412. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
  1413. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +705 -0
  1414. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
  1415. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
  1416. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
  1417. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
  1418. data/third_party/re2/re2/bitmap256.h +117 -0
  1419. data/third_party/re2/re2/bitstate.cc +385 -0
  1420. data/third_party/re2/re2/compile.cc +1279 -0
  1421. data/third_party/re2/re2/dfa.cc +2130 -0
  1422. data/third_party/re2/re2/filtered_re2.cc +121 -0
  1423. data/third_party/re2/re2/filtered_re2.h +109 -0
  1424. data/third_party/re2/re2/mimics_pcre.cc +197 -0
  1425. data/third_party/re2/re2/nfa.cc +713 -0
  1426. data/third_party/re2/re2/onepass.cc +623 -0
  1427. data/third_party/re2/re2/parse.cc +2464 -0
  1428. data/third_party/re2/re2/perl_groups.cc +119 -0
  1429. data/third_party/re2/re2/pod_array.h +55 -0
  1430. data/third_party/re2/re2/prefilter.cc +710 -0
  1431. data/third_party/re2/re2/prefilter.h +108 -0
  1432. data/third_party/re2/re2/prefilter_tree.cc +407 -0
  1433. data/third_party/re2/re2/prefilter_tree.h +139 -0
  1434. data/third_party/re2/re2/prog.cc +988 -0
  1435. data/third_party/re2/re2/prog.h +436 -0
  1436. data/third_party/re2/re2/re2.cc +1362 -0
  1437. data/third_party/re2/re2/re2.h +1002 -0
  1438. data/third_party/re2/re2/regexp.cc +980 -0
  1439. data/third_party/re2/re2/regexp.h +659 -0
  1440. data/third_party/re2/re2/set.cc +154 -0
  1441. data/third_party/re2/re2/set.h +80 -0
  1442. data/third_party/re2/re2/simplify.cc +657 -0
  1443. data/third_party/re2/re2/sparse_array.h +392 -0
  1444. data/third_party/re2/re2/sparse_set.h +264 -0
  1445. data/third_party/re2/re2/stringpiece.cc +65 -0
  1446. data/third_party/re2/re2/stringpiece.h +210 -0
  1447. data/third_party/re2/re2/tostring.cc +351 -0
  1448. data/third_party/re2/re2/unicode_casefold.cc +582 -0
  1449. data/third_party/re2/re2/unicode_casefold.h +78 -0
  1450. data/third_party/re2/re2/unicode_groups.cc +6269 -0
  1451. data/third_party/re2/re2/unicode_groups.h +67 -0
  1452. data/third_party/re2/re2/walker-inl.h +246 -0
  1453. data/third_party/re2/util/benchmark.h +156 -0
  1454. data/third_party/re2/util/flags.h +26 -0
  1455. data/third_party/re2/util/logging.h +109 -0
  1456. data/third_party/re2/util/malloc_counter.h +19 -0
  1457. data/third_party/re2/util/mix.h +41 -0
  1458. data/third_party/re2/util/mutex.h +148 -0
  1459. data/third_party/re2/util/pcre.cc +1025 -0
  1460. data/third_party/re2/util/pcre.h +681 -0
  1461. data/third_party/re2/util/rune.cc +260 -0
  1462. data/third_party/re2/util/strutil.cc +149 -0
  1463. data/third_party/re2/util/strutil.h +21 -0
  1464. data/third_party/re2/util/test.h +50 -0
  1465. data/third_party/re2/util/utf.h +44 -0
  1466. data/third_party/re2/util/util.h +42 -0
  1467. data/third_party/upb/upb/decode.c +621 -0
  1468. data/third_party/upb/upb/decode.h +21 -0
  1469. data/third_party/upb/upb/encode.c +420 -0
  1470. data/third_party/upb/upb/encode.h +21 -0
  1471. data/third_party/upb/upb/msg.c +177 -0
  1472. data/third_party/upb/upb/msg.h +473 -0
  1473. data/third_party/upb/upb/port.c +26 -0
  1474. data/third_party/upb/upb/port_def.inc +179 -0
  1475. data/third_party/upb/upb/port_undef.inc +28 -0
  1476. data/third_party/upb/upb/table.c +880 -0
  1477. data/third_party/upb/upb/table.int.h +466 -0
  1478. data/third_party/upb/upb/upb.c +287 -0
  1479. data/third_party/upb/upb/upb.h +308 -0
  1480. data/third_party/upb/upb/upb.hpp +88 -0
  1481. metadata +1054 -526
  1482. data/src/boringssl/err_data.c +0 -1362
  1483. data/src/core/ext/filters/client_channel/connector.cc +0 -41
  1484. data/src/core/ext/filters/client_channel/health/health.pb.c +0 -23
  1485. data/src/core/ext/filters/client_channel/health/health.pb.h +0 -73
  1486. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.c +0 -19
  1487. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/duration.pb.h +0 -54
  1488. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.c +0 -19
  1489. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/google/protobuf/timestamp.pb.h +0 -54
  1490. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.c +0 -89
  1491. data/src/core/ext/filters/client_channel/lb_policy/grpclb/proto/grpc/lb/v1/load_balancer.pb.h +0 -164
  1492. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +0 -2249
  1493. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel.h +0 -36
  1494. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_secure.cc +0 -61
  1495. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_client_stats.cc +0 -85
  1496. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_client_stats.h +0 -72
  1497. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.cc +0 -307
  1498. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -89
  1499. data/src/core/ext/filters/client_channel/parse_address.cc +0 -234
  1500. data/src/core/ext/filters/client_channel/parse_address.h +0 -53
  1501. data/src/core/ext/filters/client_channel/proxy_mapper.cc +0 -48
  1502. data/src/core/lib/gpr/host_port.cc +0 -98
  1503. data/src/core/lib/gpr/host_port.h +0 -43
  1504. data/src/core/lib/gpr/mpscq.cc +0 -117
  1505. data/src/core/lib/gpr/mpscq.h +0 -88
  1506. data/src/core/lib/gprpp/abstract.h +0 -37
  1507. data/src/core/lib/gprpp/inlined_vector.h +0 -200
  1508. data/src/core/lib/gprpp/optional.h +0 -48
  1509. data/src/core/lib/gprpp/pair.h +0 -38
  1510. data/src/core/lib/json/json.cc +0 -94
  1511. data/src/core/lib/json/json_common.h +0 -34
  1512. data/src/core/lib/json/json_reader.h +0 -146
  1513. data/src/core/lib/json/json_string.cc +0 -367
  1514. data/src/core/lib/json/json_writer.h +0 -84
  1515. data/src/core/lib/security/credentials/tls/spiffe_credentials.cc +0 -129
  1516. data/src/core/lib/security/credentials/tls/spiffe_credentials.h +0 -62
  1517. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +0 -426
  1518. data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +0 -122
  1519. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  1520. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  1521. data/src/core/lib/slice/slice_hash_table.h +0 -205
  1522. data/src/core/lib/slice/slice_weak_hash_table.h +0 -109
  1523. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.cc +0 -520
  1524. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api.h +0 -323
  1525. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.cc +0 -145
  1526. data/src/core/tsi/alts/handshaker/alts_handshaker_service_api_util.h +0 -149
  1527. data/src/core/tsi/alts/handshaker/altscontext.pb.c +0 -47
  1528. data/src/core/tsi/alts/handshaker/altscontext.pb.h +0 -63
  1529. data/src/core/tsi/alts/handshaker/handshaker.pb.c +0 -122
  1530. data/src/core/tsi/alts/handshaker/handshaker.pb.h +0 -254
  1531. data/src/core/tsi/alts/handshaker/transport_security_common.pb.c +0 -49
  1532. data/src/core/tsi/alts/handshaker/transport_security_common.pb.h +0 -78
  1533. data/src/core/tsi/grpc_shadow_boringssl.h +0 -3006
  1534. data/third_party/boringssl/crypto/asn1/a_bitstr.c +0 -271
  1535. data/third_party/boringssl/crypto/asn1/a_bool.c +0 -110
  1536. data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +0 -297
  1537. data/third_party/boringssl/crypto/asn1/a_dup.c +0 -111
  1538. data/third_party/boringssl/crypto/asn1/a_enum.c +0 -195
  1539. data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +0 -150
  1540. data/third_party/boringssl/crypto/asn1/a_int.c +0 -479
  1541. data/third_party/boringssl/crypto/asn1/a_mbstr.c +0 -411
  1542. data/third_party/boringssl/crypto/asn1/a_object.c +0 -275
  1543. data/third_party/boringssl/crypto/asn1/a_strnid.c +0 -312
  1544. data/third_party/boringssl/crypto/asn1/a_time.c +0 -213
  1545. data/third_party/boringssl/crypto/asn1/a_type.c +0 -151
  1546. data/third_party/boringssl/crypto/asn1/asn1_lib.c +0 -442
  1547. data/third_party/boringssl/crypto/asn1/asn_pack.c +0 -105
  1548. data/third_party/boringssl/crypto/asn1/f_enum.c +0 -93
  1549. data/third_party/boringssl/crypto/asn1/f_int.c +0 -97
  1550. data/third_party/boringssl/crypto/asn1/f_string.c +0 -91
  1551. data/third_party/boringssl/crypto/asn1/tasn_enc.c +0 -662
  1552. data/third_party/boringssl/crypto/base64/base64.c +0 -466
  1553. data/third_party/boringssl/crypto/bio/bio.c +0 -636
  1554. data/third_party/boringssl/crypto/bio/connect.c +0 -542
  1555. data/third_party/boringssl/crypto/bio/fd.c +0 -276
  1556. data/third_party/boringssl/crypto/bio/file.c +0 -315
  1557. data/third_party/boringssl/crypto/bio/pair.c +0 -489
  1558. data/third_party/boringssl/crypto/bio/socket.c +0 -202
  1559. data/third_party/boringssl/crypto/bio/socket_helper.c +0 -114
  1560. data/third_party/boringssl/crypto/bn_extra/convert.c +0 -466
  1561. data/third_party/boringssl/crypto/buf/buf.c +0 -231
  1562. data/third_party/boringssl/crypto/bytestring/ber.c +0 -261
  1563. data/third_party/boringssl/crypto/bytestring/cbb.c +0 -668
  1564. data/third_party/boringssl/crypto/bytestring/cbs.c +0 -618
  1565. data/third_party/boringssl/crypto/bytestring/internal.h +0 -75
  1566. data/third_party/boringssl/crypto/chacha/chacha.c +0 -167
  1567. data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +0 -114
  1568. data/third_party/boringssl/crypto/cipher_extra/derive_key.c +0 -152
  1569. data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +0 -203
  1570. data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +0 -281
  1571. data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +0 -867
  1572. data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +0 -326
  1573. data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
  1574. data/third_party/boringssl/crypto/cipher_extra/e_tls.c +0 -680
  1575. data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +0 -482
  1576. data/third_party/boringssl/crypto/cmac/cmac.c +0 -241
  1577. data/third_party/boringssl/crypto/conf/conf.c +0 -803
  1578. data/third_party/boringssl/crypto/cpu-arm-linux.c +0 -363
  1579. data/third_party/boringssl/crypto/cpu-intel.c +0 -288
  1580. data/third_party/boringssl/crypto/crypto.c +0 -198
  1581. data/third_party/boringssl/crypto/curve25519/spake25519.c +0 -539
  1582. data/third_party/boringssl/crypto/dh/check.c +0 -217
  1583. data/third_party/boringssl/crypto/dh/dh.c +0 -519
  1584. data/third_party/boringssl/crypto/dsa/dsa.c +0 -946
  1585. data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +0 -562
  1586. data/third_party/boringssl/crypto/ecdh/ecdh.c +0 -162
  1587. data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +0 -275
  1588. data/third_party/boringssl/crypto/engine/engine.c +0 -98
  1589. data/third_party/boringssl/crypto/err/err.c +0 -847
  1590. data/third_party/boringssl/crypto/err/internal.h +0 -58
  1591. data/third_party/boringssl/crypto/evp/evp.c +0 -362
  1592. data/third_party/boringssl/crypto/evp/evp_asn1.c +0 -337
  1593. data/third_party/boringssl/crypto/evp/evp_ctx.c +0 -446
  1594. data/third_party/boringssl/crypto/evp/internal.h +0 -252
  1595. data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +0 -268
  1596. data/third_party/boringssl/crypto/evp/p_ec.c +0 -239
  1597. data/third_party/boringssl/crypto/evp/p_ec_asn1.c +0 -256
  1598. data/third_party/boringssl/crypto/evp/p_ed25519.c +0 -71
  1599. data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +0 -190
  1600. data/third_party/boringssl/crypto/evp/p_rsa.c +0 -634
  1601. data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +0 -189
  1602. data/third_party/boringssl/crypto/evp/scrypt.c +0 -209
  1603. data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +0 -1100
  1604. data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +0 -100
  1605. data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +0 -138
  1606. data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +0 -112
  1607. data/third_party/boringssl/crypto/fipsmodule/bcm.c +0 -148
  1608. data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +0 -428
  1609. data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +0 -200
  1610. data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +0 -303
  1611. data/third_party/boringssl/crypto/fipsmodule/bn/div.c +0 -895
  1612. data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +0 -1356
  1613. data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -683
  1614. data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +0 -573
  1615. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +0 -526
  1616. data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +0 -185
  1617. data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +0 -876
  1618. data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +0 -1154
  1619. data/third_party/boringssl/crypto/fipsmodule/bn/random.c +0 -351
  1620. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +0 -231
  1621. data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +0 -33
  1622. data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +0 -364
  1623. data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +0 -615
  1624. data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +0 -1437
  1625. data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +0 -233
  1626. data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +0 -129
  1627. data/third_party/boringssl/crypto/fipsmodule/delocate.h +0 -88
  1628. data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +0 -256
  1629. data/third_party/boringssl/crypto/fipsmodule/digest/digests.c +0 -280
  1630. data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +0 -268
  1631. data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +0 -974
  1632. data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +0 -453
  1633. data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +0 -270
  1634. data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +0 -337
  1635. data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +0 -373
  1636. data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +0 -1104
  1637. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +0 -9503
  1638. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +0 -447
  1639. data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +0 -117
  1640. data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +0 -1046
  1641. data/third_party/boringssl/crypto/fipsmodule/ec/util.c +0 -104
  1642. data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +0 -354
  1643. data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +0 -458
  1644. data/third_party/boringssl/crypto/fipsmodule/is_fips.c +0 -27
  1645. data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +0 -254
  1646. data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +0 -298
  1647. data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +0 -211
  1648. data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
  1649. data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +0 -234
  1650. data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +0 -220
  1651. data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +0 -1063
  1652. data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +0 -388
  1653. data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +0 -95
  1654. data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +0 -202
  1655. data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +0 -92
  1656. data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +0 -358
  1657. data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +0 -302
  1658. data/third_party/boringssl/crypto/fipsmodule/rsa/blinding.c +0 -239
  1659. data/third_party/boringssl/crypto/fipsmodule/rsa/internal.h +0 -126
  1660. data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +0 -692
  1661. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +0 -875
  1662. data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +0 -1218
  1663. data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +0 -581
  1664. data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +0 -375
  1665. data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +0 -337
  1666. data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +0 -608
  1667. data/third_party/boringssl/crypto/internal.h +0 -739
  1668. data/third_party/boringssl/crypto/lhash/lhash.c +0 -336
  1669. data/third_party/boringssl/crypto/mem.c +0 -235
  1670. data/third_party/boringssl/crypto/obj/obj.c +0 -554
  1671. data/third_party/boringssl/crypto/obj/obj_dat.h +0 -6244
  1672. data/third_party/boringssl/crypto/pem/pem_all.c +0 -262
  1673. data/third_party/boringssl/crypto/pem/pem_info.c +0 -379
  1674. data/third_party/boringssl/crypto/pem/pem_lib.c +0 -776
  1675. data/third_party/boringssl/crypto/pem/pem_oth.c +0 -88
  1676. data/third_party/boringssl/crypto/pem/pem_pk8.c +0 -258
  1677. data/third_party/boringssl/crypto/pem/pem_pkey.c +0 -227
  1678. data/third_party/boringssl/crypto/pkcs7/pkcs7.c +0 -166
  1679. data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +0 -233
  1680. data/third_party/boringssl/crypto/pkcs8/internal.h +0 -120
  1681. data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +0 -307
  1682. data/third_party/boringssl/crypto/pkcs8/pkcs8.c +0 -513
  1683. data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +0 -789
  1684. data/third_party/boringssl/crypto/poly1305/poly1305.c +0 -318
  1685. data/third_party/boringssl/crypto/poly1305/poly1305_arm.c +0 -304
  1686. data/third_party/boringssl/crypto/poly1305/poly1305_vec.c +0 -839
  1687. data/third_party/boringssl/crypto/pool/internal.h +0 -45
  1688. data/third_party/boringssl/crypto/pool/pool.c +0 -200
  1689. data/third_party/boringssl/crypto/rand_extra/deterministic.c +0 -48
  1690. data/third_party/boringssl/crypto/rand_extra/fuchsia.c +0 -43
  1691. data/third_party/boringssl/crypto/rand_extra/windows.c +0 -53
  1692. data/third_party/boringssl/crypto/refcount_lock.c +0 -53
  1693. data/third_party/boringssl/crypto/stack/stack.c +0 -380
  1694. data/third_party/boringssl/crypto/thread_none.c +0 -59
  1695. data/third_party/boringssl/crypto/thread_pthread.c +0 -206
  1696. data/third_party/boringssl/crypto/thread_win.c +0 -237
  1697. data/third_party/boringssl/crypto/x509/a_strex.c +0 -633
  1698. data/third_party/boringssl/crypto/x509/a_verify.c +0 -115
  1699. data/third_party/boringssl/crypto/x509/algorithm.c +0 -153
  1700. data/third_party/boringssl/crypto/x509/asn1_gen.c +0 -841
  1701. data/third_party/boringssl/crypto/x509/by_dir.c +0 -451
  1702. data/third_party/boringssl/crypto/x509/by_file.c +0 -274
  1703. data/third_party/boringssl/crypto/x509/t_crl.c +0 -128
  1704. data/third_party/boringssl/crypto/x509/t_req.c +0 -246
  1705. data/third_party/boringssl/crypto/x509/t_x509.c +0 -547
  1706. data/third_party/boringssl/crypto/x509/x509.c +0 -157
  1707. data/third_party/boringssl/crypto/x509/x509_cmp.c +0 -477
  1708. data/third_party/boringssl/crypto/x509/x509_def.c +0 -103
  1709. data/third_party/boringssl/crypto/x509/x509_lu.c +0 -725
  1710. data/third_party/boringssl/crypto/x509/x509_obj.c +0 -198
  1711. data/third_party/boringssl/crypto/x509/x509_r2x.c +0 -117
  1712. data/third_party/boringssl/crypto/x509/x509_req.c +0 -322
  1713. data/third_party/boringssl/crypto/x509/x509_set.c +0 -164
  1714. data/third_party/boringssl/crypto/x509/x509_trs.c +0 -326
  1715. data/third_party/boringssl/crypto/x509/x509_txt.c +0 -205
  1716. data/third_party/boringssl/crypto/x509/x509_vfy.c +0 -2476
  1717. data/third_party/boringssl/crypto/x509/x509_vpm.c +0 -670
  1718. data/third_party/boringssl/crypto/x509/x509cset.c +0 -170
  1719. data/third_party/boringssl/crypto/x509/x509name.c +0 -389
  1720. data/third_party/boringssl/crypto/x509/x_all.c +0 -501
  1721. data/third_party/boringssl/crypto/x509/x_crl.c +0 -541
  1722. data/third_party/boringssl/crypto/x509/x_pubkey.c +0 -368
  1723. data/third_party/boringssl/crypto/x509/x_sig.c +0 -69
  1724. data/third_party/boringssl/crypto/x509/x_x509.c +0 -328
  1725. data/third_party/boringssl/crypto/x509v3/ext_dat.h +0 -143
  1726. data/third_party/boringssl/crypto/x509v3/pcy_cache.c +0 -284
  1727. data/third_party/boringssl/crypto/x509v3/pcy_node.c +0 -188
  1728. data/third_party/boringssl/crypto/x509v3/pcy_tree.c +0 -840
  1729. data/third_party/boringssl/crypto/x509v3/v3_akey.c +0 -204
  1730. data/third_party/boringssl/crypto/x509v3/v3_alt.c +0 -623
  1731. data/third_party/boringssl/crypto/x509v3/v3_conf.c +0 -462
  1732. data/third_party/boringssl/crypto/x509v3/v3_cpols.c +0 -502
  1733. data/third_party/boringssl/crypto/x509v3/v3_enum.c +0 -100
  1734. data/third_party/boringssl/crypto/x509v3/v3_genn.c +0 -251
  1735. data/third_party/boringssl/crypto/x509v3/v3_info.c +0 -219
  1736. data/third_party/boringssl/crypto/x509v3/v3_lib.c +0 -370
  1737. data/third_party/boringssl/crypto/x509v3/v3_pci.c +0 -287
  1738. data/third_party/boringssl/crypto/x509v3/v3_purp.c +0 -866
  1739. data/third_party/boringssl/crypto/x509v3/v3_skey.c +0 -152
  1740. data/third_party/boringssl/crypto/x509v3/v3_utl.c +0 -1352
  1741. data/third_party/boringssl/include/openssl/aead.h +0 -433
  1742. data/third_party/boringssl/include/openssl/aes.h +0 -170
  1743. data/third_party/boringssl/include/openssl/arm_arch.h +0 -121
  1744. data/third_party/boringssl/include/openssl/asn1.h +0 -981
  1745. data/third_party/boringssl/include/openssl/base.h +0 -457
  1746. data/third_party/boringssl/include/openssl/base64.h +0 -187
  1747. data/third_party/boringssl/include/openssl/bio.h +0 -902
  1748. data/third_party/boringssl/include/openssl/blowfish.h +0 -93
  1749. data/third_party/boringssl/include/openssl/bn.h +0 -1019
  1750. data/third_party/boringssl/include/openssl/buf.h +0 -137
  1751. data/third_party/boringssl/include/openssl/bytestring.h +0 -505
  1752. data/third_party/boringssl/include/openssl/cast.h +0 -96
  1753. data/third_party/boringssl/include/openssl/cipher.h +0 -608
  1754. data/third_party/boringssl/include/openssl/cmac.h +0 -87
  1755. data/third_party/boringssl/include/openssl/conf.h +0 -183
  1756. data/third_party/boringssl/include/openssl/cpu.h +0 -196
  1757. data/third_party/boringssl/include/openssl/crypto.h +0 -122
  1758. data/third_party/boringssl/include/openssl/curve25519.h +0 -201
  1759. data/third_party/boringssl/include/openssl/dh.h +0 -298
  1760. data/third_party/boringssl/include/openssl/digest.h +0 -316
  1761. data/third_party/boringssl/include/openssl/dsa.h +0 -435
  1762. data/third_party/boringssl/include/openssl/ec.h +0 -413
  1763. data/third_party/boringssl/include/openssl/ec_key.h +0 -342
  1764. data/third_party/boringssl/include/openssl/ecdh.h +0 -101
  1765. data/third_party/boringssl/include/openssl/ecdsa.h +0 -199
  1766. data/third_party/boringssl/include/openssl/engine.h +0 -109
  1767. data/third_party/boringssl/include/openssl/err.h +0 -458
  1768. data/third_party/boringssl/include/openssl/evp.h +0 -873
  1769. data/third_party/boringssl/include/openssl/hmac.h +0 -186
  1770. data/third_party/boringssl/include/openssl/lhash.h +0 -174
  1771. data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
  1772. data/third_party/boringssl/include/openssl/md4.h +0 -106
  1773. data/third_party/boringssl/include/openssl/md5.h +0 -107
  1774. data/third_party/boringssl/include/openssl/mem.h +0 -156
  1775. data/third_party/boringssl/include/openssl/nid.h +0 -4242
  1776. data/third_party/boringssl/include/openssl/obj.h +0 -233
  1777. data/third_party/boringssl/include/openssl/pem.h +0 -397
  1778. data/third_party/boringssl/include/openssl/pkcs7.h +0 -82
  1779. data/third_party/boringssl/include/openssl/pkcs8.h +0 -230
  1780. data/third_party/boringssl/include/openssl/poly1305.h +0 -51
  1781. data/third_party/boringssl/include/openssl/pool.h +0 -91
  1782. data/third_party/boringssl/include/openssl/rand.h +0 -125
  1783. data/third_party/boringssl/include/openssl/ripemd.h +0 -107
  1784. data/third_party/boringssl/include/openssl/rsa.h +0 -756
  1785. data/third_party/boringssl/include/openssl/sha.h +0 -256
  1786. data/third_party/boringssl/include/openssl/span.h +0 -191
  1787. data/third_party/boringssl/include/openssl/ssl.h +0 -4740
  1788. data/third_party/boringssl/include/openssl/ssl3.h +0 -332
  1789. data/third_party/boringssl/include/openssl/stack.h +0 -485
  1790. data/third_party/boringssl/include/openssl/thread.h +0 -191
  1791. data/third_party/boringssl/include/openssl/tls1.h +0 -618
  1792. data/third_party/boringssl/include/openssl/type_check.h +0 -91
  1793. data/third_party/boringssl/include/openssl/x509.h +0 -1180
  1794. data/third_party/boringssl/include/openssl/x509_vfy.h +0 -614
  1795. data/third_party/boringssl/include/openssl/x509v3.h +0 -827
  1796. data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
  1797. data/third_party/boringssl/ssl/d1_both.cc +0 -851
  1798. data/third_party/boringssl/ssl/d1_lib.cc +0 -267
  1799. data/third_party/boringssl/ssl/d1_pkt.cc +0 -274
  1800. data/third_party/boringssl/ssl/d1_srtp.cc +0 -232
  1801. data/third_party/boringssl/ssl/dtls_method.cc +0 -193
  1802. data/third_party/boringssl/ssl/dtls_record.cc +0 -353
  1803. data/third_party/boringssl/ssl/handoff.cc +0 -285
  1804. data/third_party/boringssl/ssl/handshake.cc +0 -630
  1805. data/third_party/boringssl/ssl/handshake_client.cc +0 -1842
  1806. data/third_party/boringssl/ssl/handshake_server.cc +0 -1674
  1807. data/third_party/boringssl/ssl/internal.h +0 -3064
  1808. data/third_party/boringssl/ssl/s3_both.cc +0 -585
  1809. data/third_party/boringssl/ssl/s3_lib.cc +0 -226
  1810. data/third_party/boringssl/ssl/s3_pkt.cc +0 -425
  1811. data/third_party/boringssl/ssl/ssl_aead_ctx.cc +0 -412
  1812. data/third_party/boringssl/ssl/ssl_asn1.cc +0 -844
  1813. data/third_party/boringssl/ssl/ssl_buffer.cc +0 -286
  1814. data/third_party/boringssl/ssl/ssl_cert.cc +0 -913
  1815. data/third_party/boringssl/ssl/ssl_cipher.cc +0 -1781
  1816. data/third_party/boringssl/ssl/ssl_file.cc +0 -583
  1817. data/third_party/boringssl/ssl/ssl_key_share.cc +0 -252
  1818. data/third_party/boringssl/ssl/ssl_lib.cc +0 -2719
  1819. data/third_party/boringssl/ssl/ssl_privkey.cc +0 -494
  1820. data/third_party/boringssl/ssl/ssl_session.cc +0 -1221
  1821. data/third_party/boringssl/ssl/ssl_stat.cc +0 -224
  1822. data/third_party/boringssl/ssl/ssl_transcript.cc +0 -398
  1823. data/third_party/boringssl/ssl/ssl_versions.cc +0 -399
  1824. data/third_party/boringssl/ssl/ssl_x509.cc +0 -1297
  1825. data/third_party/boringssl/ssl/t1_enc.cc +0 -452
  1826. data/third_party/boringssl/ssl/t1_lib.cc +0 -3783
  1827. data/third_party/boringssl/ssl/tls13_both.cc +0 -559
  1828. data/third_party/boringssl/ssl/tls13_client.cc +0 -891
  1829. data/third_party/boringssl/ssl/tls13_enc.cc +0 -493
  1830. data/third_party/boringssl/ssl/tls13_server.cc +0 -1022
  1831. data/third_party/boringssl/ssl/tls_method.cc +0 -274
  1832. data/third_party/boringssl/ssl/tls_record.cc +0 -703
  1833. data/third_party/boringssl/third_party/fiat/curve25519.c +0 -3230
  1834. data/third_party/boringssl/third_party/fiat/curve25519_tables.h +0 -7880
  1835. data/third_party/boringssl/third_party/fiat/internal.h +0 -154
  1836. data/third_party/boringssl/third_party/fiat/p256.c +0 -1824
  1837. data/third_party/nanopb/pb.h +0 -579
  1838. data/third_party/nanopb/pb_common.c +0 -97
  1839. data/third_party/nanopb/pb_common.h +0 -42
  1840. data/third_party/nanopb/pb_decode.c +0 -1347
  1841. data/third_party/nanopb/pb_decode.h +0 -149
  1842. data/third_party/nanopb/pb_encode.c +0 -696
  1843. data/third_party/nanopb/pb_encode.h +0 -154
@@ -0,0 +1,204 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.] */
56
+
57
+ #include <openssl/x509.h>
58
+
59
+ const char *X509_verify_cert_error_string(long n)
60
+ {
61
+ switch ((int)n) {
62
+ case X509_V_OK:
63
+ return ("ok");
64
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
65
+ return ("unable to get issuer certificate");
66
+ case X509_V_ERR_UNABLE_TO_GET_CRL:
67
+ return ("unable to get certificate CRL");
68
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
69
+ return ("unable to decrypt certificate's signature");
70
+ case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
71
+ return ("unable to decrypt CRL's signature");
72
+ case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
73
+ return ("unable to decode issuer public key");
74
+ case X509_V_ERR_CERT_SIGNATURE_FAILURE:
75
+ return ("certificate signature failure");
76
+ case X509_V_ERR_CRL_SIGNATURE_FAILURE:
77
+ return ("CRL signature failure");
78
+ case X509_V_ERR_CERT_NOT_YET_VALID:
79
+ return ("certificate is not yet valid");
80
+ case X509_V_ERR_CRL_NOT_YET_VALID:
81
+ return ("CRL is not yet valid");
82
+ case X509_V_ERR_CERT_HAS_EXPIRED:
83
+ return ("certificate has expired");
84
+ case X509_V_ERR_CRL_HAS_EXPIRED:
85
+ return ("CRL has expired");
86
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
87
+ return ("format error in certificate's notBefore field");
88
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
89
+ return ("format error in certificate's notAfter field");
90
+ case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
91
+ return ("format error in CRL's lastUpdate field");
92
+ case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
93
+ return ("format error in CRL's nextUpdate field");
94
+ case X509_V_ERR_OUT_OF_MEM:
95
+ return ("out of memory");
96
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
97
+ return ("self signed certificate");
98
+ case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
99
+ return ("self signed certificate in certificate chain");
100
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
101
+ return ("unable to get local issuer certificate");
102
+ case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
103
+ return ("unable to verify the first certificate");
104
+ case X509_V_ERR_CERT_CHAIN_TOO_LONG:
105
+ return ("certificate chain too long");
106
+ case X509_V_ERR_CERT_REVOKED:
107
+ return ("certificate revoked");
108
+ case X509_V_ERR_INVALID_CA:
109
+ return ("invalid CA certificate");
110
+ case X509_V_ERR_INVALID_NON_CA:
111
+ return ("invalid non-CA certificate (has CA markings)");
112
+ case X509_V_ERR_PATH_LENGTH_EXCEEDED:
113
+ return ("path length constraint exceeded");
114
+ case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
115
+ return ("proxy path length constraint exceeded");
116
+ case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
117
+ return
118
+ ("proxy certificates not allowed, please set the appropriate flag");
119
+ case X509_V_ERR_INVALID_PURPOSE:
120
+ return ("unsupported certificate purpose");
121
+ case X509_V_ERR_CERT_UNTRUSTED:
122
+ return ("certificate not trusted");
123
+ case X509_V_ERR_CERT_REJECTED:
124
+ return ("certificate rejected");
125
+ case X509_V_ERR_APPLICATION_VERIFICATION:
126
+ return ("application verification failure");
127
+ case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
128
+ return ("subject issuer mismatch");
129
+ case X509_V_ERR_AKID_SKID_MISMATCH:
130
+ return ("authority and subject key identifier mismatch");
131
+ case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
132
+ return ("authority and issuer serial number mismatch");
133
+ case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
134
+ return ("key usage does not include certificate signing");
135
+ case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
136
+ return ("unable to get CRL issuer certificate");
137
+ case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
138
+ return ("unhandled critical extension");
139
+ case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
140
+ return ("key usage does not include CRL signing");
141
+ case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
142
+ return ("key usage does not include digital signature");
143
+ case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
144
+ return ("unhandled critical CRL extension");
145
+ case X509_V_ERR_INVALID_EXTENSION:
146
+ return ("invalid or inconsistent certificate extension");
147
+ case X509_V_ERR_INVALID_POLICY_EXTENSION:
148
+ return ("invalid or inconsistent certificate policy extension");
149
+ case X509_V_ERR_NO_EXPLICIT_POLICY:
150
+ return ("no explicit policy");
151
+ case X509_V_ERR_DIFFERENT_CRL_SCOPE:
152
+ return ("Different CRL scope");
153
+ case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
154
+ return ("Unsupported extension feature");
155
+ case X509_V_ERR_UNNESTED_RESOURCE:
156
+ return ("RFC 3779 resource not subset of parent's resources");
157
+
158
+ case X509_V_ERR_PERMITTED_VIOLATION:
159
+ return ("permitted subtree violation");
160
+ case X509_V_ERR_EXCLUDED_VIOLATION:
161
+ return ("excluded subtree violation");
162
+ case X509_V_ERR_SUBTREE_MINMAX:
163
+ return ("name constraints minimum and maximum not supported");
164
+ case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
165
+ return ("unsupported name constraint type");
166
+ case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
167
+ return ("unsupported or invalid name constraint syntax");
168
+ case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
169
+ return ("unsupported or invalid name syntax");
170
+ case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
171
+ return ("CRL path validation error");
172
+
173
+ case X509_V_ERR_SUITE_B_INVALID_VERSION:
174
+ return ("Suite B: certificate version invalid");
175
+ case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
176
+ return ("Suite B: invalid public key algorithm");
177
+ case X509_V_ERR_SUITE_B_INVALID_CURVE:
178
+ return ("Suite B: invalid ECC curve");
179
+ case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
180
+ return ("Suite B: invalid signature algorithm");
181
+ case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
182
+ return ("Suite B: curve not allowed for this LOS");
183
+ case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
184
+ return ("Suite B: cannot sign P-384 with P-256");
185
+
186
+ case X509_V_ERR_HOSTNAME_MISMATCH:
187
+ return ("Hostname mismatch");
188
+ case X509_V_ERR_EMAIL_MISMATCH:
189
+ return ("Email address mismatch");
190
+ case X509_V_ERR_IP_ADDRESS_MISMATCH:
191
+ return ("IP address mismatch");
192
+
193
+ case X509_V_ERR_INVALID_CALL:
194
+ return ("Invalid certificate verification context");
195
+ case X509_V_ERR_STORE_LOOKUP:
196
+ return ("Issuer certificate lookup error");
197
+
198
+ case X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS:
199
+ return "Issuer has name constraints but leaf has no SANs";
200
+
201
+ default:
202
+ return "unknown certificate verification error";
203
+ }
204
+ }
@@ -0,0 +1,2506 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.] */
56
+
57
+ #include <ctype.h>
58
+ #include <string.h>
59
+ #include <time.h>
60
+
61
+ #include <openssl/asn1.h>
62
+ #include <openssl/err.h>
63
+ #include <openssl/evp.h>
64
+ #include <openssl/mem.h>
65
+ #include <openssl/obj.h>
66
+ #include <openssl/thread.h>
67
+ #include <openssl/x509.h>
68
+ #include <openssl/x509v3.h>
69
+
70
+ #include "vpm_int.h"
71
+ #include "../internal.h"
72
+ #include "../x509v3/internal.h"
73
+
74
+ static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75
+ CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
+
77
+ /* CRL score values */
78
+
79
+ /* No unhandled critical extensions */
80
+
81
+ #define CRL_SCORE_NOCRITICAL 0x100
82
+
83
+ /* certificate is within CRL scope */
84
+
85
+ #define CRL_SCORE_SCOPE 0x080
86
+
87
+ /* CRL times valid */
88
+
89
+ #define CRL_SCORE_TIME 0x040
90
+
91
+ /* Issuer name matches certificate */
92
+
93
+ #define CRL_SCORE_ISSUER_NAME 0x020
94
+
95
+ /* If this score or above CRL is probably valid */
96
+
97
+ #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
98
+
99
+ /* CRL issuer is certificate issuer */
100
+
101
+ #define CRL_SCORE_ISSUER_CERT 0x018
102
+
103
+ /* CRL issuer is on certificate path */
104
+
105
+ #define CRL_SCORE_SAME_PATH 0x008
106
+
107
+ /* CRL issuer matches CRL AKID */
108
+
109
+ #define CRL_SCORE_AKID 0x004
110
+
111
+ /* Have a delta CRL with valid times */
112
+
113
+ #define CRL_SCORE_TIME_DELTA 0x002
114
+
115
+ static int null_callback(int ok, X509_STORE_CTX *e);
116
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
117
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
118
+ static int check_chain_extensions(X509_STORE_CTX *ctx);
119
+ static int check_name_constraints(X509_STORE_CTX *ctx);
120
+ static int check_id(X509_STORE_CTX *ctx);
121
+ static int check_trust(X509_STORE_CTX *ctx);
122
+ static int check_revocation(X509_STORE_CTX *ctx);
123
+ static int check_cert(X509_STORE_CTX *ctx);
124
+ static int check_policy(X509_STORE_CTX *ctx);
125
+
126
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
127
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
128
+ static int get_crl_delta(X509_STORE_CTX *ctx,
129
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
130
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
131
+ int *pcrl_score, X509_CRL *base,
132
+ STACK_OF(X509_CRL) *crls);
133
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134
+ int *pcrl_score);
135
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136
+ unsigned int *preasons);
137
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138
+ static int check_crl_chain(X509_STORE_CTX *ctx,
139
+ STACK_OF(X509) *cert_path,
140
+ STACK_OF(X509) *crl_path);
141
+
142
+ static int internal_verify(X509_STORE_CTX *ctx);
143
+
144
+ static int null_callback(int ok, X509_STORE_CTX *e)
145
+ {
146
+ return ok;
147
+ }
148
+
149
+ /* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
150
+ * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
151
+ * returns zero. */
152
+ static int cert_self_signed(X509 *x, int *out_is_self_signed)
153
+ {
154
+ if (!x509v3_cache_extensions(x)) {
155
+ return 0;
156
+ }
157
+ *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
158
+ return 1;
159
+ }
160
+
161
+ /* Given a certificate try and find an exact match in the store */
162
+
163
+ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
164
+ {
165
+ STACK_OF(X509) *certs;
166
+ X509 *xtmp = NULL;
167
+ size_t i;
168
+ /* Lookup all certs with matching subject name */
169
+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
170
+ if (certs == NULL)
171
+ return NULL;
172
+ /* Look for exact match */
173
+ for (i = 0; i < sk_X509_num(certs); i++) {
174
+ xtmp = sk_X509_value(certs, i);
175
+ if (!X509_cmp(xtmp, x))
176
+ break;
177
+ }
178
+ if (i < sk_X509_num(certs))
179
+ X509_up_ref(xtmp);
180
+ else
181
+ xtmp = NULL;
182
+ sk_X509_pop_free(certs, X509_free);
183
+ return xtmp;
184
+ }
185
+
186
+ int X509_verify_cert(X509_STORE_CTX *ctx)
187
+ {
188
+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
189
+ int bad_chain = 0;
190
+ X509_VERIFY_PARAM *param = ctx->param;
191
+ int depth, i, ok = 0;
192
+ int num, j, retry, trust;
193
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
194
+ STACK_OF(X509) *sktmp = NULL;
195
+ if (ctx->cert == NULL) {
196
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
197
+ ctx->error = X509_V_ERR_INVALID_CALL;
198
+ return -1;
199
+ }
200
+ if (ctx->chain != NULL) {
201
+ /*
202
+ * This X509_STORE_CTX has already been used to verify a cert. We
203
+ * cannot do another one.
204
+ */
205
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
206
+ ctx->error = X509_V_ERR_INVALID_CALL;
207
+ return -1;
208
+ }
209
+
210
+ cb = ctx->verify_cb;
211
+
212
+ /*
213
+ * first we make sure the chain we are going to build is present and that
214
+ * the first entry is in place
215
+ */
216
+ ctx->chain = sk_X509_new_null();
217
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
218
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
219
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
220
+ goto end;
221
+ }
222
+ X509_up_ref(ctx->cert);
223
+ ctx->last_untrusted = 1;
224
+
225
+ /* We use a temporary STACK so we can chop and hack at it.
226
+ * sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */
227
+ if (ctx->untrusted != NULL
228
+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
229
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
230
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
231
+ goto end;
232
+ }
233
+
234
+ if (ctx->ctx->additional_untrusted != NULL) {
235
+ if (sktmp == NULL) {
236
+ sktmp = sk_X509_new_null();
237
+ if (sktmp == NULL) {
238
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
239
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
240
+ goto end;
241
+ }
242
+ }
243
+
244
+ for (size_t k = 0; k < sk_X509_num(ctx->ctx->additional_untrusted);
245
+ k++) {
246
+ if (!sk_X509_push(sktmp,
247
+ sk_X509_value(ctx->ctx->additional_untrusted,
248
+ k))) {
249
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
250
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
251
+ goto end;
252
+ }
253
+ }
254
+ }
255
+
256
+ num = sk_X509_num(ctx->chain);
257
+ x = sk_X509_value(ctx->chain, num - 1);
258
+ depth = param->depth;
259
+
260
+ for (;;) {
261
+ /* If we have enough, we break */
262
+ if (depth < num)
263
+ break; /* FIXME: If this happens, we should take
264
+ * note of it and, if appropriate, use the
265
+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
266
+ * later. */
267
+
268
+ int is_self_signed;
269
+ if (!cert_self_signed(x, &is_self_signed)) {
270
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
271
+ goto end;
272
+ }
273
+
274
+ /* If we are self signed, we break */
275
+ if (is_self_signed)
276
+ break;
277
+ /*
278
+ * If asked see if we can find issuer in trusted store first
279
+ */
280
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
281
+ ok = ctx->get_issuer(&xtmp, ctx, x);
282
+ if (ok < 0) {
283
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
284
+ goto end;
285
+ }
286
+ /*
287
+ * If successful for now free up cert so it will be picked up
288
+ * again later.
289
+ */
290
+ if (ok > 0) {
291
+ X509_free(xtmp);
292
+ break;
293
+ }
294
+ }
295
+
296
+ /* If we were passed a cert chain, use it first */
297
+ if (sktmp != NULL) {
298
+ xtmp = find_issuer(ctx, sktmp, x);
299
+ if (xtmp != NULL) {
300
+ if (!sk_X509_push(ctx->chain, xtmp)) {
301
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
302
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
303
+ ok = 0;
304
+ goto end;
305
+ }
306
+ X509_up_ref(xtmp);
307
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
308
+ ctx->last_untrusted++;
309
+ x = xtmp;
310
+ num++;
311
+ /*
312
+ * reparse the full chain for the next one
313
+ */
314
+ continue;
315
+ }
316
+ }
317
+ break;
318
+ }
319
+
320
+ /* Remember how many untrusted certs we have */
321
+ j = num;
322
+ /*
323
+ * at this point, chain should contain a list of untrusted certificates.
324
+ * We now need to add at least one trusted one, if possible, otherwise we
325
+ * complain.
326
+ */
327
+
328
+ do {
329
+ /*
330
+ * Examine last certificate in chain and see if it is self signed.
331
+ */
332
+ i = sk_X509_num(ctx->chain);
333
+ x = sk_X509_value(ctx->chain, i - 1);
334
+
335
+ int is_self_signed;
336
+ if (!cert_self_signed(x, &is_self_signed)) {
337
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
338
+ goto end;
339
+ }
340
+
341
+ if (is_self_signed) {
342
+ /* we have a self signed certificate */
343
+ if (sk_X509_num(ctx->chain) == 1) {
344
+ /*
345
+ * We have a single self signed certificate: see if we can
346
+ * find it in the store. We must have an exact match to avoid
347
+ * possible impersonation.
348
+ */
349
+ ok = ctx->get_issuer(&xtmp, ctx, x);
350
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
351
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
352
+ ctx->current_cert = x;
353
+ ctx->error_depth = i - 1;
354
+ if (ok == 1)
355
+ X509_free(xtmp);
356
+ bad_chain = 1;
357
+ ok = cb(0, ctx);
358
+ if (!ok)
359
+ goto end;
360
+ } else {
361
+ /*
362
+ * We have a match: replace certificate with store
363
+ * version so we get any trust settings.
364
+ */
365
+ X509_free(x);
366
+ x = xtmp;
367
+ (void)sk_X509_set(ctx->chain, i - 1, x);
368
+ ctx->last_untrusted = 0;
369
+ }
370
+ } else {
371
+ /*
372
+ * extract and save self signed certificate for later use
373
+ */
374
+ chain_ss = sk_X509_pop(ctx->chain);
375
+ ctx->last_untrusted--;
376
+ num--;
377
+ j--;
378
+ x = sk_X509_value(ctx->chain, num - 1);
379
+ }
380
+ }
381
+ /* We now lookup certs from the certificate store */
382
+ for (;;) {
383
+ /* If we have enough, we break */
384
+ if (depth < num)
385
+ break;
386
+ if (!cert_self_signed(x, &is_self_signed)) {
387
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
388
+ goto end;
389
+ }
390
+ /* If we are self signed, we break */
391
+ if (is_self_signed)
392
+ break;
393
+ ok = ctx->get_issuer(&xtmp, ctx, x);
394
+
395
+ if (ok < 0) {
396
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
397
+ goto end;
398
+ }
399
+ if (ok == 0)
400
+ break;
401
+ x = xtmp;
402
+ if (!sk_X509_push(ctx->chain, x)) {
403
+ X509_free(xtmp);
404
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
405
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
406
+ ok = 0;
407
+ goto end;
408
+ }
409
+ num++;
410
+ }
411
+
412
+ /* we now have our chain, lets check it... */
413
+ trust = check_trust(ctx);
414
+
415
+ /* If explicitly rejected error */
416
+ if (trust == X509_TRUST_REJECTED) {
417
+ ok = 0;
418
+ goto end;
419
+ }
420
+ /*
421
+ * If it's not explicitly trusted then check if there is an alternative
422
+ * chain that could be used. We only do this if we haven't already
423
+ * checked via TRUSTED_FIRST and the user hasn't switched off alternate
424
+ * chain checking
425
+ */
426
+ retry = 0;
427
+ if (trust != X509_TRUST_TRUSTED
428
+ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
429
+ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
430
+ while (j-- > 1) {
431
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
432
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
433
+ if (ok < 0)
434
+ goto end;
435
+ /* Check if we found an alternate chain */
436
+ if (ok > 0) {
437
+ /*
438
+ * Free up the found cert we'll add it again later
439
+ */
440
+ X509_free(xtmp);
441
+
442
+ /*
443
+ * Dump all the certs above this point - we've found an
444
+ * alternate chain
445
+ */
446
+ while (num > j) {
447
+ xtmp = sk_X509_pop(ctx->chain);
448
+ X509_free(xtmp);
449
+ num--;
450
+ }
451
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
452
+ retry = 1;
453
+ break;
454
+ }
455
+ }
456
+ }
457
+ } while (retry);
458
+
459
+ /*
460
+ * If not explicitly trusted then indicate error unless it's a single
461
+ * self signed certificate in which case we've indicated an error already
462
+ * and set bad_chain == 1
463
+ */
464
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
465
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
466
+ if (ctx->last_untrusted >= num)
467
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
468
+ else
469
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
470
+ ctx->current_cert = x;
471
+ } else {
472
+
473
+ sk_X509_push(ctx->chain, chain_ss);
474
+ num++;
475
+ ctx->last_untrusted = num;
476
+ ctx->current_cert = chain_ss;
477
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
478
+ chain_ss = NULL;
479
+ }
480
+
481
+ ctx->error_depth = num - 1;
482
+ bad_chain = 1;
483
+ ok = cb(0, ctx);
484
+ if (!ok)
485
+ goto end;
486
+ }
487
+
488
+ /* We have the chain complete: now we need to check its purpose */
489
+ ok = check_chain_extensions(ctx);
490
+
491
+ if (!ok)
492
+ goto end;
493
+
494
+ ok = check_id(ctx);
495
+
496
+ if (!ok)
497
+ goto end;
498
+
499
+ /*
500
+ * Check revocation status: we do this after copying parameters because
501
+ * they may be needed for CRL signature verification.
502
+ */
503
+
504
+ ok = ctx->check_revocation(ctx);
505
+ if (!ok)
506
+ goto end;
507
+
508
+ int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
509
+ ctx->param->flags);
510
+ if (err != X509_V_OK) {
511
+ ctx->error = err;
512
+ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
513
+ ok = cb(0, ctx);
514
+ if (!ok)
515
+ goto end;
516
+ }
517
+
518
+ /* At this point, we have a chain and need to verify it */
519
+ if (ctx->verify != NULL)
520
+ ok = ctx->verify(ctx);
521
+ else
522
+ ok = internal_verify(ctx);
523
+ if (!ok)
524
+ goto end;
525
+
526
+ /* Check name constraints */
527
+
528
+ ok = check_name_constraints(ctx);
529
+ if (!ok)
530
+ goto end;
531
+
532
+ /* If we get this far evaluate policies */
533
+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
534
+ ok = ctx->check_policy(ctx);
535
+
536
+ end:
537
+ if (sktmp != NULL)
538
+ sk_X509_free(sktmp);
539
+ if (chain_ss != NULL)
540
+ X509_free(chain_ss);
541
+
542
+ /* Safety net, error returns must set ctx->error */
543
+ if (ok <= 0 && ctx->error == X509_V_OK)
544
+ ctx->error = X509_V_ERR_UNSPECIFIED;
545
+ return ok;
546
+ }
547
+
548
+ /*
549
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
550
+ */
551
+
552
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
553
+ {
554
+ size_t i;
555
+ X509 *issuer;
556
+ for (i = 0; i < sk_X509_num(sk); i++) {
557
+ issuer = sk_X509_value(sk, i);
558
+ if (ctx->check_issued(ctx, x, issuer))
559
+ return issuer;
560
+ }
561
+ return NULL;
562
+ }
563
+
564
+ /* Given a possible certificate and issuer check them */
565
+
566
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
567
+ {
568
+ int ret;
569
+ ret = X509_check_issued(issuer, x);
570
+ if (ret == X509_V_OK)
571
+ return 1;
572
+ /* If we haven't asked for issuer errors don't set ctx */
573
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
574
+ return 0;
575
+
576
+ ctx->error = ret;
577
+ ctx->current_cert = x;
578
+ ctx->current_issuer = issuer;
579
+ return ctx->verify_cb(0, ctx);
580
+ }
581
+
582
+ /* Alternative lookup method: look from a STACK stored in other_ctx */
583
+
584
+ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
585
+ {
586
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
587
+ if (*issuer) {
588
+ X509_up_ref(*issuer);
589
+ return 1;
590
+ } else
591
+ return 0;
592
+ }
593
+
594
+ /*
595
+ * Check a certificate chains extensions for consistency with the supplied
596
+ * purpose
597
+ */
598
+
599
+ static int check_chain_extensions(X509_STORE_CTX *ctx)
600
+ {
601
+ int i, ok = 0, plen = 0;
602
+ X509 *x;
603
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
604
+ int proxy_path_length = 0;
605
+ int purpose;
606
+ int allow_proxy_certs;
607
+ cb = ctx->verify_cb;
608
+
609
+ enum {
610
+ // ca_or_leaf allows either type of certificate so that direct use of
611
+ // self-signed certificates works.
612
+ ca_or_leaf,
613
+ must_be_ca,
614
+ must_not_be_ca,
615
+ } ca_requirement;
616
+
617
+ /* CRL path validation */
618
+ if (ctx->parent) {
619
+ allow_proxy_certs = 0;
620
+ purpose = X509_PURPOSE_CRL_SIGN;
621
+ } else {
622
+ allow_proxy_certs =
623
+ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
624
+ purpose = ctx->param->purpose;
625
+ }
626
+
627
+ ca_requirement = ca_or_leaf;
628
+
629
+ /* Check all untrusted certificates */
630
+ for (i = 0; i < ctx->last_untrusted; i++) {
631
+ int ret;
632
+ x = sk_X509_value(ctx->chain, i);
633
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
634
+ && (x->ex_flags & EXFLAG_CRITICAL)) {
635
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
636
+ ctx->error_depth = i;
637
+ ctx->current_cert = x;
638
+ ok = cb(0, ctx);
639
+ if (!ok)
640
+ goto end;
641
+ }
642
+ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
643
+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
644
+ ctx->error_depth = i;
645
+ ctx->current_cert = x;
646
+ ok = cb(0, ctx);
647
+ if (!ok)
648
+ goto end;
649
+ }
650
+
651
+ switch (ca_requirement) {
652
+ case ca_or_leaf:
653
+ ret = 1;
654
+ break;
655
+ case must_not_be_ca:
656
+ if (X509_check_ca(x)) {
657
+ ret = 0;
658
+ ctx->error = X509_V_ERR_INVALID_NON_CA;
659
+ } else
660
+ ret = 1;
661
+ break;
662
+ case must_be_ca:
663
+ if (!X509_check_ca(x)) {
664
+ ret = 0;
665
+ ctx->error = X509_V_ERR_INVALID_CA;
666
+ } else
667
+ ret = 1;
668
+ break;
669
+ default:
670
+ // impossible.
671
+ ret = 0;
672
+ }
673
+
674
+ if (ret == 0) {
675
+ ctx->error_depth = i;
676
+ ctx->current_cert = x;
677
+ ok = cb(0, ctx);
678
+ if (!ok)
679
+ goto end;
680
+ }
681
+ if (ctx->param->purpose > 0) {
682
+ ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
683
+ if (ret != 1) {
684
+ ret = 0;
685
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
686
+ ctx->error_depth = i;
687
+ ctx->current_cert = x;
688
+ ok = cb(0, ctx);
689
+ if (!ok)
690
+ goto end;
691
+ }
692
+ }
693
+ /* Check pathlen if not self issued */
694
+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
695
+ && (x->ex_pathlen != -1)
696
+ && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
697
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
698
+ ctx->error_depth = i;
699
+ ctx->current_cert = x;
700
+ ok = cb(0, ctx);
701
+ if (!ok)
702
+ goto end;
703
+ }
704
+ /* Increment path length if not self issued */
705
+ if (!(x->ex_flags & EXFLAG_SI))
706
+ plen++;
707
+ /*
708
+ * If this certificate is a proxy certificate, the next certificate
709
+ * must be another proxy certificate or a EE certificate. If not,
710
+ * the next certificate must be a CA certificate.
711
+ */
712
+ if (x->ex_flags & EXFLAG_PROXY) {
713
+ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
714
+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
715
+ ctx->error_depth = i;
716
+ ctx->current_cert = x;
717
+ ok = cb(0, ctx);
718
+ if (!ok)
719
+ goto end;
720
+ }
721
+ proxy_path_length++;
722
+ ca_requirement = must_not_be_ca;
723
+ } else {
724
+ ca_requirement = must_be_ca;
725
+ }
726
+ }
727
+ ok = 1;
728
+ end:
729
+ return ok;
730
+ }
731
+
732
+ static int reject_dns_name_in_common_name(X509 *x509)
733
+ {
734
+ X509_NAME *name = X509_get_subject_name(x509);
735
+ int i = -1;
736
+ for (;;) {
737
+ i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
738
+ if (i == -1) {
739
+ return X509_V_OK;
740
+ }
741
+
742
+ X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
743
+ ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
744
+ unsigned char *idval;
745
+ int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
746
+ if (idlen < 0) {
747
+ return X509_V_ERR_OUT_OF_MEM;
748
+ }
749
+ /* Only process attributes that look like host names. Note it is
750
+ * important that this check be mirrored in |X509_check_host|. */
751
+ int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
752
+ OPENSSL_free(idval);
753
+ if (looks_like_dns) {
754
+ return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
755
+ }
756
+ }
757
+ }
758
+
759
+ static int check_name_constraints(X509_STORE_CTX *ctx)
760
+ {
761
+ int i, j, rv;
762
+ int has_name_constraints = 0;
763
+ /* Check name constraints for all certificates */
764
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
765
+ X509 *x = sk_X509_value(ctx->chain, i);
766
+ /* Ignore self issued certs unless last in chain */
767
+ if (i && (x->ex_flags & EXFLAG_SI))
768
+ continue;
769
+ /*
770
+ * Check against constraints for all certificates higher in chain
771
+ * including trust anchor. Trust anchor not strictly speaking needed
772
+ * but if it includes constraints it is to be assumed it expects them
773
+ * to be obeyed.
774
+ */
775
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
776
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
777
+ if (nc) {
778
+ has_name_constraints = 1;
779
+ rv = NAME_CONSTRAINTS_check(x, nc);
780
+ switch (rv) {
781
+ case X509_V_OK:
782
+ continue;
783
+ case X509_V_ERR_OUT_OF_MEM:
784
+ ctx->error = rv;
785
+ return 0;
786
+ default:
787
+ ctx->error = rv;
788
+ ctx->error_depth = i;
789
+ ctx->current_cert = x;
790
+ if (!ctx->verify_cb(0, ctx))
791
+ return 0;
792
+ break;
793
+ }
794
+ }
795
+ }
796
+ }
797
+
798
+ /* Name constraints do not match against the common name, but
799
+ * |X509_check_host| still implements the legacy behavior where, on
800
+ * certificates lacking a SAN list, DNS-like names in the common name are
801
+ * checked instead.
802
+ *
803
+ * While we could apply the name constraints to the common name, name
804
+ * constraints are rare enough that can hold such certificates to a higher
805
+ * standard. Note this does not make "DNS-like" heuristic failures any
806
+ * worse. A decorative common-name misidentified as a DNS name would fail
807
+ * the name constraint anyway. */
808
+ X509 *leaf = sk_X509_value(ctx->chain, 0);
809
+ if (has_name_constraints && leaf->altname == NULL) {
810
+ rv = reject_dns_name_in_common_name(leaf);
811
+ switch (rv) {
812
+ case X509_V_OK:
813
+ break;
814
+ case X509_V_ERR_OUT_OF_MEM:
815
+ ctx->error = rv;
816
+ return 0;
817
+ default:
818
+ ctx->error = rv;
819
+ ctx->error_depth = i;
820
+ ctx->current_cert = leaf;
821
+ if (!ctx->verify_cb(0, ctx))
822
+ return 0;
823
+ break;
824
+ }
825
+ }
826
+
827
+ return 1;
828
+ }
829
+
830
+ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
831
+ {
832
+ ctx->error = errcode;
833
+ ctx->current_cert = ctx->cert;
834
+ ctx->error_depth = 0;
835
+ return ctx->verify_cb(0, ctx);
836
+ }
837
+
838
+ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
839
+ {
840
+ size_t i;
841
+ size_t n = sk_OPENSSL_STRING_num(id->hosts);
842
+ char *name;
843
+
844
+ if (id->peername != NULL) {
845
+ OPENSSL_free(id->peername);
846
+ id->peername = NULL;
847
+ }
848
+ for (i = 0; i < n; ++i) {
849
+ name = sk_OPENSSL_STRING_value(id->hosts, i);
850
+ if (X509_check_host(x, name, strlen(name), id->hostflags,
851
+ &id->peername) > 0)
852
+ return 1;
853
+ }
854
+ return n == 0;
855
+ }
856
+
857
+ static int check_id(X509_STORE_CTX *ctx)
858
+ {
859
+ X509_VERIFY_PARAM *vpm = ctx->param;
860
+ X509_VERIFY_PARAM_ID *id = vpm->id;
861
+ X509 *x = ctx->cert;
862
+ if (id->poison) {
863
+ if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
864
+ return 0;
865
+ }
866
+ if (id->hosts && check_hosts(x, id) <= 0) {
867
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
868
+ return 0;
869
+ }
870
+ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) {
871
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
872
+ return 0;
873
+ }
874
+ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
875
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
876
+ return 0;
877
+ }
878
+ return 1;
879
+ }
880
+
881
+ static int check_trust(X509_STORE_CTX *ctx)
882
+ {
883
+ size_t i;
884
+ int ok;
885
+ X509 *x = NULL;
886
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
887
+ cb = ctx->verify_cb;
888
+ /* Check all trusted certificates in chain */
889
+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
890
+ x = sk_X509_value(ctx->chain, i);
891
+ ok = X509_check_trust(x, ctx->param->trust, 0);
892
+ /* If explicitly trusted return trusted */
893
+ if (ok == X509_TRUST_TRUSTED)
894
+ return X509_TRUST_TRUSTED;
895
+ /*
896
+ * If explicitly rejected notify callback and reject if not
897
+ * overridden.
898
+ */
899
+ if (ok == X509_TRUST_REJECTED) {
900
+ ctx->error_depth = i;
901
+ ctx->current_cert = x;
902
+ ctx->error = X509_V_ERR_CERT_REJECTED;
903
+ ok = cb(0, ctx);
904
+ if (!ok)
905
+ return X509_TRUST_REJECTED;
906
+ }
907
+ }
908
+ /*
909
+ * If we accept partial chains and have at least one trusted certificate
910
+ * return success.
911
+ */
912
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
913
+ X509 *mx;
914
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
915
+ return X509_TRUST_TRUSTED;
916
+ x = sk_X509_value(ctx->chain, 0);
917
+ mx = lookup_cert_match(ctx, x);
918
+ if (mx) {
919
+ (void)sk_X509_set(ctx->chain, 0, mx);
920
+ X509_free(x);
921
+ ctx->last_untrusted = 0;
922
+ return X509_TRUST_TRUSTED;
923
+ }
924
+ }
925
+
926
+ /*
927
+ * If no trusted certs in chain at all return untrusted and allow
928
+ * standard (no issuer cert) etc errors to be indicated.
929
+ */
930
+ return X509_TRUST_UNTRUSTED;
931
+ }
932
+
933
+ static int check_revocation(X509_STORE_CTX *ctx)
934
+ {
935
+ int i, last, ok;
936
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
937
+ return 1;
938
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
939
+ last = sk_X509_num(ctx->chain) - 1;
940
+ else {
941
+ /* If checking CRL paths this isn't the EE certificate */
942
+ if (ctx->parent)
943
+ return 1;
944
+ last = 0;
945
+ }
946
+ for (i = 0; i <= last; i++) {
947
+ ctx->error_depth = i;
948
+ ok = check_cert(ctx);
949
+ if (!ok)
950
+ return ok;
951
+ }
952
+ return 1;
953
+ }
954
+
955
+ static int check_cert(X509_STORE_CTX *ctx)
956
+ {
957
+ X509_CRL *crl = NULL, *dcrl = NULL;
958
+ X509 *x;
959
+ int ok = 0, cnum;
960
+ unsigned int last_reasons;
961
+ cnum = ctx->error_depth;
962
+ x = sk_X509_value(ctx->chain, cnum);
963
+ ctx->current_cert = x;
964
+ ctx->current_issuer = NULL;
965
+ ctx->current_crl_score = 0;
966
+ ctx->current_reasons = 0;
967
+ while (ctx->current_reasons != CRLDP_ALL_REASONS) {
968
+ last_reasons = ctx->current_reasons;
969
+ /* Try to retrieve relevant CRL */
970
+ if (ctx->get_crl)
971
+ ok = ctx->get_crl(ctx, &crl, x);
972
+ else
973
+ ok = get_crl_delta(ctx, &crl, &dcrl, x);
974
+ /*
975
+ * If error looking up CRL, nothing we can do except notify callback
976
+ */
977
+ if (!ok) {
978
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
979
+ ok = ctx->verify_cb(0, ctx);
980
+ goto err;
981
+ }
982
+ ctx->current_crl = crl;
983
+ ok = ctx->check_crl(ctx, crl);
984
+ if (!ok)
985
+ goto err;
986
+
987
+ if (dcrl) {
988
+ ok = ctx->check_crl(ctx, dcrl);
989
+ if (!ok)
990
+ goto err;
991
+ ok = ctx->cert_crl(ctx, dcrl, x);
992
+ if (!ok)
993
+ goto err;
994
+ } else
995
+ ok = 1;
996
+
997
+ /* Don't look in full CRL if delta reason is removefromCRL */
998
+ if (ok != 2) {
999
+ ok = ctx->cert_crl(ctx, crl, x);
1000
+ if (!ok)
1001
+ goto err;
1002
+ }
1003
+
1004
+ X509_CRL_free(crl);
1005
+ X509_CRL_free(dcrl);
1006
+ crl = NULL;
1007
+ dcrl = NULL;
1008
+ /*
1009
+ * If reasons not updated we wont get anywhere by another iteration,
1010
+ * so exit loop.
1011
+ */
1012
+ if (last_reasons == ctx->current_reasons) {
1013
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
1014
+ ok = ctx->verify_cb(0, ctx);
1015
+ goto err;
1016
+ }
1017
+ }
1018
+ err:
1019
+ X509_CRL_free(crl);
1020
+ X509_CRL_free(dcrl);
1021
+
1022
+ ctx->current_crl = NULL;
1023
+ return ok;
1024
+
1025
+ }
1026
+
1027
+ /* Check CRL times against values in X509_STORE_CTX */
1028
+
1029
+ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1030
+ {
1031
+ time_t *ptime;
1032
+ int i;
1033
+ if (notify)
1034
+ ctx->current_crl = crl;
1035
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1036
+ ptime = &ctx->param->check_time;
1037
+ else
1038
+ ptime = NULL;
1039
+
1040
+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
1041
+ if (i == 0) {
1042
+ if (!notify)
1043
+ return 0;
1044
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
1045
+ if (!ctx->verify_cb(0, ctx))
1046
+ return 0;
1047
+ }
1048
+
1049
+ if (i > 0) {
1050
+ if (!notify)
1051
+ return 0;
1052
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
1053
+ if (!ctx->verify_cb(0, ctx))
1054
+ return 0;
1055
+ }
1056
+
1057
+ if (X509_CRL_get_nextUpdate(crl)) {
1058
+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
1059
+
1060
+ if (i == 0) {
1061
+ if (!notify)
1062
+ return 0;
1063
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1064
+ if (!ctx->verify_cb(0, ctx))
1065
+ return 0;
1066
+ }
1067
+ /* Ignore expiry of base CRL is delta is valid */
1068
+ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1069
+ if (!notify)
1070
+ return 0;
1071
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1072
+ if (!ctx->verify_cb(0, ctx))
1073
+ return 0;
1074
+ }
1075
+ }
1076
+
1077
+ if (notify)
1078
+ ctx->current_crl = NULL;
1079
+
1080
+ return 1;
1081
+ }
1082
+
1083
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1084
+ X509 **pissuer, int *pscore, unsigned int *preasons,
1085
+ STACK_OF(X509_CRL) *crls)
1086
+ {
1087
+ int crl_score, best_score = *pscore;
1088
+ size_t i;
1089
+ unsigned int reasons, best_reasons = 0;
1090
+ X509 *x = ctx->current_cert;
1091
+ X509_CRL *crl, *best_crl = NULL;
1092
+ X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1093
+
1094
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1095
+ crl = sk_X509_CRL_value(crls, i);
1096
+ reasons = *preasons;
1097
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1098
+ if (crl_score < best_score || crl_score == 0)
1099
+ continue;
1100
+ /* If current CRL is equivalent use it if it is newer */
1101
+ if (crl_score == best_score && best_crl != NULL) {
1102
+ int day, sec;
1103
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
1104
+ X509_CRL_get_lastUpdate(crl)) == 0)
1105
+ continue;
1106
+ /*
1107
+ * ASN1_TIME_diff never returns inconsistent signs for |day|
1108
+ * and |sec|.
1109
+ */
1110
+ if (day <= 0 && sec <= 0)
1111
+ continue;
1112
+ }
1113
+ best_crl = crl;
1114
+ best_crl_issuer = crl_issuer;
1115
+ best_score = crl_score;
1116
+ best_reasons = reasons;
1117
+ }
1118
+
1119
+ if (best_crl) {
1120
+ if (*pcrl)
1121
+ X509_CRL_free(*pcrl);
1122
+ *pcrl = best_crl;
1123
+ *pissuer = best_crl_issuer;
1124
+ *pscore = best_score;
1125
+ *preasons = best_reasons;
1126
+ X509_CRL_up_ref(best_crl);
1127
+ if (*pdcrl) {
1128
+ X509_CRL_free(*pdcrl);
1129
+ *pdcrl = NULL;
1130
+ }
1131
+ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1132
+ }
1133
+
1134
+ if (best_score >= CRL_SCORE_VALID)
1135
+ return 1;
1136
+
1137
+ return 0;
1138
+ }
1139
+
1140
+ /*
1141
+ * Compare two CRL extensions for delta checking purposes. They should be
1142
+ * both present or both absent. If both present all fields must be identical.
1143
+ */
1144
+
1145
+ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1146
+ {
1147
+ ASN1_OCTET_STRING *exta, *extb;
1148
+ int i;
1149
+ i = X509_CRL_get_ext_by_NID(a, nid, -1);
1150
+ if (i >= 0) {
1151
+ /* Can't have multiple occurrences */
1152
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1153
+ return 0;
1154
+ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1155
+ } else
1156
+ exta = NULL;
1157
+
1158
+ i = X509_CRL_get_ext_by_NID(b, nid, -1);
1159
+
1160
+ if (i >= 0) {
1161
+
1162
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1163
+ return 0;
1164
+ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1165
+ } else
1166
+ extb = NULL;
1167
+
1168
+ if (!exta && !extb)
1169
+ return 1;
1170
+
1171
+ if (!exta || !extb)
1172
+ return 0;
1173
+
1174
+ if (ASN1_OCTET_STRING_cmp(exta, extb))
1175
+ return 0;
1176
+
1177
+ return 1;
1178
+ }
1179
+
1180
+ /* See if a base and delta are compatible */
1181
+
1182
+ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1183
+ {
1184
+ /* Delta CRL must be a delta */
1185
+ if (!delta->base_crl_number)
1186
+ return 0;
1187
+ /* Base must have a CRL number */
1188
+ if (!base->crl_number)
1189
+ return 0;
1190
+ /* Issuer names must match */
1191
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1192
+ return 0;
1193
+ /* AKID and IDP must match */
1194
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1195
+ return 0;
1196
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1197
+ return 0;
1198
+ /* Delta CRL base number must not exceed Full CRL number. */
1199
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1200
+ return 0;
1201
+ /* Delta CRL number must exceed full CRL number */
1202
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1203
+ return 1;
1204
+ return 0;
1205
+ }
1206
+
1207
+ /*
1208
+ * For a given base CRL find a delta... maybe extend to delta scoring or
1209
+ * retrieve a chain of deltas...
1210
+ */
1211
+
1212
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1213
+ X509_CRL *base, STACK_OF(X509_CRL) *crls)
1214
+ {
1215
+ X509_CRL *delta;
1216
+ size_t i;
1217
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1218
+ return;
1219
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1220
+ return;
1221
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1222
+ delta = sk_X509_CRL_value(crls, i);
1223
+ if (check_delta_base(delta, base)) {
1224
+ if (check_crl_time(ctx, delta, 0))
1225
+ *pscore |= CRL_SCORE_TIME_DELTA;
1226
+ X509_CRL_up_ref(delta);
1227
+ *dcrl = delta;
1228
+ return;
1229
+ }
1230
+ }
1231
+ *dcrl = NULL;
1232
+ }
1233
+
1234
+ /*
1235
+ * For a given CRL return how suitable it is for the supplied certificate
1236
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
1237
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
1238
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
1239
+ * is rejected, otherwise reasons is updated.
1240
+ */
1241
+
1242
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1243
+ unsigned int *preasons, X509_CRL *crl, X509 *x)
1244
+ {
1245
+
1246
+ int crl_score = 0;
1247
+ unsigned int tmp_reasons = *preasons, crl_reasons;
1248
+
1249
+ /* First see if we can reject CRL straight away */
1250
+
1251
+ /* Invalid IDP cannot be processed */
1252
+ if (crl->idp_flags & IDP_INVALID)
1253
+ return 0;
1254
+ /* Reason codes or indirect CRLs need extended CRL support */
1255
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1256
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1257
+ return 0;
1258
+ } else if (crl->idp_flags & IDP_REASONS) {
1259
+ /* If no new reasons reject */
1260
+ if (!(crl->idp_reasons & ~tmp_reasons))
1261
+ return 0;
1262
+ }
1263
+ /* Don't process deltas at this stage */
1264
+ else if (crl->base_crl_number)
1265
+ return 0;
1266
+ /* If issuer name doesn't match certificate need indirect CRL */
1267
+ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1268
+ if (!(crl->idp_flags & IDP_INDIRECT))
1269
+ return 0;
1270
+ } else
1271
+ crl_score |= CRL_SCORE_ISSUER_NAME;
1272
+
1273
+ if (!(crl->flags & EXFLAG_CRITICAL))
1274
+ crl_score |= CRL_SCORE_NOCRITICAL;
1275
+
1276
+ /* Check expiry */
1277
+ if (check_crl_time(ctx, crl, 0))
1278
+ crl_score |= CRL_SCORE_TIME;
1279
+
1280
+ /* Check authority key ID and locate certificate issuer */
1281
+ crl_akid_check(ctx, crl, pissuer, &crl_score);
1282
+
1283
+ /* If we can't locate certificate issuer at this point forget it */
1284
+
1285
+ if (!(crl_score & CRL_SCORE_AKID))
1286
+ return 0;
1287
+
1288
+ /* Check cert for matching CRL distribution points */
1289
+
1290
+ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1291
+ /* If no new reasons reject */
1292
+ if (!(crl_reasons & ~tmp_reasons))
1293
+ return 0;
1294
+ tmp_reasons |= crl_reasons;
1295
+ crl_score |= CRL_SCORE_SCOPE;
1296
+ }
1297
+
1298
+ *preasons = tmp_reasons;
1299
+
1300
+ return crl_score;
1301
+
1302
+ }
1303
+
1304
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1305
+ X509 **pissuer, int *pcrl_score)
1306
+ {
1307
+ X509 *crl_issuer = NULL;
1308
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
1309
+ int cidx = ctx->error_depth;
1310
+ size_t i;
1311
+
1312
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
1313
+ cidx++;
1314
+
1315
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1316
+
1317
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1318
+ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1319
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1320
+ *pissuer = crl_issuer;
1321
+ return;
1322
+ }
1323
+ }
1324
+
1325
+ for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1326
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1327
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1328
+ continue;
1329
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1330
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1331
+ *pissuer = crl_issuer;
1332
+ return;
1333
+ }
1334
+ }
1335
+
1336
+ /* Anything else needs extended CRL support */
1337
+
1338
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1339
+ return;
1340
+
1341
+ /*
1342
+ * Otherwise the CRL issuer is not on the path. Look for it in the set of
1343
+ * untrusted certificates.
1344
+ */
1345
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1346
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
1347
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1348
+ continue;
1349
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1350
+ *pissuer = crl_issuer;
1351
+ *pcrl_score |= CRL_SCORE_AKID;
1352
+ return;
1353
+ }
1354
+ }
1355
+
1356
+ for (i = 0; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) {
1357
+ crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i);
1358
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1359
+ continue;
1360
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1361
+ *pissuer = crl_issuer;
1362
+ *pcrl_score |= CRL_SCORE_AKID;
1363
+ return;
1364
+ }
1365
+ }
1366
+ }
1367
+
1368
+ /*
1369
+ * Check the path of a CRL issuer certificate. This creates a new
1370
+ * X509_STORE_CTX and populates it with most of the parameters from the
1371
+ * parent. This could be optimised somewhat since a lot of path checking will
1372
+ * be duplicated by the parent, but this will rarely be used in practice.
1373
+ */
1374
+
1375
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1376
+ {
1377
+ X509_STORE_CTX crl_ctx;
1378
+ int ret;
1379
+ /* Don't allow recursive CRL path validation */
1380
+ if (ctx->parent)
1381
+ return 0;
1382
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1383
+ return -1;
1384
+
1385
+ crl_ctx.crls = ctx->crls;
1386
+ /* Copy verify params across */
1387
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1388
+
1389
+ crl_ctx.parent = ctx;
1390
+ crl_ctx.verify_cb = ctx->verify_cb;
1391
+
1392
+ /* Verify CRL issuer */
1393
+ ret = X509_verify_cert(&crl_ctx);
1394
+
1395
+ if (ret <= 0)
1396
+ goto err;
1397
+
1398
+ /* Check chain is acceptable */
1399
+
1400
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1401
+ err:
1402
+ X509_STORE_CTX_cleanup(&crl_ctx);
1403
+ return ret;
1404
+ }
1405
+
1406
+ /*
1407
+ * RFC3280 says nothing about the relationship between CRL path and
1408
+ * certificate path, which could lead to situations where a certificate could
1409
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
1410
+ * strict and states that the two paths must end in the same trust anchor,
1411
+ * though some discussions remain... until this is resolved we use the
1412
+ * RFC5280 version
1413
+ */
1414
+
1415
+ static int check_crl_chain(X509_STORE_CTX *ctx,
1416
+ STACK_OF(X509) *cert_path,
1417
+ STACK_OF(X509) *crl_path)
1418
+ {
1419
+ X509 *cert_ta, *crl_ta;
1420
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1421
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1422
+ if (!X509_cmp(cert_ta, crl_ta))
1423
+ return 1;
1424
+ return 0;
1425
+ }
1426
+
1427
+ /*
1428
+ * Check for match between two dist point names: three separate cases. 1.
1429
+ * Both are relative names and compare X509_NAME types. 2. One full, one
1430
+ * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1431
+ * compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1432
+ */
1433
+
1434
+ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1435
+ {
1436
+ X509_NAME *nm = NULL;
1437
+ GENERAL_NAMES *gens = NULL;
1438
+ GENERAL_NAME *gena, *genb;
1439
+ size_t i, j;
1440
+ if (!a || !b)
1441
+ return 1;
1442
+ if (a->type == 1) {
1443
+ if (!a->dpname)
1444
+ return 0;
1445
+ /* Case 1: two X509_NAME */
1446
+ if (b->type == 1) {
1447
+ if (!b->dpname)
1448
+ return 0;
1449
+ if (!X509_NAME_cmp(a->dpname, b->dpname))
1450
+ return 1;
1451
+ else
1452
+ return 0;
1453
+ }
1454
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1455
+ nm = a->dpname;
1456
+ gens = b->name.fullname;
1457
+ } else if (b->type == 1) {
1458
+ if (!b->dpname)
1459
+ return 0;
1460
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1461
+ gens = a->name.fullname;
1462
+ nm = b->dpname;
1463
+ }
1464
+
1465
+ /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1466
+ if (nm) {
1467
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1468
+ gena = sk_GENERAL_NAME_value(gens, i);
1469
+ if (gena->type != GEN_DIRNAME)
1470
+ continue;
1471
+ if (!X509_NAME_cmp(nm, gena->d.directoryName))
1472
+ return 1;
1473
+ }
1474
+ return 0;
1475
+ }
1476
+
1477
+ /* Else case 3: two GENERAL_NAMES */
1478
+
1479
+ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1480
+ gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1481
+ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1482
+ genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1483
+ if (!GENERAL_NAME_cmp(gena, genb))
1484
+ return 1;
1485
+ }
1486
+ }
1487
+
1488
+ return 0;
1489
+
1490
+ }
1491
+
1492
+ static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1493
+ {
1494
+ size_t i;
1495
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
1496
+ /* If no CRLissuer return is successful iff don't need a match */
1497
+ if (!dp->CRLissuer)
1498
+ return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1499
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1500
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1501
+ if (gen->type != GEN_DIRNAME)
1502
+ continue;
1503
+ if (!X509_NAME_cmp(gen->d.directoryName, nm))
1504
+ return 1;
1505
+ }
1506
+ return 0;
1507
+ }
1508
+
1509
+ /* Check CRLDP and IDP */
1510
+
1511
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1512
+ unsigned int *preasons)
1513
+ {
1514
+ size_t i;
1515
+ if (crl->idp_flags & IDP_ONLYATTR)
1516
+ return 0;
1517
+ if (x->ex_flags & EXFLAG_CA) {
1518
+ if (crl->idp_flags & IDP_ONLYUSER)
1519
+ return 0;
1520
+ } else {
1521
+ if (crl->idp_flags & IDP_ONLYCA)
1522
+ return 0;
1523
+ }
1524
+ *preasons = crl->idp_reasons;
1525
+ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1526
+ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1527
+ if (crldp_check_crlissuer(dp, crl, crl_score)) {
1528
+ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1529
+ *preasons &= dp->dp_reasons;
1530
+ return 1;
1531
+ }
1532
+ }
1533
+ }
1534
+ if ((!crl->idp || !crl->idp->distpoint)
1535
+ && (crl_score & CRL_SCORE_ISSUER_NAME))
1536
+ return 1;
1537
+ return 0;
1538
+ }
1539
+
1540
+ /*
1541
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
1542
+ * to find a delta CRL too
1543
+ */
1544
+
1545
+ static int get_crl_delta(X509_STORE_CTX *ctx,
1546
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1547
+ {
1548
+ int ok;
1549
+ X509 *issuer = NULL;
1550
+ int crl_score = 0;
1551
+ unsigned int reasons;
1552
+ X509_CRL *crl = NULL, *dcrl = NULL;
1553
+ STACK_OF(X509_CRL) *skcrl;
1554
+ X509_NAME *nm = X509_get_issuer_name(x);
1555
+ reasons = ctx->current_reasons;
1556
+ ok = get_crl_sk(ctx, &crl, &dcrl,
1557
+ &issuer, &crl_score, &reasons, ctx->crls);
1558
+
1559
+ if (ok)
1560
+ goto done;
1561
+
1562
+ /* Lookup CRLs from store */
1563
+
1564
+ skcrl = ctx->lookup_crls(ctx, nm);
1565
+
1566
+ /* If no CRLs found and a near match from get_crl_sk use that */
1567
+ if (!skcrl && crl)
1568
+ goto done;
1569
+
1570
+ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1571
+
1572
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1573
+
1574
+ done:
1575
+
1576
+ /* If we got any kind of CRL use it and return success */
1577
+ if (crl) {
1578
+ ctx->current_issuer = issuer;
1579
+ ctx->current_crl_score = crl_score;
1580
+ ctx->current_reasons = reasons;
1581
+ *pcrl = crl;
1582
+ *pdcrl = dcrl;
1583
+ return 1;
1584
+ }
1585
+
1586
+ return 0;
1587
+ }
1588
+
1589
+ /* Check CRL validity */
1590
+ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1591
+ {
1592
+ X509 *issuer = NULL;
1593
+ EVP_PKEY *ikey = NULL;
1594
+ int ok = 0, chnum, cnum;
1595
+ cnum = ctx->error_depth;
1596
+ chnum = sk_X509_num(ctx->chain) - 1;
1597
+ /* if we have an alternative CRL issuer cert use that */
1598
+ if (ctx->current_issuer)
1599
+ issuer = ctx->current_issuer;
1600
+
1601
+ /*
1602
+ * Else find CRL issuer: if not last certificate then issuer is next
1603
+ * certificate in chain.
1604
+ */
1605
+ else if (cnum < chnum)
1606
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
1607
+ else {
1608
+ issuer = sk_X509_value(ctx->chain, chnum);
1609
+ /* If not self signed, can't check signature */
1610
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
1611
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1612
+ ok = ctx->verify_cb(0, ctx);
1613
+ if (!ok)
1614
+ goto err;
1615
+ }
1616
+ }
1617
+
1618
+ if (issuer) {
1619
+ /*
1620
+ * Skip most tests for deltas because they have already been done
1621
+ */
1622
+ if (!crl->base_crl_number) {
1623
+ /* Check for cRLSign bit if keyUsage present */
1624
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1625
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
1626
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1627
+ ok = ctx->verify_cb(0, ctx);
1628
+ if (!ok)
1629
+ goto err;
1630
+ }
1631
+
1632
+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1633
+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1634
+ ok = ctx->verify_cb(0, ctx);
1635
+ if (!ok)
1636
+ goto err;
1637
+ }
1638
+
1639
+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1640
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1641
+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1642
+ ok = ctx->verify_cb(0, ctx);
1643
+ if (!ok)
1644
+ goto err;
1645
+ }
1646
+ }
1647
+
1648
+ if (crl->idp_flags & IDP_INVALID) {
1649
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
1650
+ ok = ctx->verify_cb(0, ctx);
1651
+ if (!ok)
1652
+ goto err;
1653
+ }
1654
+
1655
+ }
1656
+
1657
+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1658
+ ok = check_crl_time(ctx, crl, 1);
1659
+ if (!ok)
1660
+ goto err;
1661
+ }
1662
+
1663
+ /* Attempt to get issuer certificate public key */
1664
+ ikey = X509_get_pubkey(issuer);
1665
+
1666
+ if (!ikey) {
1667
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1668
+ ok = ctx->verify_cb(0, ctx);
1669
+ if (!ok)
1670
+ goto err;
1671
+ } else {
1672
+ int rv;
1673
+ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1674
+ if (rv != X509_V_OK) {
1675
+ ctx->error = rv;
1676
+ ok = ctx->verify_cb(0, ctx);
1677
+ if (!ok)
1678
+ goto err;
1679
+ }
1680
+ /* Verify CRL signature */
1681
+ if (X509_CRL_verify(crl, ikey) <= 0) {
1682
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1683
+ ok = ctx->verify_cb(0, ctx);
1684
+ if (!ok)
1685
+ goto err;
1686
+ }
1687
+ }
1688
+ }
1689
+
1690
+ ok = 1;
1691
+
1692
+ err:
1693
+ EVP_PKEY_free(ikey);
1694
+ return ok;
1695
+ }
1696
+
1697
+ /* Check certificate against CRL */
1698
+ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1699
+ {
1700
+ int ok;
1701
+ X509_REVOKED *rev;
1702
+ /*
1703
+ * The rules changed for this... previously if a CRL contained unhandled
1704
+ * critical extensions it could still be used to indicate a certificate
1705
+ * was revoked. This has since been changed since critical extension can
1706
+ * change the meaning of CRL entries.
1707
+ */
1708
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1709
+ && (crl->flags & EXFLAG_CRITICAL)) {
1710
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1711
+ ok = ctx->verify_cb(0, ctx);
1712
+ if (!ok)
1713
+ return 0;
1714
+ }
1715
+ /*
1716
+ * Look for serial number of certificate in CRL If found make sure reason
1717
+ * is not removeFromCRL.
1718
+ */
1719
+ if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1720
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1721
+ return 2;
1722
+ ctx->error = X509_V_ERR_CERT_REVOKED;
1723
+ ok = ctx->verify_cb(0, ctx);
1724
+ if (!ok)
1725
+ return 0;
1726
+ }
1727
+
1728
+ return 1;
1729
+ }
1730
+
1731
+ static int check_policy(X509_STORE_CTX *ctx)
1732
+ {
1733
+ int ret;
1734
+ if (ctx->parent)
1735
+ return 1;
1736
+ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1737
+ ctx->param->policies, ctx->param->flags);
1738
+ if (ret == 0) {
1739
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1740
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
1741
+ return 0;
1742
+ }
1743
+ /* Invalid or inconsistent extensions */
1744
+ if (ret == -1) {
1745
+ /*
1746
+ * Locate certificates with bad extensions and notify callback.
1747
+ */
1748
+ X509 *x;
1749
+ size_t i;
1750
+ for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1751
+ x = sk_X509_value(ctx->chain, i);
1752
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1753
+ continue;
1754
+ ctx->current_cert = x;
1755
+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1756
+ if (!ctx->verify_cb(0, ctx))
1757
+ return 0;
1758
+ }
1759
+ return 1;
1760
+ }
1761
+ if (ret == -2) {
1762
+ ctx->current_cert = NULL;
1763
+ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1764
+ return ctx->verify_cb(0, ctx);
1765
+ }
1766
+
1767
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1768
+ ctx->current_cert = NULL;
1769
+ /*
1770
+ * Verification errors need to be "sticky", a callback may have allowed
1771
+ * an SSL handshake to continue despite an error, and we must then
1772
+ * remain in an error state. Therefore, we MUST NOT clear earlier
1773
+ * verification errors by setting the error to X509_V_OK.
1774
+ */
1775
+ if (!ctx->verify_cb(2, ctx))
1776
+ return 0;
1777
+ }
1778
+
1779
+ return 1;
1780
+ }
1781
+
1782
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1783
+ {
1784
+ time_t *ptime;
1785
+ int i;
1786
+
1787
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1788
+ ptime = &ctx->param->check_time;
1789
+ else
1790
+ ptime = NULL;
1791
+
1792
+ i = X509_cmp_time(X509_get_notBefore(x), ptime);
1793
+ if (i == 0) {
1794
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1795
+ ctx->current_cert = x;
1796
+ if (!ctx->verify_cb(0, ctx))
1797
+ return 0;
1798
+ }
1799
+
1800
+ if (i > 0) {
1801
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1802
+ ctx->current_cert = x;
1803
+ if (!ctx->verify_cb(0, ctx))
1804
+ return 0;
1805
+ }
1806
+
1807
+ i = X509_cmp_time(X509_get_notAfter(x), ptime);
1808
+ if (i == 0) {
1809
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1810
+ ctx->current_cert = x;
1811
+ if (!ctx->verify_cb(0, ctx))
1812
+ return 0;
1813
+ }
1814
+
1815
+ if (i < 0) {
1816
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1817
+ ctx->current_cert = x;
1818
+ if (!ctx->verify_cb(0, ctx))
1819
+ return 0;
1820
+ }
1821
+
1822
+ return 1;
1823
+ }
1824
+
1825
+ static int internal_verify(X509_STORE_CTX *ctx)
1826
+ {
1827
+ int ok = 0, n;
1828
+ X509 *xs, *xi;
1829
+ EVP_PKEY *pkey = NULL;
1830
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
1831
+
1832
+ cb = ctx->verify_cb;
1833
+
1834
+ n = sk_X509_num(ctx->chain);
1835
+ ctx->error_depth = n - 1;
1836
+ n--;
1837
+ xi = sk_X509_value(ctx->chain, n);
1838
+
1839
+ if (ctx->check_issued(ctx, xi, xi))
1840
+ xs = xi;
1841
+ else {
1842
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1843
+ xs = xi;
1844
+ goto check_cert;
1845
+ }
1846
+ if (n <= 0) {
1847
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1848
+ ctx->current_cert = xi;
1849
+ ok = cb(0, ctx);
1850
+ goto end;
1851
+ } else {
1852
+ n--;
1853
+ ctx->error_depth = n;
1854
+ xs = sk_X509_value(ctx->chain, n);
1855
+ }
1856
+ }
1857
+
1858
+ /* ctx->error=0; not needed */
1859
+ while (n >= 0) {
1860
+ ctx->error_depth = n;
1861
+
1862
+ /*
1863
+ * Skip signature check for self signed certificates unless
1864
+ * explicitly asked for. It doesn't add any security and just wastes
1865
+ * time.
1866
+ */
1867
+ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1868
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
1869
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1870
+ ctx->current_cert = xi;
1871
+ ok = (*cb) (0, ctx);
1872
+ if (!ok)
1873
+ goto end;
1874
+ } else if (X509_verify(xs, pkey) <= 0) {
1875
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1876
+ ctx->current_cert = xs;
1877
+ ok = (*cb) (0, ctx);
1878
+ if (!ok) {
1879
+ EVP_PKEY_free(pkey);
1880
+ goto end;
1881
+ }
1882
+ }
1883
+ EVP_PKEY_free(pkey);
1884
+ pkey = NULL;
1885
+ }
1886
+
1887
+ check_cert:
1888
+ ok = check_cert_time(ctx, xs);
1889
+ if (!ok)
1890
+ goto end;
1891
+
1892
+ /* The last error (if any) is still in the error value */
1893
+ ctx->current_issuer = xi;
1894
+ ctx->current_cert = xs;
1895
+ ok = (*cb) (1, ctx);
1896
+ if (!ok)
1897
+ goto end;
1898
+
1899
+ n--;
1900
+ if (n >= 0) {
1901
+ xi = xs;
1902
+ xs = sk_X509_value(ctx->chain, n);
1903
+ }
1904
+ }
1905
+ ok = 1;
1906
+ end:
1907
+ return ok;
1908
+ }
1909
+
1910
+ int X509_cmp_current_time(const ASN1_TIME *ctm)
1911
+ {
1912
+ return X509_cmp_time(ctm, NULL);
1913
+ }
1914
+
1915
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1916
+ {
1917
+ static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
1918
+ static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
1919
+ ASN1_TIME *asn1_cmp_time = NULL;
1920
+ int i, day, sec, ret = 0;
1921
+
1922
+ /*
1923
+ * Note that ASN.1 allows much more slack in the time format than RFC5280.
1924
+ * In RFC5280, the representation is fixed:
1925
+ * UTCTime: YYMMDDHHMMSSZ
1926
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
1927
+ *
1928
+ * We do NOT currently enforce the following RFC 5280 requirement:
1929
+ * "CAs conforming to this profile MUST always encode certificate
1930
+ * validity dates through the year 2049 as UTCTime; certificate validity
1931
+ * dates in 2050 or later MUST be encoded as GeneralizedTime."
1932
+ */
1933
+ switch (ctm->type) {
1934
+ case V_ASN1_UTCTIME:
1935
+ if (ctm->length != (int)(utctime_length))
1936
+ return 0;
1937
+ break;
1938
+ case V_ASN1_GENERALIZEDTIME:
1939
+ if (ctm->length != (int)(generalizedtime_length))
1940
+ return 0;
1941
+ break;
1942
+ default:
1943
+ return 0;
1944
+ }
1945
+
1946
+ /**
1947
+ * Verify the format: the ASN.1 functions we use below allow a more
1948
+ * flexible format than what's mandated by RFC 5280.
1949
+ * Digit and date ranges will be verified in the conversion methods.
1950
+ */
1951
+ for (i = 0; i < ctm->length - 1; i++) {
1952
+ if (!isdigit(ctm->data[i]))
1953
+ return 0;
1954
+ }
1955
+ if (ctm->data[ctm->length - 1] != 'Z')
1956
+ return 0;
1957
+
1958
+ /*
1959
+ * There is ASN1_UTCTIME_cmp_time_t but no
1960
+ * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
1961
+ * so we go through ASN.1
1962
+ */
1963
+ asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
1964
+ if (asn1_cmp_time == NULL)
1965
+ goto err;
1966
+ if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
1967
+ goto err;
1968
+
1969
+ /*
1970
+ * X509_cmp_time comparison is <=.
1971
+ * The return value 0 is reserved for errors.
1972
+ */
1973
+ ret = (day >= 0 && sec >= 0) ? -1 : 1;
1974
+
1975
+ err:
1976
+ ASN1_TIME_free(asn1_cmp_time);
1977
+ return ret;
1978
+ }
1979
+
1980
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
1981
+ {
1982
+ return X509_time_adj(s, adj, NULL);
1983
+ }
1984
+
1985
+ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1986
+ {
1987
+ return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1988
+ }
1989
+
1990
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1991
+ int offset_day, long offset_sec, time_t *in_tm)
1992
+ {
1993
+ time_t t = 0;
1994
+
1995
+ if (in_tm)
1996
+ t = *in_tm;
1997
+ else
1998
+ time(&t);
1999
+
2000
+ if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
2001
+ if (s->type == V_ASN1_UTCTIME)
2002
+ return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
2003
+ if (s->type == V_ASN1_GENERALIZEDTIME)
2004
+ return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
2005
+ }
2006
+ return ASN1_TIME_adj(s, t, offset_day, offset_sec);
2007
+ }
2008
+
2009
+ /* Make a delta CRL as the diff between two full CRLs */
2010
+
2011
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
2012
+ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
2013
+ {
2014
+ X509_CRL *crl = NULL;
2015
+ int i;
2016
+ size_t j;
2017
+ STACK_OF(X509_REVOKED) *revs = NULL;
2018
+ /* CRLs can't be delta already */
2019
+ if (base->base_crl_number || newer->base_crl_number) {
2020
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
2021
+ return NULL;
2022
+ }
2023
+ /* Base and new CRL must have a CRL number */
2024
+ if (!base->crl_number || !newer->crl_number) {
2025
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
2026
+ return NULL;
2027
+ }
2028
+ /* Issuer names must match */
2029
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
2030
+ OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
2031
+ return NULL;
2032
+ }
2033
+ /* AKID and IDP must match */
2034
+ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
2035
+ OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
2036
+ return NULL;
2037
+ }
2038
+ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
2039
+ OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2040
+ return NULL;
2041
+ }
2042
+ /* Newer CRL number must exceed full CRL number */
2043
+ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
2044
+ OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2045
+ return NULL;
2046
+ }
2047
+ /* CRLs must verify */
2048
+ if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2049
+ X509_CRL_verify(newer, skey) <= 0)) {
2050
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2051
+ return NULL;
2052
+ }
2053
+ /* Create new CRL */
2054
+ crl = X509_CRL_new();
2055
+ if (!crl || !X509_CRL_set_version(crl, 1))
2056
+ goto memerr;
2057
+ /* Set issuer name */
2058
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2059
+ goto memerr;
2060
+
2061
+ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
2062
+ goto memerr;
2063
+ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
2064
+ goto memerr;
2065
+
2066
+ /* Set base CRL number: must be critical */
2067
+
2068
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
2069
+ goto memerr;
2070
+
2071
+ /*
2072
+ * Copy extensions across from newest CRL to delta: this will set CRL
2073
+ * number to correct value too.
2074
+ */
2075
+
2076
+ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
2077
+ X509_EXTENSION *ext;
2078
+ ext = X509_CRL_get_ext(newer, i);
2079
+ if (!X509_CRL_add_ext(crl, ext, -1))
2080
+ goto memerr;
2081
+ }
2082
+
2083
+ /* Go through revoked entries, copying as needed */
2084
+
2085
+ revs = X509_CRL_get_REVOKED(newer);
2086
+
2087
+ for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
2088
+ X509_REVOKED *rvn, *rvtmp;
2089
+ rvn = sk_X509_REVOKED_value(revs, j);
2090
+ /*
2091
+ * Add only if not also in base. TODO: need something cleverer here
2092
+ * for some more complex CRLs covering multiple CAs.
2093
+ */
2094
+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2095
+ rvtmp = X509_REVOKED_dup(rvn);
2096
+ if (!rvtmp)
2097
+ goto memerr;
2098
+ if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2099
+ X509_REVOKED_free(rvtmp);
2100
+ goto memerr;
2101
+ }
2102
+ }
2103
+ }
2104
+ /* TODO: optionally prune deleted entries */
2105
+
2106
+ if (skey && md && !X509_CRL_sign(crl, skey, md))
2107
+ goto memerr;
2108
+
2109
+ return crl;
2110
+
2111
+ memerr:
2112
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2113
+ if (crl)
2114
+ X509_CRL_free(crl);
2115
+ return NULL;
2116
+ }
2117
+
2118
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2119
+ CRYPTO_EX_unused * unused,
2120
+ CRYPTO_EX_dup *dup_unused,
2121
+ CRYPTO_EX_free *free_func)
2122
+ {
2123
+ /*
2124
+ * This function is (usually) called only once, by
2125
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2126
+ */
2127
+ int index;
2128
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2129
+ free_func)) {
2130
+ return -1;
2131
+ }
2132
+ return index;
2133
+ }
2134
+
2135
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2136
+ {
2137
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2138
+ }
2139
+
2140
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2141
+ {
2142
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2143
+ }
2144
+
2145
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2146
+ {
2147
+ return ctx->error;
2148
+ }
2149
+
2150
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2151
+ {
2152
+ ctx->error = err;
2153
+ }
2154
+
2155
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2156
+ {
2157
+ return ctx->error_depth;
2158
+ }
2159
+
2160
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2161
+ {
2162
+ return ctx->current_cert;
2163
+ }
2164
+
2165
+ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2166
+ {
2167
+ return ctx->chain;
2168
+ }
2169
+
2170
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
2171
+ {
2172
+ return ctx->chain;
2173
+ }
2174
+
2175
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2176
+ {
2177
+ if (!ctx->chain)
2178
+ return NULL;
2179
+ return X509_chain_up_ref(ctx->chain);
2180
+ }
2181
+
2182
+ X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2183
+ {
2184
+ return ctx->current_issuer;
2185
+ }
2186
+
2187
+ X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2188
+ {
2189
+ return ctx->current_crl;
2190
+ }
2191
+
2192
+ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2193
+ {
2194
+ return ctx->parent;
2195
+ }
2196
+
2197
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2198
+ {
2199
+ ctx->cert = x;
2200
+ }
2201
+
2202
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2203
+ {
2204
+ ctx->untrusted = sk;
2205
+ }
2206
+
2207
+ STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
2208
+ {
2209
+ return ctx->untrusted;
2210
+ }
2211
+
2212
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2213
+ {
2214
+ ctx->crls = sk;
2215
+ }
2216
+
2217
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2218
+ {
2219
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2220
+ }
2221
+
2222
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2223
+ {
2224
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2225
+ }
2226
+
2227
+ /*
2228
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
2229
+ * This is intended to be used when another structure has its own trust and
2230
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
2231
+ * set then we will usually have a default purpose in mind which should then
2232
+ * be used to set the trust value. An example of this is SSL use: an SSL
2233
+ * structure will have its own purpose and trust settings which the
2234
+ * application can set: if they aren't set then we use the default of SSL
2235
+ * client/server.
2236
+ */
2237
+
2238
+ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2239
+ int purpose, int trust)
2240
+ {
2241
+ int idx;
2242
+ /* If purpose not set use default */
2243
+ if (!purpose)
2244
+ purpose = def_purpose;
2245
+ /* If we have a purpose then check it is valid */
2246
+ if (purpose) {
2247
+ X509_PURPOSE *ptmp;
2248
+ idx = X509_PURPOSE_get_by_id(purpose);
2249
+ if (idx == -1) {
2250
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2251
+ return 0;
2252
+ }
2253
+ ptmp = X509_PURPOSE_get0(idx);
2254
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
2255
+ idx = X509_PURPOSE_get_by_id(def_purpose);
2256
+ if (idx == -1) {
2257
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2258
+ return 0;
2259
+ }
2260
+ ptmp = X509_PURPOSE_get0(idx);
2261
+ }
2262
+ /* If trust not set then get from purpose default */
2263
+ if (!trust)
2264
+ trust = ptmp->trust;
2265
+ }
2266
+ if (trust) {
2267
+ idx = X509_TRUST_get_by_id(trust);
2268
+ if (idx == -1) {
2269
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2270
+ return 0;
2271
+ }
2272
+ }
2273
+
2274
+ if (purpose && !ctx->param->purpose)
2275
+ ctx->param->purpose = purpose;
2276
+ if (trust && !ctx->param->trust)
2277
+ ctx->param->trust = trust;
2278
+ return 1;
2279
+ }
2280
+
2281
+ X509_STORE_CTX *X509_STORE_CTX_new(void)
2282
+ {
2283
+ X509_STORE_CTX *ctx;
2284
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2285
+ if (!ctx) {
2286
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2287
+ return NULL;
2288
+ }
2289
+ X509_STORE_CTX_zero(ctx);
2290
+ return ctx;
2291
+ }
2292
+
2293
+ void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2294
+ {
2295
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2296
+ }
2297
+
2298
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2299
+ {
2300
+ if (ctx == NULL) {
2301
+ return;
2302
+ }
2303
+ X509_STORE_CTX_cleanup(ctx);
2304
+ OPENSSL_free(ctx);
2305
+ }
2306
+
2307
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2308
+ STACK_OF(X509) *chain)
2309
+ {
2310
+ int ret = 1;
2311
+
2312
+ X509_STORE_CTX_zero(ctx);
2313
+ ctx->ctx = store;
2314
+ ctx->cert = x509;
2315
+ ctx->untrusted = chain;
2316
+
2317
+ CRYPTO_new_ex_data(&ctx->ex_data);
2318
+
2319
+ ctx->param = X509_VERIFY_PARAM_new();
2320
+ if (!ctx->param)
2321
+ goto err;
2322
+
2323
+ /*
2324
+ * Inherit callbacks and flags from X509_STORE if not set use defaults.
2325
+ */
2326
+
2327
+ if (store)
2328
+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2329
+ else
2330
+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
2331
+
2332
+ if (store) {
2333
+ ctx->verify_cb = store->verify_cb;
2334
+ ctx->cleanup = store->cleanup;
2335
+ } else
2336
+ ctx->cleanup = 0;
2337
+
2338
+ if (ret)
2339
+ ret = X509_VERIFY_PARAM_inherit(ctx->param,
2340
+ X509_VERIFY_PARAM_lookup("default"));
2341
+
2342
+ if (ret == 0)
2343
+ goto err;
2344
+
2345
+ if (store && store->check_issued)
2346
+ ctx->check_issued = store->check_issued;
2347
+ else
2348
+ ctx->check_issued = check_issued;
2349
+
2350
+ if (store && store->get_issuer)
2351
+ ctx->get_issuer = store->get_issuer;
2352
+ else
2353
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2354
+
2355
+ if (store && store->verify_cb)
2356
+ ctx->verify_cb = store->verify_cb;
2357
+ else
2358
+ ctx->verify_cb = null_callback;
2359
+
2360
+ if (store && store->verify)
2361
+ ctx->verify = store->verify;
2362
+ else
2363
+ ctx->verify = internal_verify;
2364
+
2365
+ if (store && store->check_revocation)
2366
+ ctx->check_revocation = store->check_revocation;
2367
+ else
2368
+ ctx->check_revocation = check_revocation;
2369
+
2370
+ if (store && store->get_crl)
2371
+ ctx->get_crl = store->get_crl;
2372
+ else
2373
+ ctx->get_crl = NULL;
2374
+
2375
+ if (store && store->check_crl)
2376
+ ctx->check_crl = store->check_crl;
2377
+ else
2378
+ ctx->check_crl = check_crl;
2379
+
2380
+ if (store && store->cert_crl)
2381
+ ctx->cert_crl = store->cert_crl;
2382
+ else
2383
+ ctx->cert_crl = cert_crl;
2384
+
2385
+ if (store && store->lookup_certs)
2386
+ ctx->lookup_certs = store->lookup_certs;
2387
+ else
2388
+ ctx->lookup_certs = X509_STORE_get1_certs;
2389
+
2390
+ if (store && store->lookup_crls)
2391
+ ctx->lookup_crls = store->lookup_crls;
2392
+ else
2393
+ ctx->lookup_crls = X509_STORE_get1_crls;
2394
+
2395
+ ctx->check_policy = check_policy;
2396
+
2397
+ return 1;
2398
+
2399
+ err:
2400
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2401
+ if (ctx->param != NULL) {
2402
+ X509_VERIFY_PARAM_free(ctx->param);
2403
+ }
2404
+
2405
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2406
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2407
+ return 0;
2408
+ }
2409
+
2410
+ /*
2411
+ * Set alternative lookup method: just a STACK of trusted certificates. This
2412
+ * avoids X509_STORE nastiness where it isn't needed.
2413
+ */
2414
+
2415
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2416
+ {
2417
+ ctx->other_ctx = sk;
2418
+ ctx->get_issuer = get_issuer_sk;
2419
+ }
2420
+
2421
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2422
+ {
2423
+ /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2424
+ * also calls this function. */
2425
+ if (ctx->cleanup != NULL) {
2426
+ ctx->cleanup(ctx);
2427
+ ctx->cleanup = NULL;
2428
+ }
2429
+ if (ctx->param != NULL) {
2430
+ if (ctx->parent == NULL)
2431
+ X509_VERIFY_PARAM_free(ctx->param);
2432
+ ctx->param = NULL;
2433
+ }
2434
+ if (ctx->tree != NULL) {
2435
+ X509_policy_tree_free(ctx->tree);
2436
+ ctx->tree = NULL;
2437
+ }
2438
+ if (ctx->chain != NULL) {
2439
+ sk_X509_pop_free(ctx->chain, X509_free);
2440
+ ctx->chain = NULL;
2441
+ }
2442
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2443
+ OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2444
+ }
2445
+
2446
+ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2447
+ {
2448
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2449
+ }
2450
+
2451
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2452
+ {
2453
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2454
+ }
2455
+
2456
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2457
+ time_t t)
2458
+ {
2459
+ X509_VERIFY_PARAM_set_time(ctx->param, t);
2460
+ }
2461
+
2462
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2463
+ {
2464
+ return ctx->cert;
2465
+ }
2466
+
2467
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2468
+ int (*verify_cb) (int, X509_STORE_CTX *))
2469
+ {
2470
+ ctx->verify_cb = verify_cb;
2471
+ }
2472
+
2473
+ X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2474
+ {
2475
+ return ctx->tree;
2476
+ }
2477
+
2478
+ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2479
+ {
2480
+ return ctx->explicit_policy;
2481
+ }
2482
+
2483
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2484
+ {
2485
+ const X509_VERIFY_PARAM *param;
2486
+ param = X509_VERIFY_PARAM_lookup(name);
2487
+ if (!param)
2488
+ return 0;
2489
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
2490
+ }
2491
+
2492
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2493
+ {
2494
+ return ctx->param;
2495
+ }
2496
+
2497
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2498
+ {
2499
+ if (ctx->param)
2500
+ X509_VERIFY_PARAM_free(ctx->param);
2501
+ ctx->param = param;
2502
+ }
2503
+
2504
+ IMPLEMENT_ASN1_SET_OF(X509)
2505
+
2506
+ IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)