grpc 1.30.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1758) hide show
  1. checksums.yaml +7 -0
  2. data/.yardopts +1 -0
  3. data/Makefile +20074 -0
  4. data/etc/roots.pem +4644 -0
  5. data/include/grpc/byte_buffer.h +27 -0
  6. data/include/grpc/byte_buffer_reader.h +26 -0
  7. data/include/grpc/census.h +40 -0
  8. data/include/grpc/compression.h +75 -0
  9. data/include/grpc/fork.h +26 -0
  10. data/include/grpc/grpc.h +540 -0
  11. data/include/grpc/grpc_cronet.h +38 -0
  12. data/include/grpc/grpc_posix.h +59 -0
  13. data/include/grpc/grpc_security.h +1019 -0
  14. data/include/grpc/grpc_security_constants.h +146 -0
  15. data/include/grpc/impl/codegen/atm.h +95 -0
  16. data/include/grpc/impl/codegen/atm_gcc_atomic.h +91 -0
  17. data/include/grpc/impl/codegen/atm_gcc_sync.h +85 -0
  18. data/include/grpc/impl/codegen/atm_windows.h +128 -0
  19. data/include/grpc/impl/codegen/byte_buffer.h +101 -0
  20. data/include/grpc/impl/codegen/byte_buffer_reader.h +42 -0
  21. data/include/grpc/impl/codegen/compression_types.h +108 -0
  22. data/include/grpc/impl/codegen/connectivity_state.h +44 -0
  23. data/include/grpc/impl/codegen/fork.h +48 -0
  24. data/include/grpc/impl/codegen/gpr_slice.h +69 -0
  25. data/include/grpc/impl/codegen/gpr_types.h +59 -0
  26. data/include/grpc/impl/codegen/grpc_types.h +785 -0
  27. data/include/grpc/impl/codegen/log.h +112 -0
  28. data/include/grpc/impl/codegen/port_platform.h +720 -0
  29. data/include/grpc/impl/codegen/propagation_bits.h +52 -0
  30. data/include/grpc/impl/codegen/slice.h +127 -0
  31. data/include/grpc/impl/codegen/status.h +154 -0
  32. data/include/grpc/impl/codegen/sync.h +65 -0
  33. data/include/grpc/impl/codegen/sync_abseil.h +36 -0
  34. data/include/grpc/impl/codegen/sync_custom.h +38 -0
  35. data/include/grpc/impl/codegen/sync_generic.h +48 -0
  36. data/include/grpc/impl/codegen/sync_posix.h +52 -0
  37. data/include/grpc/impl/codegen/sync_windows.h +36 -0
  38. data/include/grpc/load_reporting.h +48 -0
  39. data/include/grpc/module.modulemap +64 -0
  40. data/include/grpc/slice.h +172 -0
  41. data/include/grpc/slice_buffer.h +84 -0
  42. data/include/grpc/status.h +26 -0
  43. data/include/grpc/support/alloc.h +52 -0
  44. data/include/grpc/support/atm.h +26 -0
  45. data/include/grpc/support/atm_gcc_atomic.h +26 -0
  46. data/include/grpc/support/atm_gcc_sync.h +26 -0
  47. data/include/grpc/support/atm_windows.h +26 -0
  48. data/include/grpc/support/cpu.h +44 -0
  49. data/include/grpc/support/log.h +26 -0
  50. data/include/grpc/support/log_windows.h +38 -0
  51. data/include/grpc/support/port_platform.h +24 -0
  52. data/include/grpc/support/string_util.h +51 -0
  53. data/include/grpc/support/sync.h +282 -0
  54. data/include/grpc/support/sync_abseil.h +26 -0
  55. data/include/grpc/support/sync_custom.h +26 -0
  56. data/include/grpc/support/sync_generic.h +26 -0
  57. data/include/grpc/support/sync_posix.h +26 -0
  58. data/include/grpc/support/sync_windows.h +26 -0
  59. data/include/grpc/support/thd_id.h +44 -0
  60. data/include/grpc/support/time.h +92 -0
  61. data/include/grpc/support/workaround_list.h +31 -0
  62. data/src/core/ext/filters/census/grpc_context.cc +38 -0
  63. data/src/core/ext/filters/client_channel/backend_metric.cc +81 -0
  64. data/src/core/ext/filters/client_channel/backend_metric.h +36 -0
  65. data/src/core/ext/filters/client_channel/backup_poller.cc +181 -0
  66. data/src/core/ext/filters/client_channel/backup_poller.h +41 -0
  67. data/src/core/ext/filters/client_channel/channel_connectivity.cc +264 -0
  68. data/src/core/ext/filters/client_channel/client_channel.cc +4059 -0
  69. data/src/core/ext/filters/client_channel/client_channel.h +82 -0
  70. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +95 -0
  71. data/src/core/ext/filters/client_channel/client_channel_channelz.h +78 -0
  72. data/src/core/ext/filters/client_channel/client_channel_factory.cc +55 -0
  73. data/src/core/ext/filters/client_channel/client_channel_factory.h +47 -0
  74. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +70 -0
  75. data/src/core/ext/filters/client_channel/connector.h +79 -0
  76. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +179 -0
  77. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +68 -0
  78. data/src/core/ext/filters/client_channel/health/health_check_client.cc +606 -0
  79. data/src/core/ext/filters/client_channel/health/health_check_client.h +175 -0
  80. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +389 -0
  81. data/src/core/ext/filters/client_channel/http_connect_handshaker.h +34 -0
  82. data/src/core/ext/filters/client_channel/http_proxy.cc +216 -0
  83. data/src/core/ext/filters/client_channel/http_proxy.h +28 -0
  84. data/src/core/ext/filters/client_channel/lb_policy.cc +138 -0
  85. data/src/core/ext/filters/client_channel/lb_policy.h +421 -0
  86. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +83 -0
  87. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +99 -0
  88. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +297 -0
  89. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +83 -0
  90. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +157 -0
  91. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +29 -0
  92. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +1754 -0
  93. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +43 -0
  94. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +89 -0
  95. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +40 -0
  96. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +45 -0
  97. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +121 -0
  98. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +91 -0
  99. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +75 -0
  100. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +193 -0
  101. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +74 -0
  102. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +509 -0
  103. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +871 -0
  104. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +504 -0
  105. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +448 -0
  106. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +734 -0
  107. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +417 -0
  108. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +938 -0
  109. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +528 -0
  110. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +32 -0
  111. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +834 -0
  112. data/src/core/ext/filters/client_channel/lb_policy_factory.h +47 -0
  113. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +182 -0
  114. data/src/core/ext/filters/client_channel/lb_policy_registry.h +65 -0
  115. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +96 -0
  116. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +57 -0
  117. data/src/core/ext/filters/client_channel/parse_address.cc +238 -0
  118. data/src/core/ext/filters/client_channel/parse_address.h +53 -0
  119. data/src/core/ext/filters/client_channel/proxy_mapper.h +54 -0
  120. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +89 -0
  121. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +50 -0
  122. data/src/core/ext/filters/client_channel/resolver.cc +85 -0
  123. data/src/core/ext/filters/client_channel/resolver.h +144 -0
  124. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +535 -0
  125. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +484 -0
  126. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +104 -0
  127. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +177 -0
  128. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +107 -0
  129. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +897 -0
  130. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +819 -0
  131. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +97 -0
  132. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +68 -0
  133. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +38 -0
  134. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +29 -0
  135. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +34 -0
  136. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +28 -0
  137. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +29 -0
  138. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +318 -0
  139. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +383 -0
  140. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +93 -0
  141. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +188 -0
  142. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +184 -0
  143. data/src/core/ext/filters/client_channel/resolver_factory.h +73 -0
  144. data/src/core/ext/filters/client_channel/resolver_registry.cc +197 -0
  145. data/src/core/ext/filters/client_channel/resolver_registry.h +89 -0
  146. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +443 -0
  147. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +127 -0
  148. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +348 -0
  149. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +123 -0
  150. data/src/core/ext/filters/client_channel/retry_throttle.cc +191 -0
  151. data/src/core/ext/filters/client_channel/retry_throttle.h +77 -0
  152. data/src/core/ext/filters/client_channel/server_address.cc +48 -0
  153. data/src/core/ext/filters/client_channel/server_address.h +90 -0
  154. data/src/core/ext/filters/client_channel/service_config.cc +221 -0
  155. data/src/core/ext/filters/client_channel/service_config.h +123 -0
  156. data/src/core/ext/filters/client_channel/service_config_call_data.h +68 -0
  157. data/src/core/ext/filters/client_channel/service_config_parser.cc +87 -0
  158. data/src/core/ext/filters/client_channel/service_config_parser.h +89 -0
  159. data/src/core/ext/filters/client_channel/subchannel.cc +1127 -0
  160. data/src/core/ext/filters/client_channel/subchannel.h +427 -0
  161. data/src/core/ext/filters/client_channel/subchannel_interface.h +94 -0
  162. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +97 -0
  163. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +91 -0
  164. data/src/core/ext/filters/client_channel/xds/xds_api.cc +1906 -0
  165. data/src/core/ext/filters/client_channel/xds/xds_api.h +280 -0
  166. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +342 -0
  167. data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +88 -0
  168. data/src/core/ext/filters/client_channel/xds/xds_channel.h +46 -0
  169. data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
  170. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +106 -0
  171. data/src/core/ext/filters/client_channel/xds/xds_client.cc +2367 -0
  172. data/src/core/ext/filters/client_channel/xds/xds_client.h +309 -0
  173. data/src/core/ext/filters/client_channel/xds/xds_client_stats.cc +115 -0
  174. data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +211 -0
  175. data/src/core/ext/filters/client_idle/client_idle_filter.cc +440 -0
  176. data/src/core/ext/filters/deadline/deadline_filter.cc +386 -0
  177. data/src/core/ext/filters/deadline/deadline_filter.h +90 -0
  178. data/src/core/ext/filters/http/client/http_client_filter.cc +596 -0
  179. data/src/core/ext/filters/http/client/http_client_filter.h +31 -0
  180. data/src/core/ext/filters/http/client_authority_filter.cc +159 -0
  181. data/src/core/ext/filters/http/client_authority_filter.h +34 -0
  182. data/src/core/ext/filters/http/http_filters_plugin.cc +104 -0
  183. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +546 -0
  184. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +53 -0
  185. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +358 -0
  186. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +29 -0
  187. data/src/core/ext/filters/http/server/http_server_filter.cc +528 -0
  188. data/src/core/ext/filters/http/server/http_server_filter.h +29 -0
  189. data/src/core/ext/filters/max_age/max_age_filter.cc +556 -0
  190. data/src/core/ext/filters/max_age/max_age_filter.h +26 -0
  191. data/src/core/ext/filters/message_size/message_size_filter.cc +423 -0
  192. data/src/core/ext/filters/message_size/message_size_filter.h +59 -0
  193. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +210 -0
  194. data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.h +27 -0
  195. data/src/core/ext/filters/workarounds/workaround_utils.cc +53 -0
  196. data/src/core/ext/filters/workarounds/workaround_utils.h +39 -0
  197. data/src/core/ext/transport/chttp2/alpn/alpn.cc +44 -0
  198. data/src/core/ext/transport/chttp2/alpn/alpn.h +36 -0
  199. data/src/core/ext/transport/chttp2/client/authority.cc +42 -0
  200. data/src/core/ext/transport/chttp2/client/authority.h +36 -0
  201. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +206 -0
  202. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +58 -0
  203. data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +112 -0
  204. data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +79 -0
  205. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +225 -0
  206. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +451 -0
  207. data/src/core/ext/transport/chttp2/server/chttp2_server.h +33 -0
  208. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +45 -0
  209. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +75 -0
  210. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +86 -0
  211. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +250 -0
  212. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +56 -0
  213. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +230 -0
  214. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +42 -0
  215. data/src/core/ext/transport/chttp2/transport/chttp2_plugin.cc +37 -0
  216. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +3346 -0
  217. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +52 -0
  218. data/src/core/ext/transport/chttp2/transport/context_list.cc +69 -0
  219. data/src/core/ext/transport/chttp2/transport/context_list.h +53 -0
  220. data/src/core/ext/transport/chttp2/transport/flow_control.cc +408 -0
  221. data/src/core/ext/transport/chttp2/transport/flow_control.h +474 -0
  222. data/src/core/ext/transport/chttp2/transport/frame.h +47 -0
  223. data/src/core/ext/transport/chttp2/transport/frame_data.cc +307 -0
  224. data/src/core/ext/transport/chttp2/transport/frame_data.h +82 -0
  225. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +187 -0
  226. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +62 -0
  227. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +133 -0
  228. data/src/core/ext/transport/chttp2/transport/frame_ping.h +44 -0
  229. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +122 -0
  230. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +50 -0
  231. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +242 -0
  232. data/src/core/ext/transport/chttp2/transport/frame_settings.h +60 -0
  233. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +123 -0
  234. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +44 -0
  235. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +900 -0
  236. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +107 -0
  237. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +1761 -0
  238. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +117 -0
  239. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +246 -0
  240. data/src/core/ext/transport/chttp2/transport/hpack_table.h +148 -0
  241. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +62 -0
  242. data/src/core/ext/transport/chttp2/transport/http2_settings.h +61 -0
  243. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +92 -0
  244. data/src/core/ext/transport/chttp2/transport/huffsyms.h +32 -0
  245. data/src/core/ext/transport/chttp2/transport/incoming_metadata.cc +66 -0
  246. data/src/core/ext/transport/chttp2/transport/incoming_metadata.h +58 -0
  247. data/src/core/ext/transport/chttp2/transport/internal.h +864 -0
  248. data/src/core/ext/transport/chttp2/transport/parsing.cc +803 -0
  249. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +216 -0
  250. data/src/core/ext/transport/chttp2/transport/stream_map.cc +177 -0
  251. data/src/core/ext/transport/chttp2/transport/stream_map.h +67 -0
  252. data/src/core/ext/transport/chttp2/transport/varint.cc +56 -0
  253. data/src/core/ext/transport/chttp2/transport/varint.h +60 -0
  254. data/src/core/ext/transport/chttp2/transport/writing.cc +706 -0
  255. data/src/core/ext/transport/inproc/inproc_plugin.cc +28 -0
  256. data/src/core/ext/transport/inproc/inproc_transport.cc +1296 -0
  257. data/src/core/ext/transport/inproc/inproc_transport.h +35 -0
  258. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +17 -0
  259. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +30 -0
  260. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +27 -0
  261. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +54 -0
  262. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +21 -0
  263. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +35 -0
  264. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +114 -0
  265. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +418 -0
  266. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +72 -0
  267. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +197 -0
  268. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +105 -0
  269. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +378 -0
  270. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.c +28 -0
  271. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +53 -0
  272. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +403 -0
  273. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +1447 -0
  274. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +74 -0
  275. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +218 -0
  276. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.c +35 -0
  277. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +69 -0
  278. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.c +55 -0
  279. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +305 -0
  280. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +112 -0
  281. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +328 -0
  282. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.c +35 -0
  283. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +78 -0
  284. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +313 -0
  285. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +897 -0
  286. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +96 -0
  287. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +322 -0
  288. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +34 -0
  289. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +72 -0
  290. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +197 -0
  291. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +642 -0
  292. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +172 -0
  293. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +673 -0
  294. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.c +36 -0
  295. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +80 -0
  296. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +152 -0
  297. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +518 -0
  298. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.c +34 -0
  299. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +89 -0
  300. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +129 -0
  301. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +392 -0
  302. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.c +31 -0
  303. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +53 -0
  304. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +92 -0
  305. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +240 -0
  306. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +18 -0
  307. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +33 -0
  308. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +91 -0
  309. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +266 -0
  310. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +112 -0
  311. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +324 -0
  312. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.c +31 -0
  313. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +53 -0
  314. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +109 -0
  315. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +399 -0
  316. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +18 -0
  317. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +33 -0
  318. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +145 -0
  319. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +527 -0
  320. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +43 -0
  321. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +112 -0
  322. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.c +30 -0
  323. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +53 -0
  324. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +63 -0
  325. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +199 -0
  326. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +18 -0
  327. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +33 -0
  328. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +815 -0
  329. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +3032 -0
  330. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +59 -0
  331. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +134 -0
  332. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.c +28 -0
  333. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +53 -0
  334. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +228 -0
  335. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +725 -0
  336. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +316 -0
  337. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +1132 -0
  338. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.c +33 -0
  339. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +65 -0
  340. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +51 -0
  341. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +125 -0
  342. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.c +24 -0
  343. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +50 -0
  344. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +54 -0
  345. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +134 -0
  346. data/src/core/ext/upb-generated/envoy/type/http.upb.c +17 -0
  347. data/src/core/ext/upb-generated/envoy/type/http.upb.h +36 -0
  348. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +63 -0
  349. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +144 -0
  350. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +53 -0
  351. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +133 -0
  352. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +88 -0
  353. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +258 -0
  354. data/src/core/ext/upb-generated/envoy/type/percent.upb.c +39 -0
  355. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +87 -0
  356. data/src/core/ext/upb-generated/envoy/type/range.upb.c +50 -0
  357. data/src/core/ext/upb-generated/envoy/type/range.upb.h +112 -0
  358. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.c +29 -0
  359. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +62 -0
  360. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +89 -0
  361. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +249 -0
  362. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +17 -0
  363. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +30 -0
  364. data/src/core/ext/upb-generated/google/api/annotations.upb.c +18 -0
  365. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -0
  366. data/src/core/ext/upb-generated/google/api/http.upb.c +66 -0
  367. data/src/core/ext/upb-generated/google/api/http.upb.h +190 -0
  368. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +27 -0
  369. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +58 -0
  370. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +486 -0
  371. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +1696 -0
  372. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +27 -0
  373. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +58 -0
  374. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +22 -0
  375. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +50 -0
  376. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +79 -0
  377. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +215 -0
  378. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +27 -0
  379. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +58 -0
  380. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +106 -0
  381. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +238 -0
  382. data/src/core/ext/upb-generated/google/rpc/status.upb.c +33 -0
  383. data/src/core/ext/upb-generated/google/rpc/status.upb.h +74 -0
  384. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +49 -0
  385. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +126 -0
  386. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +212 -0
  387. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +693 -0
  388. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +42 -0
  389. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +109 -0
  390. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +36 -0
  391. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +84 -0
  392. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +141 -0
  393. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +393 -0
  394. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +48 -0
  395. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +104 -0
  396. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +17 -0
  397. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +30 -0
  398. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +28 -0
  399. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +65 -0
  400. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +58 -0
  401. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +144 -0
  402. data/src/core/ext/upb-generated/validate/validate.upb.c +448 -0
  403. data/src/core/ext/upb-generated/validate/validate.upb.h +2073 -0
  404. data/src/core/lib/avl/avl.cc +306 -0
  405. data/src/core/lib/avl/avl.h +94 -0
  406. data/src/core/lib/backoff/backoff.cc +78 -0
  407. data/src/core/lib/backoff/backoff.h +89 -0
  408. data/src/core/lib/channel/channel_args.cc +380 -0
  409. data/src/core/lib/channel/channel_args.h +135 -0
  410. data/src/core/lib/channel/channel_stack.cc +252 -0
  411. data/src/core/lib/channel/channel_stack.h +304 -0
  412. data/src/core/lib/channel/channel_stack_builder.cc +323 -0
  413. data/src/core/lib/channel/channel_stack_builder.h +166 -0
  414. data/src/core/lib/channel/channel_trace.cc +194 -0
  415. data/src/core/lib/channel/channel_trace.h +134 -0
  416. data/src/core/lib/channel/channelz.cc +543 -0
  417. data/src/core/lib/channel/channelz.h +334 -0
  418. data/src/core/lib/channel/channelz_registry.cc +267 -0
  419. data/src/core/lib/channel/channelz_registry.h +97 -0
  420. data/src/core/lib/channel/connected_channel.cc +246 -0
  421. data/src/core/lib/channel/connected_channel.h +34 -0
  422. data/src/core/lib/channel/context.h +49 -0
  423. data/src/core/lib/channel/handshaker.cc +262 -0
  424. data/src/core/lib/channel/handshaker.h +179 -0
  425. data/src/core/lib/channel/handshaker_factory.h +42 -0
  426. data/src/core/lib/channel/handshaker_registry.cc +105 -0
  427. data/src/core/lib/channel/handshaker_registry.h +54 -0
  428. data/src/core/lib/channel/status_util.cc +99 -0
  429. data/src/core/lib/channel/status_util.h +58 -0
  430. data/src/core/lib/compression/algorithm_metadata.h +61 -0
  431. data/src/core/lib/compression/compression.cc +179 -0
  432. data/src/core/lib/compression/compression_args.cc +134 -0
  433. data/src/core/lib/compression/compression_args.h +56 -0
  434. data/src/core/lib/compression/compression_internal.cc +280 -0
  435. data/src/core/lib/compression/compression_internal.h +96 -0
  436. data/src/core/lib/compression/message_compress.cc +192 -0
  437. data/src/core/lib/compression/message_compress.h +40 -0
  438. data/src/core/lib/compression/stream_compression.cc +80 -0
  439. data/src/core/lib/compression/stream_compression.h +116 -0
  440. data/src/core/lib/compression/stream_compression_gzip.cc +230 -0
  441. data/src/core/lib/compression/stream_compression_gzip.h +28 -0
  442. data/src/core/lib/compression/stream_compression_identity.cc +92 -0
  443. data/src/core/lib/compression/stream_compression_identity.h +29 -0
  444. data/src/core/lib/debug/stats.cc +172 -0
  445. data/src/core/lib/debug/stats.h +70 -0
  446. data/src/core/lib/debug/stats_data.cc +687 -0
  447. data/src/core/lib/debug/stats_data.h +555 -0
  448. data/src/core/lib/debug/trace.cc +154 -0
  449. data/src/core/lib/debug/trace.h +131 -0
  450. data/src/core/lib/gpr/alloc.cc +74 -0
  451. data/src/core/lib/gpr/alloc.h +28 -0
  452. data/src/core/lib/gpr/arena.h +47 -0
  453. data/src/core/lib/gpr/atm.cc +35 -0
  454. data/src/core/lib/gpr/cpu_iphone.cc +36 -0
  455. data/src/core/lib/gpr/cpu_linux.cc +82 -0
  456. data/src/core/lib/gpr/cpu_posix.cc +83 -0
  457. data/src/core/lib/gpr/cpu_windows.cc +33 -0
  458. data/src/core/lib/gpr/env.h +40 -0
  459. data/src/core/lib/gpr/env_linux.cc +76 -0
  460. data/src/core/lib/gpr/env_posix.cc +47 -0
  461. data/src/core/lib/gpr/env_windows.cc +74 -0
  462. data/src/core/lib/gpr/log.cc +98 -0
  463. data/src/core/lib/gpr/log_android.cc +76 -0
  464. data/src/core/lib/gpr/log_linux.cc +97 -0
  465. data/src/core/lib/gpr/log_posix.cc +95 -0
  466. data/src/core/lib/gpr/log_windows.cc +102 -0
  467. data/src/core/lib/gpr/murmur_hash.cc +80 -0
  468. data/src/core/lib/gpr/murmur_hash.h +29 -0
  469. data/src/core/lib/gpr/spinlock.h +45 -0
  470. data/src/core/lib/gpr/string.cc +341 -0
  471. data/src/core/lib/gpr/string.h +111 -0
  472. data/src/core/lib/gpr/string_posix.cc +72 -0
  473. data/src/core/lib/gpr/string_util_windows.cc +82 -0
  474. data/src/core/lib/gpr/string_windows.cc +69 -0
  475. data/src/core/lib/gpr/string_windows.h +32 -0
  476. data/src/core/lib/gpr/sync.cc +124 -0
  477. data/src/core/lib/gpr/sync_abseil.cc +116 -0
  478. data/src/core/lib/gpr/sync_posix.cc +176 -0
  479. data/src/core/lib/gpr/sync_windows.cc +120 -0
  480. data/src/core/lib/gpr/time.cc +263 -0
  481. data/src/core/lib/gpr/time_posix.cc +186 -0
  482. data/src/core/lib/gpr/time_precise.cc +165 -0
  483. data/src/core/lib/gpr/time_precise.h +66 -0
  484. data/src/core/lib/gpr/time_windows.cc +98 -0
  485. data/src/core/lib/gpr/tls.h +68 -0
  486. data/src/core/lib/gpr/tls_gcc.h +52 -0
  487. data/src/core/lib/gpr/tls_msvc.h +52 -0
  488. data/src/core/lib/gpr/tls_pthread.cc +30 -0
  489. data/src/core/lib/gpr/tls_pthread.h +56 -0
  490. data/src/core/lib/gpr/tmpfile.h +32 -0
  491. data/src/core/lib/gpr/tmpfile_msys.cc +58 -0
  492. data/src/core/lib/gpr/tmpfile_posix.cc +70 -0
  493. data/src/core/lib/gpr/tmpfile_windows.cc +69 -0
  494. data/src/core/lib/gpr/useful.h +65 -0
  495. data/src/core/lib/gpr/wrap_memcpy.cc +42 -0
  496. data/src/core/lib/gprpp/arena.cc +103 -0
  497. data/src/core/lib/gprpp/arena.h +120 -0
  498. data/src/core/lib/gprpp/atomic.h +104 -0
  499. data/src/core/lib/gprpp/debug_location.h +53 -0
  500. data/src/core/lib/gprpp/fork.cc +242 -0
  501. data/src/core/lib/gprpp/fork.h +103 -0
  502. data/src/core/lib/gprpp/global_config.h +96 -0
  503. data/src/core/lib/gprpp/global_config_custom.h +29 -0
  504. data/src/core/lib/gprpp/global_config_env.cc +135 -0
  505. data/src/core/lib/gprpp/global_config_env.h +131 -0
  506. data/src/core/lib/gprpp/global_config_generic.h +44 -0
  507. data/src/core/lib/gprpp/host_port.cc +112 -0
  508. data/src/core/lib/gprpp/host_port.h +56 -0
  509. data/src/core/lib/gprpp/manual_constructor.h +213 -0
  510. data/src/core/lib/gprpp/map.h +53 -0
  511. data/src/core/lib/gprpp/memory.h +51 -0
  512. data/src/core/lib/gprpp/mpscq.cc +108 -0
  513. data/src/core/lib/gprpp/mpscq.h +98 -0
  514. data/src/core/lib/gprpp/orphanable.h +129 -0
  515. data/src/core/lib/gprpp/ref_counted.h +312 -0
  516. data/src/core/lib/gprpp/ref_counted_ptr.h +192 -0
  517. data/src/core/lib/gprpp/sync.h +135 -0
  518. data/src/core/lib/gprpp/thd.h +174 -0
  519. data/src/core/lib/gprpp/thd_posix.cc +204 -0
  520. data/src/core/lib/gprpp/thd_windows.cc +176 -0
  521. data/src/core/lib/http/format_request.cc +103 -0
  522. data/src/core/lib/http/format_request.h +34 -0
  523. data/src/core/lib/http/httpcli.cc +303 -0
  524. data/src/core/lib/http/httpcli.h +126 -0
  525. data/src/core/lib/http/httpcli_security_connector.cc +214 -0
  526. data/src/core/lib/http/parser.cc +372 -0
  527. data/src/core/lib/http/parser.h +113 -0
  528. data/src/core/lib/iomgr/block_annotate.h +57 -0
  529. data/src/core/lib/iomgr/buffer_list.cc +308 -0
  530. data/src/core/lib/iomgr/buffer_list.h +165 -0
  531. data/src/core/lib/iomgr/call_combiner.cc +256 -0
  532. data/src/core/lib/iomgr/call_combiner.h +217 -0
  533. data/src/core/lib/iomgr/cfstream_handle.cc +209 -0
  534. data/src/core/lib/iomgr/cfstream_handle.h +90 -0
  535. data/src/core/lib/iomgr/closure.h +255 -0
  536. data/src/core/lib/iomgr/combiner.cc +339 -0
  537. data/src/core/lib/iomgr/combiner.h +88 -0
  538. data/src/core/lib/iomgr/dualstack_socket_posix.cc +47 -0
  539. data/src/core/lib/iomgr/dynamic_annotations.h +67 -0
  540. data/src/core/lib/iomgr/endpoint.cc +67 -0
  541. data/src/core/lib/iomgr/endpoint.h +106 -0
  542. data/src/core/lib/iomgr/endpoint_cfstream.cc +376 -0
  543. data/src/core/lib/iomgr/endpoint_cfstream.h +49 -0
  544. data/src/core/lib/iomgr/endpoint_pair.h +33 -0
  545. data/src/core/lib/iomgr/endpoint_pair_posix.cc +73 -0
  546. data/src/core/lib/iomgr/endpoint_pair_uv.cc +40 -0
  547. data/src/core/lib/iomgr/endpoint_pair_windows.cc +87 -0
  548. data/src/core/lib/iomgr/error.cc +812 -0
  549. data/src/core/lib/iomgr/error.h +276 -0
  550. data/src/core/lib/iomgr/error_cfstream.cc +52 -0
  551. data/src/core/lib/iomgr/error_cfstream.h +31 -0
  552. data/src/core/lib/iomgr/error_internal.h +61 -0
  553. data/src/core/lib/iomgr/ev_apple.cc +356 -0
  554. data/src/core/lib/iomgr/ev_apple.h +43 -0
  555. data/src/core/lib/iomgr/ev_epoll1_linux.cc +1365 -0
  556. data/src/core/lib/iomgr/ev_epoll1_linux.h +31 -0
  557. data/src/core/lib/iomgr/ev_epollex_linux.cc +1656 -0
  558. data/src/core/lib/iomgr/ev_epollex_linux.h +30 -0
  559. data/src/core/lib/iomgr/ev_poll_posix.cc +1427 -0
  560. data/src/core/lib/iomgr/ev_poll_posix.h +29 -0
  561. data/src/core/lib/iomgr/ev_posix.cc +417 -0
  562. data/src/core/lib/iomgr/ev_posix.h +207 -0
  563. data/src/core/lib/iomgr/ev_windows.cc +30 -0
  564. data/src/core/lib/iomgr/exec_ctx.cc +224 -0
  565. data/src/core/lib/iomgr/exec_ctx.h +380 -0
  566. data/src/core/lib/iomgr/executor.cc +469 -0
  567. data/src/core/lib/iomgr/executor.h +122 -0
  568. data/src/core/lib/iomgr/executor/mpmcqueue.cc +183 -0
  569. data/src/core/lib/iomgr/executor/mpmcqueue.h +175 -0
  570. data/src/core/lib/iomgr/executor/threadpool.cc +137 -0
  571. data/src/core/lib/iomgr/executor/threadpool.h +149 -0
  572. data/src/core/lib/iomgr/fork_posix.cc +119 -0
  573. data/src/core/lib/iomgr/fork_windows.cc +41 -0
  574. data/src/core/lib/iomgr/gethostname.h +26 -0
  575. data/src/core/lib/iomgr/gethostname_fallback.cc +30 -0
  576. data/src/core/lib/iomgr/gethostname_host_name_max.cc +40 -0
  577. data/src/core/lib/iomgr/gethostname_sysconf.cc +40 -0
  578. data/src/core/lib/iomgr/grpc_if_nametoindex.h +30 -0
  579. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +42 -0
  580. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +38 -0
  581. data/src/core/lib/iomgr/internal_errqueue.cc +67 -0
  582. data/src/core/lib/iomgr/internal_errqueue.h +191 -0
  583. data/src/core/lib/iomgr/iocp_windows.cc +157 -0
  584. data/src/core/lib/iomgr/iocp_windows.h +48 -0
  585. data/src/core/lib/iomgr/iomgr.cc +194 -0
  586. data/src/core/lib/iomgr/iomgr.h +60 -0
  587. data/src/core/lib/iomgr/iomgr_custom.cc +79 -0
  588. data/src/core/lib/iomgr/iomgr_custom.h +49 -0
  589. data/src/core/lib/iomgr/iomgr_internal.cc +57 -0
  590. data/src/core/lib/iomgr/iomgr_internal.h +73 -0
  591. data/src/core/lib/iomgr/iomgr_posix.cc +89 -0
  592. data/src/core/lib/iomgr/iomgr_posix.h +26 -0
  593. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +171 -0
  594. data/src/core/lib/iomgr/iomgr_uv.cc +43 -0
  595. data/src/core/lib/iomgr/iomgr_windows.cc +106 -0
  596. data/src/core/lib/iomgr/is_epollexclusive_available.cc +105 -0
  597. data/src/core/lib/iomgr/is_epollexclusive_available.h +36 -0
  598. data/src/core/lib/iomgr/load_file.cc +81 -0
  599. data/src/core/lib/iomgr/load_file.h +35 -0
  600. data/src/core/lib/iomgr/lockfree_event.cc +255 -0
  601. data/src/core/lib/iomgr/lockfree_event.h +72 -0
  602. data/src/core/lib/iomgr/nameser.h +106 -0
  603. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +87 -0
  604. data/src/core/lib/iomgr/poller/eventmanager_libuv.h +88 -0
  605. data/src/core/lib/iomgr/polling_entity.cc +96 -0
  606. data/src/core/lib/iomgr/polling_entity.h +68 -0
  607. data/src/core/lib/iomgr/pollset.cc +56 -0
  608. data/src/core/lib/iomgr/pollset.h +99 -0
  609. data/src/core/lib/iomgr/pollset_custom.cc +106 -0
  610. data/src/core/lib/iomgr/pollset_custom.h +35 -0
  611. data/src/core/lib/iomgr/pollset_set.cc +55 -0
  612. data/src/core/lib/iomgr/pollset_set.h +55 -0
  613. data/src/core/lib/iomgr/pollset_set_custom.cc +48 -0
  614. data/src/core/lib/iomgr/pollset_set_custom.h +26 -0
  615. data/src/core/lib/iomgr/pollset_set_windows.cc +51 -0
  616. data/src/core/lib/iomgr/pollset_set_windows.h +26 -0
  617. data/src/core/lib/iomgr/pollset_uv.cc +93 -0
  618. data/src/core/lib/iomgr/pollset_uv.h +32 -0
  619. data/src/core/lib/iomgr/pollset_windows.cc +243 -0
  620. data/src/core/lib/iomgr/pollset_windows.h +70 -0
  621. data/src/core/lib/iomgr/port.h +244 -0
  622. data/src/core/lib/iomgr/python_util.h +46 -0
  623. data/src/core/lib/iomgr/resolve_address.cc +50 -0
  624. data/src/core/lib/iomgr/resolve_address.h +81 -0
  625. data/src/core/lib/iomgr/resolve_address_custom.cc +173 -0
  626. data/src/core/lib/iomgr/resolve_address_custom.h +45 -0
  627. data/src/core/lib/iomgr/resolve_address_posix.cc +178 -0
  628. data/src/core/lib/iomgr/resolve_address_windows.cc +154 -0
  629. data/src/core/lib/iomgr/resource_quota.cc +1013 -0
  630. data/src/core/lib/iomgr/resource_quota.h +177 -0
  631. data/src/core/lib/iomgr/sockaddr.h +32 -0
  632. data/src/core/lib/iomgr/sockaddr_custom.h +54 -0
  633. data/src/core/lib/iomgr/sockaddr_posix.h +55 -0
  634. data/src/core/lib/iomgr/sockaddr_utils.cc +293 -0
  635. data/src/core/lib/iomgr/sockaddr_utils.h +79 -0
  636. data/src/core/lib/iomgr/sockaddr_windows.h +55 -0
  637. data/src/core/lib/iomgr/socket_factory_posix.cc +94 -0
  638. data/src/core/lib/iomgr/socket_factory_posix.h +68 -0
  639. data/src/core/lib/iomgr/socket_mutator.cc +83 -0
  640. data/src/core/lib/iomgr/socket_mutator.h +60 -0
  641. data/src/core/lib/iomgr/socket_utils.h +47 -0
  642. data/src/core/lib/iomgr/socket_utils_common_posix.cc +473 -0
  643. data/src/core/lib/iomgr/socket_utils_linux.cc +42 -0
  644. data/src/core/lib/iomgr/socket_utils_posix.cc +58 -0
  645. data/src/core/lib/iomgr/socket_utils_posix.h +163 -0
  646. data/src/core/lib/iomgr/socket_utils_uv.cc +49 -0
  647. data/src/core/lib/iomgr/socket_utils_windows.cc +47 -0
  648. data/src/core/lib/iomgr/socket_windows.cc +203 -0
  649. data/src/core/lib/iomgr/socket_windows.h +127 -0
  650. data/src/core/lib/iomgr/sys_epoll_wrapper.h +30 -0
  651. data/src/core/lib/iomgr/tcp_client.cc +36 -0
  652. data/src/core/lib/iomgr/tcp_client.h +52 -0
  653. data/src/core/lib/iomgr/tcp_client_cfstream.cc +215 -0
  654. data/src/core/lib/iomgr/tcp_client_custom.cc +163 -0
  655. data/src/core/lib/iomgr/tcp_client_posix.cc +360 -0
  656. data/src/core/lib/iomgr/tcp_client_posix.h +68 -0
  657. data/src/core/lib/iomgr/tcp_client_windows.cc +232 -0
  658. data/src/core/lib/iomgr/tcp_custom.cc +370 -0
  659. data/src/core/lib/iomgr/tcp_custom.h +84 -0
  660. data/src/core/lib/iomgr/tcp_posix.cc +1855 -0
  661. data/src/core/lib/iomgr/tcp_posix.h +60 -0
  662. data/src/core/lib/iomgr/tcp_server.cc +78 -0
  663. data/src/core/lib/iomgr/tcp_server.h +143 -0
  664. data/src/core/lib/iomgr/tcp_server_custom.cc +485 -0
  665. data/src/core/lib/iomgr/tcp_server_posix.cc +638 -0
  666. data/src/core/lib/iomgr/tcp_server_utils_posix.h +125 -0
  667. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +223 -0
  668. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +181 -0
  669. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +36 -0
  670. data/src/core/lib/iomgr/tcp_server_windows.cc +564 -0
  671. data/src/core/lib/iomgr/tcp_uv.cc +419 -0
  672. data/src/core/lib/iomgr/tcp_windows.cc +533 -0
  673. data/src/core/lib/iomgr/tcp_windows.h +53 -0
  674. data/src/core/lib/iomgr/time_averaged_stats.cc +64 -0
  675. data/src/core/lib/iomgr/time_averaged_stats.h +72 -0
  676. data/src/core/lib/iomgr/timer.cc +45 -0
  677. data/src/core/lib/iomgr/timer.h +127 -0
  678. data/src/core/lib/iomgr/timer_custom.cc +95 -0
  679. data/src/core/lib/iomgr/timer_custom.h +43 -0
  680. data/src/core/lib/iomgr/timer_generic.cc +747 -0
  681. data/src/core/lib/iomgr/timer_generic.h +39 -0
  682. data/src/core/lib/iomgr/timer_heap.cc +135 -0
  683. data/src/core/lib/iomgr/timer_heap.h +43 -0
  684. data/src/core/lib/iomgr/timer_manager.cc +363 -0
  685. data/src/core/lib/iomgr/timer_manager.h +41 -0
  686. data/src/core/lib/iomgr/timer_uv.cc +66 -0
  687. data/src/core/lib/iomgr/udp_server.cc +747 -0
  688. data/src/core/lib/iomgr/udp_server.h +101 -0
  689. data/src/core/lib/iomgr/unix_sockets_posix.cc +104 -0
  690. data/src/core/lib/iomgr/unix_sockets_posix.h +43 -0
  691. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +49 -0
  692. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +82 -0
  693. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +38 -0
  694. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +100 -0
  695. data/src/core/lib/iomgr/wakeup_fd_pipe.h +28 -0
  696. data/src/core/lib/iomgr/wakeup_fd_posix.cc +69 -0
  697. data/src/core/lib/iomgr/wakeup_fd_posix.h +96 -0
  698. data/src/core/lib/iomgr/work_serializer.cc +155 -0
  699. data/src/core/lib/iomgr/work_serializer.h +65 -0
  700. data/src/core/lib/json/json.h +240 -0
  701. data/src/core/lib/json/json_reader.cc +855 -0
  702. data/src/core/lib/json/json_writer.cc +337 -0
  703. data/src/core/lib/profiling/basic_timers.cc +293 -0
  704. data/src/core/lib/profiling/stap_timers.cc +50 -0
  705. data/src/core/lib/profiling/timers.h +94 -0
  706. data/src/core/lib/security/context/security_context.cc +321 -0
  707. data/src/core/lib/security/context/security_context.h +150 -0
  708. data/src/core/lib/security/credentials/alts/alts_credentials.cc +110 -0
  709. data/src/core/lib/security/credentials/alts/alts_credentials.h +109 -0
  710. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +72 -0
  711. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +57 -0
  712. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +68 -0
  713. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +33 -0
  714. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +102 -0
  715. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +127 -0
  716. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +46 -0
  717. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +75 -0
  718. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +59 -0
  719. data/src/core/lib/security/credentials/composite/composite_credentials.cc +229 -0
  720. data/src/core/lib/security/credentials/composite/composite_credentials.h +106 -0
  721. data/src/core/lib/security/credentials/credentials.cc +162 -0
  722. data/src/core/lib/security/credentials/credentials.h +283 -0
  723. data/src/core/lib/security/credentials/credentials_metadata.cc +62 -0
  724. data/src/core/lib/security/credentials/fake/fake_credentials.cc +112 -0
  725. data/src/core/lib/security/credentials/fake/fake_credentials.h +87 -0
  726. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +41 -0
  727. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +383 -0
  728. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +87 -0
  729. data/src/core/lib/security/credentials/iam/iam_credentials.cc +80 -0
  730. data/src/core/lib/security/credentials/iam/iam_credentials.h +49 -0
  731. data/src/core/lib/security/credentials/jwt/json_token.cc +288 -0
  732. data/src/core/lib/security/credentials/jwt/json_token.h +75 -0
  733. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +172 -0
  734. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +80 -0
  735. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +925 -0
  736. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +122 -0
  737. data/src/core/lib/security/credentials/local/local_credentials.cc +64 -0
  738. data/src/core/lib/security/credentials/local/local_credentials.h +61 -0
  739. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +771 -0
  740. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +171 -0
  741. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +269 -0
  742. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +72 -0
  743. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +364 -0
  744. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +99 -0
  745. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +245 -0
  746. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +313 -0
  747. data/src/core/lib/security/credentials/tls/tls_credentials.cc +128 -0
  748. data/src/core/lib/security/credentials/tls/tls_credentials.h +62 -0
  749. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +301 -0
  750. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +76 -0
  751. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +324 -0
  752. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +45 -0
  753. data/src/core/lib/security/security_connector/load_system_roots.h +29 -0
  754. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +32 -0
  755. data/src/core/lib/security/security_connector/load_system_roots_linux.cc +171 -0
  756. data/src/core/lib/security/security_connector/load_system_roots_linux.h +44 -0
  757. data/src/core/lib/security/security_connector/local/local_security_connector.cc +281 -0
  758. data/src/core/lib/security/security_connector/local/local_security_connector.h +59 -0
  759. data/src/core/lib/security/security_connector/security_connector.cc +129 -0
  760. data/src/core/lib/security/security_connector/security_connector.h +176 -0
  761. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +439 -0
  762. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +77 -0
  763. data/src/core/lib/security/security_connector/ssl_utils.cc +563 -0
  764. data/src/core/lib/security/security_connector/ssl_utils.h +184 -0
  765. data/src/core/lib/security/security_connector/ssl_utils_config.cc +32 -0
  766. data/src/core/lib/security/security_connector/ssl_utils_config.h +30 -0
  767. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +603 -0
  768. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +183 -0
  769. data/src/core/lib/security/transport/auth_filters.h +35 -0
  770. data/src/core/lib/security/transport/client_auth_filter.cc +466 -0
  771. data/src/core/lib/security/transport/secure_endpoint.cc +446 -0
  772. data/src/core/lib/security/transport/secure_endpoint.h +41 -0
  773. data/src/core/lib/security/transport/security_handshaker.cc +574 -0
  774. data/src/core/lib/security/transport/security_handshaker.h +45 -0
  775. data/src/core/lib/security/transport/server_auth_filter.cc +326 -0
  776. data/src/core/lib/security/transport/target_authority_table.cc +75 -0
  777. data/src/core/lib/security/transport/target_authority_table.h +40 -0
  778. data/src/core/lib/security/transport/tsi_error.cc +29 -0
  779. data/src/core/lib/security/transport/tsi_error.h +29 -0
  780. data/src/core/lib/security/util/json_util.cc +73 -0
  781. data/src/core/lib/security/util/json_util.h +44 -0
  782. data/src/core/lib/slice/b64.cc +239 -0
  783. data/src/core/lib/slice/b64.h +50 -0
  784. data/src/core/lib/slice/percent_encoding.cc +169 -0
  785. data/src/core/lib/slice/percent_encoding.h +65 -0
  786. data/src/core/lib/slice/slice.cc +559 -0
  787. data/src/core/lib/slice/slice_buffer.cc +413 -0
  788. data/src/core/lib/slice/slice_hash_table.h +199 -0
  789. data/src/core/lib/slice/slice_intern.cc +375 -0
  790. data/src/core/lib/slice/slice_internal.h +364 -0
  791. data/src/core/lib/slice/slice_string_helpers.cc +127 -0
  792. data/src/core/lib/slice/slice_string_helpers.h +49 -0
  793. data/src/core/lib/slice/slice_utils.h +200 -0
  794. data/src/core/lib/slice/slice_weak_hash_table.h +102 -0
  795. data/src/core/lib/surface/api_trace.cc +24 -0
  796. data/src/core/lib/surface/api_trace.h +52 -0
  797. data/src/core/lib/surface/byte_buffer.cc +92 -0
  798. data/src/core/lib/surface/byte_buffer_reader.cc +101 -0
  799. data/src/core/lib/surface/call.cc +2044 -0
  800. data/src/core/lib/surface/call.h +125 -0
  801. data/src/core/lib/surface/call_details.cc +41 -0
  802. data/src/core/lib/surface/call_log_batch.cc +111 -0
  803. data/src/core/lib/surface/call_test_only.h +43 -0
  804. data/src/core/lib/surface/channel.cc +543 -0
  805. data/src/core/lib/surface/channel.h +158 -0
  806. data/src/core/lib/surface/channel_init.cc +109 -0
  807. data/src/core/lib/surface/channel_init.h +78 -0
  808. data/src/core/lib/surface/channel_ping.cc +64 -0
  809. data/src/core/lib/surface/channel_stack_type.cc +58 -0
  810. data/src/core/lib/surface/channel_stack_type.h +47 -0
  811. data/src/core/lib/surface/completion_queue.cc +1438 -0
  812. data/src/core/lib/surface/completion_queue.h +97 -0
  813. data/src/core/lib/surface/completion_queue_factory.cc +88 -0
  814. data/src/core/lib/surface/completion_queue_factory.h +38 -0
  815. data/src/core/lib/surface/event_string.cc +61 -0
  816. data/src/core/lib/surface/event_string.h +31 -0
  817. data/src/core/lib/surface/init.cc +250 -0
  818. data/src/core/lib/surface/init.h +27 -0
  819. data/src/core/lib/surface/init_secure.cc +81 -0
  820. data/src/core/lib/surface/lame_client.cc +191 -0
  821. data/src/core/lib/surface/lame_client.h +28 -0
  822. data/src/core/lib/surface/metadata_array.cc +36 -0
  823. data/src/core/lib/surface/server.cc +1800 -0
  824. data/src/core/lib/surface/server.h +99 -0
  825. data/src/core/lib/surface/validate_metadata.cc +105 -0
  826. data/src/core/lib/surface/validate_metadata.h +41 -0
  827. data/src/core/lib/surface/version.cc +28 -0
  828. data/src/core/lib/transport/bdp_estimator.cc +87 -0
  829. data/src/core/lib/transport/bdp_estimator.h +94 -0
  830. data/src/core/lib/transport/byte_stream.cc +158 -0
  831. data/src/core/lib/transport/byte_stream.h +165 -0
  832. data/src/core/lib/transport/connectivity_state.cc +180 -0
  833. data/src/core/lib/transport/connectivity_state.h +131 -0
  834. data/src/core/lib/transport/error_utils.cc +141 -0
  835. data/src/core/lib/transport/error_utils.h +46 -0
  836. data/src/core/lib/transport/http2_errors.h +41 -0
  837. data/src/core/lib/transport/metadata.cc +679 -0
  838. data/src/core/lib/transport/metadata.h +446 -0
  839. data/src/core/lib/transport/metadata_batch.cc +392 -0
  840. data/src/core/lib/transport/metadata_batch.h +191 -0
  841. data/src/core/lib/transport/pid_controller.cc +51 -0
  842. data/src/core/lib/transport/pid_controller.h +116 -0
  843. data/src/core/lib/transport/static_metadata.cc +1230 -0
  844. data/src/core/lib/transport/static_metadata.h +597 -0
  845. data/src/core/lib/transport/status_conversion.cc +92 -0
  846. data/src/core/lib/transport/status_conversion.h +38 -0
  847. data/src/core/lib/transport/status_metadata.cc +61 -0
  848. data/src/core/lib/transport/status_metadata.h +48 -0
  849. data/src/core/lib/transport/timeout_encoding.cc +151 -0
  850. data/src/core/lib/transport/timeout_encoding.h +38 -0
  851. data/src/core/lib/transport/transport.cc +259 -0
  852. data/src/core/lib/transport/transport.h +456 -0
  853. data/src/core/lib/transport/transport_impl.h +71 -0
  854. data/src/core/lib/transport/transport_op_string.cc +169 -0
  855. data/src/core/lib/uri/uri_parser.cc +314 -0
  856. data/src/core/lib/uri/uri_parser.h +49 -0
  857. data/src/core/plugin_registry/grpc_plugin_registry.cc +121 -0
  858. data/src/core/tsi/alts/crypt/aes_gcm.cc +687 -0
  859. data/src/core/tsi/alts/crypt/gsec.cc +189 -0
  860. data/src/core/tsi/alts/crypt/gsec.h +454 -0
  861. data/src/core/tsi/alts/frame_protector/alts_counter.cc +118 -0
  862. data/src/core/tsi/alts/frame_protector/alts_counter.h +98 -0
  863. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +66 -0
  864. data/src/core/tsi/alts/frame_protector/alts_crypter.h +255 -0
  865. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +407 -0
  866. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +55 -0
  867. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +114 -0
  868. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +114 -0
  869. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +105 -0
  870. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +103 -0
  871. data/src/core/tsi/alts/frame_protector/frame_handler.cc +218 -0
  872. data/src/core/tsi/alts/frame_protector/frame_handler.h +236 -0
  873. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +899 -0
  874. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +161 -0
  875. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +83 -0
  876. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +73 -0
  877. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +674 -0
  878. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +104 -0
  879. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +88 -0
  880. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +64 -0
  881. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +53 -0
  882. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +223 -0
  883. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +171 -0
  884. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +226 -0
  885. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +54 -0
  886. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +144 -0
  887. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +49 -0
  888. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +91 -0
  889. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +174 -0
  890. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +99 -0
  891. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +476 -0
  892. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +199 -0
  893. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +307 -0
  894. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +57 -0
  895. data/src/core/tsi/fake_transport_security.cc +789 -0
  896. data/src/core/tsi/fake_transport_security.h +47 -0
  897. data/src/core/tsi/local_transport_security.cc +211 -0
  898. data/src/core/tsi/local_transport_security.h +51 -0
  899. data/src/core/tsi/ssl/session_cache/ssl_session.h +71 -0
  900. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +57 -0
  901. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +214 -0
  902. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +90 -0
  903. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +75 -0
  904. data/src/core/tsi/ssl_transport_security.cc +2124 -0
  905. data/src/core/tsi/ssl_transport_security.h +353 -0
  906. data/src/core/tsi/ssl_types.h +42 -0
  907. data/src/core/tsi/transport_security.cc +370 -0
  908. data/src/core/tsi/transport_security.h +127 -0
  909. data/src/core/tsi/transport_security_grpc.cc +73 -0
  910. data/src/core/tsi/transport_security_grpc.h +79 -0
  911. data/src/core/tsi/transport_security_interface.h +476 -0
  912. data/src/ruby/bin/math_client.rb +140 -0
  913. data/src/ruby/bin/math_pb.rb +34 -0
  914. data/src/ruby/bin/math_server.rb +191 -0
  915. data/src/ruby/bin/math_services_pb.rb +51 -0
  916. data/src/ruby/bin/noproto_client.rb +93 -0
  917. data/src/ruby/bin/noproto_server.rb +97 -0
  918. data/src/ruby/ext/grpc/ext-export.clang +1 -0
  919. data/src/ruby/ext/grpc/ext-export.gcc +6 -0
  920. data/src/ruby/ext/grpc/extconf.rb +107 -0
  921. data/src/ruby/ext/grpc/rb_byte_buffer.c +64 -0
  922. data/src/ruby/ext/grpc/rb_byte_buffer.h +35 -0
  923. data/src/ruby/ext/grpc/rb_call.c +1050 -0
  924. data/src/ruby/ext/grpc/rb_call.h +53 -0
  925. data/src/ruby/ext/grpc/rb_call_credentials.c +297 -0
  926. data/src/ruby/ext/grpc/rb_call_credentials.h +31 -0
  927. data/src/ruby/ext/grpc/rb_channel.c +835 -0
  928. data/src/ruby/ext/grpc/rb_channel.h +34 -0
  929. data/src/ruby/ext/grpc/rb_channel_args.c +155 -0
  930. data/src/ruby/ext/grpc/rb_channel_args.h +38 -0
  931. data/src/ruby/ext/grpc/rb_channel_credentials.c +267 -0
  932. data/src/ruby/ext/grpc/rb_channel_credentials.h +32 -0
  933. data/src/ruby/ext/grpc/rb_completion_queue.c +100 -0
  934. data/src/ruby/ext/grpc/rb_completion_queue.h +36 -0
  935. data/src/ruby/ext/grpc/rb_compression_options.c +470 -0
  936. data/src/ruby/ext/grpc/rb_compression_options.h +29 -0
  937. data/src/ruby/ext/grpc/rb_enable_cpp.cc +22 -0
  938. data/src/ruby/ext/grpc/rb_event_thread.c +143 -0
  939. data/src/ruby/ext/grpc/rb_event_thread.h +21 -0
  940. data/src/ruby/ext/grpc/rb_grpc.c +328 -0
  941. data/src/ruby/ext/grpc/rb_grpc.h +76 -0
  942. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +573 -0
  943. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +865 -0
  944. data/src/ruby/ext/grpc/rb_loader.c +57 -0
  945. data/src/ruby/ext/grpc/rb_loader.h +25 -0
  946. data/src/ruby/ext/grpc/rb_server.c +372 -0
  947. data/src/ruby/ext/grpc/rb_server.h +32 -0
  948. data/src/ruby/ext/grpc/rb_server_credentials.c +243 -0
  949. data/src/ruby/ext/grpc/rb_server_credentials.h +32 -0
  950. data/src/ruby/lib/grpc.rb +37 -0
  951. data/src/ruby/lib/grpc/core/status_codes.rb +135 -0
  952. data/src/ruby/lib/grpc/core/time_consts.rb +56 -0
  953. data/src/ruby/lib/grpc/errors.rb +277 -0
  954. data/src/ruby/lib/grpc/generic/active_call.rb +669 -0
  955. data/src/ruby/lib/grpc/generic/bidi_call.rb +233 -0
  956. data/src/ruby/lib/grpc/generic/client_stub.rb +501 -0
  957. data/src/ruby/lib/grpc/generic/interceptor_registry.rb +53 -0
  958. data/src/ruby/lib/grpc/generic/interceptors.rb +186 -0
  959. data/src/ruby/lib/grpc/generic/rpc_desc.rb +204 -0
  960. data/src/ruby/lib/grpc/generic/rpc_server.rb +551 -0
  961. data/src/ruby/lib/grpc/generic/service.rb +211 -0
  962. data/src/ruby/lib/grpc/google_rpc_status_utils.rb +40 -0
  963. data/src/ruby/lib/grpc/grpc.rb +24 -0
  964. data/src/ruby/lib/grpc/logconfig.rb +44 -0
  965. data/src/ruby/lib/grpc/notifier.rb +45 -0
  966. data/src/ruby/lib/grpc/structs.rb +15 -0
  967. data/src/ruby/lib/grpc/version.rb +18 -0
  968. data/src/ruby/pb/README.md +42 -0
  969. data/src/ruby/pb/generate_proto_ruby.sh +51 -0
  970. data/src/ruby/pb/grpc/health/checker.rb +75 -0
  971. data/src/ruby/pb/grpc/health/v1/health_pb.rb +31 -0
  972. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +62 -0
  973. data/src/ruby/pb/grpc/testing/duplicate/echo_duplicate_services_pb.rb +44 -0
  974. data/src/ruby/pb/grpc/testing/metrics_pb.rb +28 -0
  975. data/src/ruby/pb/grpc/testing/metrics_services_pb.rb +49 -0
  976. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +17 -0
  977. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +105 -0
  978. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +16 -0
  979. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +118 -0
  980. data/src/ruby/spec/call_credentials_spec.rb +42 -0
  981. data/src/ruby/spec/call_spec.rb +180 -0
  982. data/src/ruby/spec/channel_connection_spec.rb +126 -0
  983. data/src/ruby/spec/channel_credentials_spec.rb +82 -0
  984. data/src/ruby/spec/channel_spec.rb +234 -0
  985. data/src/ruby/spec/client_auth_spec.rb +126 -0
  986. data/src/ruby/spec/client_server_spec.rb +664 -0
  987. data/src/ruby/spec/compression_options_spec.rb +149 -0
  988. data/src/ruby/spec/debug_message_spec.rb +134 -0
  989. data/src/ruby/spec/error_sanity_spec.rb +49 -0
  990. data/src/ruby/spec/errors_spec.rb +142 -0
  991. data/src/ruby/spec/generic/active_call_spec.rb +672 -0
  992. data/src/ruby/spec/generic/client_interceptors_spec.rb +153 -0
  993. data/src/ruby/spec/generic/client_stub_spec.rb +1083 -0
  994. data/src/ruby/spec/generic/interceptor_registry_spec.rb +65 -0
  995. data/src/ruby/spec/generic/rpc_desc_spec.rb +374 -0
  996. data/src/ruby/spec/generic/rpc_server_pool_spec.rb +127 -0
  997. data/src/ruby/spec/generic/rpc_server_spec.rb +748 -0
  998. data/src/ruby/spec/generic/server_interceptors_spec.rb +218 -0
  999. data/src/ruby/spec/generic/service_spec.rb +263 -0
  1000. data/src/ruby/spec/google_rpc_status_utils_spec.rb +282 -0
  1001. data/src/ruby/spec/pb/codegen/grpc/testing/package_options.proto +28 -0
  1002. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import.proto +22 -0
  1003. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  1004. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +41 -0
  1005. data/src/ruby/spec/pb/codegen/package_option_spec.rb +82 -0
  1006. data/src/ruby/spec/pb/duplicate/codegen_spec.rb +57 -0
  1007. data/src/ruby/spec/pb/health/checker_spec.rb +236 -0
  1008. data/src/ruby/spec/server_credentials_spec.rb +79 -0
  1009. data/src/ruby/spec/server_spec.rb +209 -0
  1010. data/src/ruby/spec/spec_helper.rb +61 -0
  1011. data/src/ruby/spec/support/helpers.rb +107 -0
  1012. data/src/ruby/spec/support/services.rb +160 -0
  1013. data/src/ruby/spec/testdata/README +1 -0
  1014. data/src/ruby/spec/testdata/ca.pem +20 -0
  1015. data/src/ruby/spec/testdata/client.key +28 -0
  1016. data/src/ruby/spec/testdata/client.pem +20 -0
  1017. data/src/ruby/spec/testdata/server1.key +28 -0
  1018. data/src/ruby/spec/testdata/server1.pem +22 -0
  1019. data/src/ruby/spec/time_consts_spec.rb +74 -0
  1020. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +159 -0
  1021. data/third_party/abseil-cpp/absl/base/attributes.h +621 -0
  1022. data/third_party/abseil-cpp/absl/base/call_once.h +226 -0
  1023. data/third_party/abseil-cpp/absl/base/casts.h +184 -0
  1024. data/third_party/abseil-cpp/absl/base/config.h +671 -0
  1025. data/third_party/abseil-cpp/absl/base/const_init.h +76 -0
  1026. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +129 -0
  1027. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +389 -0
  1028. data/third_party/abseil-cpp/absl/base/internal/atomic_hook.h +200 -0
  1029. data/third_party/abseil-cpp/absl/base/internal/bits.h +218 -0
  1030. data/third_party/abseil-cpp/absl/base/internal/cycleclock.cc +107 -0
  1031. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +94 -0
  1032. data/third_party/abseil-cpp/absl/base/internal/endian.h +266 -0
  1033. data/third_party/abseil-cpp/absl/base/internal/errno_saver.h +43 -0
  1034. data/third_party/abseil-cpp/absl/base/internal/hide_ptr.h +51 -0
  1035. data/third_party/abseil-cpp/absl/base/internal/identity.h +37 -0
  1036. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +107 -0
  1037. data/third_party/abseil-cpp/absl/base/internal/invoke.h +187 -0
  1038. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +107 -0
  1039. data/third_party/abseil-cpp/absl/base/internal/per_thread_tls.h +52 -0
  1040. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +240 -0
  1041. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +183 -0
  1042. data/third_party/abseil-cpp/absl/base/internal/scheduling_mode.h +58 -0
  1043. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +233 -0
  1044. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +243 -0
  1045. data/third_party/abseil-cpp/absl/base/internal/spinlock_akaros.inc +35 -0
  1046. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +66 -0
  1047. data/third_party/abseil-cpp/absl/base/internal/spinlock_posix.inc +46 -0
  1048. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.cc +81 -0
  1049. data/third_party/abseil-cpp/absl/base/internal/spinlock_wait.h +93 -0
  1050. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +37 -0
  1051. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +416 -0
  1052. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +66 -0
  1053. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +271 -0
  1054. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +152 -0
  1055. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +259 -0
  1056. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.cc +108 -0
  1057. data/third_party/abseil-cpp/absl/base/internal/throw_delegate.h +75 -0
  1058. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +66 -0
  1059. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +158 -0
  1060. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.cc +140 -0
  1061. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +124 -0
  1062. data/third_party/abseil-cpp/absl/base/log_severity.cc +27 -0
  1063. data/third_party/abseil-cpp/absl/base/log_severity.h +121 -0
  1064. data/third_party/abseil-cpp/absl/base/macros.h +220 -0
  1065. data/third_party/abseil-cpp/absl/base/optimization.h +181 -0
  1066. data/third_party/abseil-cpp/absl/base/options.h +211 -0
  1067. data/third_party/abseil-cpp/absl/base/policy_checks.h +111 -0
  1068. data/third_party/abseil-cpp/absl/base/port.h +26 -0
  1069. data/third_party/abseil-cpp/absl/base/thread_annotations.h +280 -0
  1070. data/third_party/abseil-cpp/absl/container/inlined_vector.h +848 -0
  1071. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +265 -0
  1072. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +892 -0
  1073. data/third_party/abseil-cpp/absl/memory/memory.h +695 -0
  1074. data/third_party/abseil-cpp/absl/meta/type_traits.h +759 -0
  1075. data/third_party/abseil-cpp/absl/numeric/int128.cc +404 -0
  1076. data/third_party/abseil-cpp/absl/numeric/int128.h +1091 -0
  1077. data/third_party/abseil-cpp/absl/numeric/int128_have_intrinsic.inc +302 -0
  1078. data/third_party/abseil-cpp/absl/numeric/int128_no_intrinsic.inc +308 -0
  1079. data/third_party/abseil-cpp/absl/strings/ascii.cc +200 -0
  1080. data/third_party/abseil-cpp/absl/strings/ascii.h +242 -0
  1081. data/third_party/abseil-cpp/absl/strings/charconv.cc +984 -0
  1082. data/third_party/abseil-cpp/absl/strings/charconv.h +119 -0
  1083. data/third_party/abseil-cpp/absl/strings/escaping.cc +949 -0
  1084. data/third_party/abseil-cpp/absl/strings/escaping.h +164 -0
  1085. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +156 -0
  1086. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +359 -0
  1087. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +423 -0
  1088. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +504 -0
  1089. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.h +99 -0
  1090. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +180 -0
  1091. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +58 -0
  1092. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +112 -0
  1093. data/third_party/abseil-cpp/absl/strings/internal/memutil.h +148 -0
  1094. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +36 -0
  1095. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +89 -0
  1096. data/third_party/abseil-cpp/absl/strings/internal/resize_uninitialized.h +73 -0
  1097. data/third_party/abseil-cpp/absl/strings/internal/stl_type_traits.h +248 -0
  1098. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +388 -0
  1099. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +432 -0
  1100. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +245 -0
  1101. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +209 -0
  1102. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +326 -0
  1103. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +51 -0
  1104. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +415 -0
  1105. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +493 -0
  1106. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +23 -0
  1107. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.cc +72 -0
  1108. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +104 -0
  1109. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +334 -0
  1110. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +333 -0
  1111. data/third_party/abseil-cpp/absl/strings/internal/str_join_internal.h +314 -0
  1112. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +455 -0
  1113. data/third_party/abseil-cpp/absl/strings/internal/utf8.cc +53 -0
  1114. data/third_party/abseil-cpp/absl/strings/internal/utf8.h +50 -0
  1115. data/third_party/abseil-cpp/absl/strings/match.cc +40 -0
  1116. data/third_party/abseil-cpp/absl/strings/match.h +90 -0
  1117. data/third_party/abseil-cpp/absl/strings/numbers.cc +965 -0
  1118. data/third_party/abseil-cpp/absl/strings/numbers.h +266 -0
  1119. data/third_party/abseil-cpp/absl/strings/str_cat.cc +246 -0
  1120. data/third_party/abseil-cpp/absl/strings/str_cat.h +408 -0
  1121. data/third_party/abseil-cpp/absl/strings/str_format.h +537 -0
  1122. data/third_party/abseil-cpp/absl/strings/str_join.h +293 -0
  1123. data/third_party/abseil-cpp/absl/strings/str_replace.cc +82 -0
  1124. data/third_party/abseil-cpp/absl/strings/str_replace.h +219 -0
  1125. data/third_party/abseil-cpp/absl/strings/str_split.cc +139 -0
  1126. data/third_party/abseil-cpp/absl/strings/str_split.h +513 -0
  1127. data/third_party/abseil-cpp/absl/strings/string_view.cc +235 -0
  1128. data/third_party/abseil-cpp/absl/strings/string_view.h +622 -0
  1129. data/third_party/abseil-cpp/absl/strings/strip.h +91 -0
  1130. data/third_party/abseil-cpp/absl/strings/substitute.cc +171 -0
  1131. data/third_party/abseil-cpp/absl/strings/substitute.h +693 -0
  1132. data/third_party/abseil-cpp/absl/time/civil_time.cc +175 -0
  1133. data/third_party/abseil-cpp/absl/time/civil_time.h +538 -0
  1134. data/third_party/abseil-cpp/absl/time/clock.cc +569 -0
  1135. data/third_party/abseil-cpp/absl/time/clock.h +74 -0
  1136. data/third_party/abseil-cpp/absl/time/duration.cc +922 -0
  1137. data/third_party/abseil-cpp/absl/time/format.cc +153 -0
  1138. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time.h +332 -0
  1139. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +622 -0
  1140. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +384 -0
  1141. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +102 -0
  1142. data/third_party/abseil-cpp/absl/time/internal/cctz/src/civil_time_detail.cc +94 -0
  1143. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.cc +140 -0
  1144. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_fixed.h +52 -0
  1145. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +922 -0
  1146. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.cc +45 -0
  1147. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_if.h +76 -0
  1148. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +121 -0
  1149. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +93 -0
  1150. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +958 -0
  1151. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +138 -0
  1152. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +308 -0
  1153. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.h +55 -0
  1154. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +187 -0
  1155. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.cc +159 -0
  1156. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_posix.h +132 -0
  1157. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +122 -0
  1158. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +115 -0
  1159. data/third_party/abseil-cpp/absl/time/internal/get_current_time_chrono.inc +31 -0
  1160. data/third_party/abseil-cpp/absl/time/internal/get_current_time_posix.inc +24 -0
  1161. data/third_party/abseil-cpp/absl/time/time.cc +499 -0
  1162. data/third_party/abseil-cpp/absl/time/time.h +1584 -0
  1163. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +48 -0
  1164. data/third_party/abseil-cpp/absl/types/bad_optional_access.h +78 -0
  1165. data/third_party/abseil-cpp/absl/types/internal/optional.h +396 -0
  1166. data/third_party/abseil-cpp/absl/types/internal/span.h +128 -0
  1167. data/third_party/abseil-cpp/absl/types/optional.h +776 -0
  1168. data/third_party/abseil-cpp/absl/types/span.h +713 -0
  1169. data/third_party/abseil-cpp/absl/utility/utility.h +350 -0
  1170. data/third_party/address_sorting/address_sorting.c +375 -0
  1171. data/third_party/address_sorting/address_sorting_internal.h +70 -0
  1172. data/third_party/address_sorting/address_sorting_posix.c +97 -0
  1173. data/third_party/address_sorting/address_sorting_windows.c +95 -0
  1174. data/third_party/address_sorting/include/address_sorting/address_sorting.h +113 -0
  1175. data/third_party/boringssl-with-bazel/err_data.c +1439 -0
  1176. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +271 -0
  1177. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +123 -0
  1178. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +93 -0
  1179. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +87 -0
  1180. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +195 -0
  1181. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +261 -0
  1182. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +88 -0
  1183. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +420 -0
  1184. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +305 -0
  1185. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +286 -0
  1186. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +77 -0
  1187. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +93 -0
  1188. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +313 -0
  1189. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +212 -0
  1190. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +151 -0
  1191. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +303 -0
  1192. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +236 -0
  1193. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +446 -0
  1194. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +104 -0
  1195. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +80 -0
  1196. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +105 -0
  1197. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +93 -0
  1198. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +97 -0
  1199. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +91 -0
  1200. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +1244 -0
  1201. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +664 -0
  1202. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +244 -0
  1203. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +387 -0
  1204. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +131 -0
  1205. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +280 -0
  1206. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +206 -0
  1207. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +466 -0
  1208. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +700 -0
  1209. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +330 -0
  1210. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +545 -0
  1211. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +279 -0
  1212. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +317 -0
  1213. data/third_party/boringssl-with-bazel/src/crypto/bio/hexdump.c +192 -0
  1214. data/third_party/boringssl-with-bazel/src/crypto/bio/internal.h +111 -0
  1215. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +488 -0
  1216. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +115 -0
  1217. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +206 -0
  1218. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +118 -0
  1219. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +64 -0
  1220. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +470 -0
  1221. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +172 -0
  1222. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +52 -0
  1223. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +265 -0
  1224. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +719 -0
  1225. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +688 -0
  1226. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +96 -0
  1227. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +155 -0
  1228. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +184 -0
  1229. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +45 -0
  1230. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +143 -0
  1231. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +152 -0
  1232. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesccm.c +447 -0
  1233. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +283 -0
  1234. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +891 -0
  1235. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +418 -0
  1236. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +85 -0
  1237. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +462 -0
  1238. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +87 -0
  1239. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +688 -0
  1240. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +128 -0
  1241. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +491 -0
  1242. data/third_party/boringssl-with-bazel/src/crypto/cmac/cmac.c +278 -0
  1243. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +810 -0
  1244. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +127 -0
  1245. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +31 -0
  1246. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-fuchsia.c +55 -0
  1247. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-linux.c +62 -0
  1248. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +220 -0
  1249. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.h +201 -0
  1250. data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +38 -0
  1251. data/third_party/boringssl-with-bazel/src/crypto/cpu-intel.c +291 -0
  1252. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +38 -0
  1253. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +226 -0
  1254. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +2159 -0
  1255. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +7872 -0
  1256. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +146 -0
  1257. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +539 -0
  1258. data/third_party/boringssl-with-bazel/src/crypto/dh/check.c +217 -0
  1259. data/third_party/boringssl-with-bazel/src/crypto/dh/dh.c +533 -0
  1260. data/third_party/boringssl-with-bazel/src/crypto/dh/dh_asn1.c +160 -0
  1261. data/third_party/boringssl-with-bazel/src/crypto/dh/params.c +93 -0
  1262. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +240 -0
  1263. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +980 -0
  1264. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +339 -0
  1265. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +574 -0
  1266. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_derive.c +95 -0
  1267. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +425 -0
  1268. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +78 -0
  1269. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +124 -0
  1270. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +267 -0
  1271. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +99 -0
  1272. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +850 -0
  1273. data/third_party/boringssl-with-bazel/src/crypto/err/internal.h +58 -0
  1274. data/third_party/boringssl-with-bazel/src/crypto/evp/digestsign.c +231 -0
  1275. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +443 -0
  1276. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +388 -0
  1277. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +484 -0
  1278. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +269 -0
  1279. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +273 -0
  1280. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +286 -0
  1281. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +255 -0
  1282. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +104 -0
  1283. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +221 -0
  1284. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +648 -0
  1285. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +194 -0
  1286. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +110 -0
  1287. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +248 -0
  1288. data/third_party/boringssl-with-bazel/src/crypto/evp/pbkdf.c +146 -0
  1289. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +489 -0
  1290. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +213 -0
  1291. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +151 -0
  1292. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +261 -0
  1293. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +108 -0
  1294. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +1282 -0
  1295. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +238 -0
  1296. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +236 -0
  1297. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +106 -0
  1298. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +263 -0
  1299. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +316 -0
  1300. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/asm/x86_64-gcc.c +541 -0
  1301. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +445 -0
  1302. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +230 -0
  1303. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +200 -0
  1304. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +236 -0
  1305. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +886 -0
  1306. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +87 -0
  1307. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +1288 -0
  1308. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +378 -0
  1309. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +325 -0
  1310. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +711 -0
  1311. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +694 -0
  1312. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/jacobi.c +146 -0
  1313. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +502 -0
  1314. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +186 -0
  1315. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +749 -0
  1316. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1068 -0
  1317. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +341 -0
  1318. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +226 -0
  1319. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +104 -0
  1320. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +364 -0
  1321. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +502 -0
  1322. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +284 -0
  1323. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +620 -0
  1324. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +1302 -0
  1325. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_des.c +237 -0
  1326. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +128 -0
  1327. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/delocate.h +89 -0
  1328. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/des.c +785 -0
  1329. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/des/internal.h +240 -0
  1330. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +271 -0
  1331. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digests.c +296 -0
  1332. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/internal.h +112 -0
  1333. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +268 -0
  1334. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1252 -0
  1335. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +465 -0
  1336. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +524 -0
  1337. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/felem.c +100 -0
  1338. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +775 -0
  1339. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +328 -0
  1340. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +1178 -0
  1341. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64-table.h +9497 -0
  1342. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +632 -0
  1343. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.h +153 -0
  1344. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +736 -0
  1345. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +297 -0
  1346. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +175 -0
  1347. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +357 -0
  1348. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +270 -0
  1349. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +255 -0
  1350. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +270 -0
  1351. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +122 -0
  1352. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +328 -0
  1353. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/fips_shared_support.c +32 -0
  1354. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +228 -0
  1355. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/is_fips.c +29 -0
  1356. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +256 -0
  1357. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/internal.h +37 -0
  1358. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +301 -0
  1359. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +167 -0
  1360. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +202 -0
  1361. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +200 -0
  1362. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +729 -0
  1363. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +304 -0
  1364. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +441 -0
  1365. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +96 -0
  1366. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +91 -0
  1367. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +202 -0
  1368. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +137 -0
  1369. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +49 -0
  1370. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +64 -0
  1371. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +163 -0
  1372. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +378 -0
  1373. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +391 -0
  1374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +243 -0
  1375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +127 -0
  1376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +695 -0
  1377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +898 -0
  1378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +1358 -0
  1379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +654 -0
  1380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +53 -0
  1381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +361 -0
  1382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +371 -0
  1383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +343 -0
  1384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +544 -0
  1385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +39 -0
  1386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +165 -0
  1387. data/third_party/boringssl-with-bazel/src/crypto/hkdf/hkdf.c +112 -0
  1388. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +2100 -0
  1389. data/third_party/boringssl-with-bazel/src/crypto/hrss/internal.h +61 -0
  1390. data/third_party/boringssl-with-bazel/src/crypto/internal.h +834 -0
  1391. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +348 -0
  1392. data/third_party/boringssl-with-bazel/src/crypto/mem.c +359 -0
  1393. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +549 -0
  1394. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +11585 -0
  1395. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_xref.c +122 -0
  1396. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +261 -0
  1397. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +360 -0
  1398. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +777 -0
  1399. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +87 -0
  1400. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +257 -0
  1401. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +218 -0
  1402. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +65 -0
  1403. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +65 -0
  1404. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/internal.h +49 -0
  1405. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7.c +159 -0
  1406. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +385 -0
  1407. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +131 -0
  1408. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/p5_pbev2.c +316 -0
  1409. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +530 -0
  1410. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +1305 -0
  1411. data/third_party/boringssl-with-bazel/src/crypto/poly1305/internal.h +41 -0
  1412. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +318 -0
  1413. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +305 -0
  1414. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +856 -0
  1415. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +45 -0
  1416. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +220 -0
  1417. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/deterministic.c +52 -0
  1418. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +46 -0
  1419. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/fuchsia.c +30 -0
  1420. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +70 -0
  1421. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/windows.c +69 -0
  1422. data/third_party/boringssl-with-bazel/src/crypto/rc4/rc4.c +98 -0
  1423. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +67 -0
  1424. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +53 -0
  1425. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +325 -0
  1426. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_print.c +22 -0
  1427. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +82 -0
  1428. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +431 -0
  1429. data/third_party/boringssl-with-bazel/src/crypto/thread.c +110 -0
  1430. data/third_party/boringssl-with-bazel/src/crypto/thread_none.c +59 -0
  1431. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +210 -0
  1432. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +260 -0
  1433. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +278 -0
  1434. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +1474 -0
  1435. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +720 -0
  1436. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +96 -0
  1437. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +128 -0
  1438. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +653 -0
  1439. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +114 -0
  1440. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +153 -0
  1441. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +842 -0
  1442. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +458 -0
  1443. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +275 -0
  1444. data/third_party/boringssl-with-bazel/src/crypto/x509/charmap.h +15 -0
  1445. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +83 -0
  1446. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +66 -0
  1447. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +385 -0
  1448. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +125 -0
  1449. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +244 -0
  1450. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +544 -0
  1451. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +111 -0
  1452. data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +71 -0
  1453. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +157 -0
  1454. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +381 -0
  1455. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +476 -0
  1456. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +106 -0
  1457. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +103 -0
  1458. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +206 -0
  1459. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +834 -0
  1460. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +198 -0
  1461. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +116 -0
  1462. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +341 -0
  1463. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +185 -0
  1464. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +326 -0
  1465. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +204 -0
  1466. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +278 -0
  1467. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +2487 -0
  1468. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +671 -0
  1469. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +210 -0
  1470. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +389 -0
  1471. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +81 -0
  1472. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +137 -0
  1473. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +151 -0
  1474. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +399 -0
  1475. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +111 -0
  1476. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +541 -0
  1477. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +75 -0
  1478. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +98 -0
  1479. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +554 -0
  1480. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +106 -0
  1481. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +368 -0
  1482. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +109 -0
  1483. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +69 -0
  1484. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +80 -0
  1485. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +69 -0
  1486. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +334 -0
  1487. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +198 -0
  1488. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +141 -0
  1489. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +56 -0
  1490. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +286 -0
  1491. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +130 -0
  1492. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_int.h +217 -0
  1493. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +155 -0
  1494. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +130 -0
  1495. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +189 -0
  1496. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +842 -0
  1497. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +207 -0
  1498. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +72 -0
  1499. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +629 -0
  1500. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +133 -0
  1501. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +141 -0
  1502. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +463 -0
  1503. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +503 -0
  1504. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +561 -0
  1505. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +100 -0
  1506. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +148 -0
  1507. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +246 -0
  1508. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +122 -0
  1509. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +218 -0
  1510. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +91 -0
  1511. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +371 -0
  1512. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +501 -0
  1513. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +68 -0
  1514. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +288 -0
  1515. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +57 -0
  1516. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +139 -0
  1517. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +110 -0
  1518. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +154 -0
  1519. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +229 -0
  1520. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +843 -0
  1521. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +155 -0
  1522. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +274 -0
  1523. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1395 -0
  1524. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +459 -0
  1525. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +195 -0
  1526. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +121 -0
  1527. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +911 -0
  1528. data/third_party/boringssl-with-bazel/src/include/openssl/asn1_mac.h +18 -0
  1529. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +892 -0
  1530. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +575 -0
  1531. data/third_party/boringssl-with-bazel/src/include/openssl/base64.h +190 -0
  1532. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +933 -0
  1533. data/third_party/boringssl-with-bazel/src/include/openssl/blowfish.h +93 -0
  1534. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +1057 -0
  1535. data/third_party/boringssl-with-bazel/src/include/openssl/buf.h +137 -0
  1536. data/third_party/boringssl-with-bazel/src/include/openssl/buffer.h +18 -0
  1537. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +561 -0
  1538. data/third_party/boringssl-with-bazel/src/include/openssl/cast.h +96 -0
  1539. data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +41 -0
  1540. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +638 -0
  1541. data/third_party/boringssl-with-bazel/src/include/openssl/cmac.h +91 -0
  1542. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +180 -0
  1543. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +212 -0
  1544. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +149 -0
  1545. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +201 -0
  1546. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +177 -0
  1547. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +319 -0
  1548. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +331 -0
  1549. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +457 -0
  1550. data/third_party/boringssl-with-bazel/src/include/openssl/dtls1.h +16 -0
  1551. data/third_party/boringssl-with-bazel/src/include/openssl/e_os2.h +18 -0
  1552. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +424 -0
  1553. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +372 -0
  1554. data/third_party/boringssl-with-bazel/src/include/openssl/ecdh.h +118 -0
  1555. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +205 -0
  1556. data/third_party/boringssl-with-bazel/src/include/openssl/engine.h +109 -0
  1557. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +465 -0
  1558. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1050 -0
  1559. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +203 -0
  1560. data/third_party/boringssl-with-bazel/src/include/openssl/hkdf.h +64 -0
  1561. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +186 -0
  1562. data/third_party/boringssl-with-bazel/src/include/openssl/hrss.h +100 -0
  1563. data/third_party/boringssl-with-bazel/src/include/openssl/is_boringssl.h +16 -0
  1564. data/third_party/boringssl-with-bazel/src/include/openssl/lhash.h +282 -0
  1565. data/third_party/boringssl-with-bazel/src/include/openssl/md4.h +108 -0
  1566. data/third_party/boringssl-with-bazel/src/include/openssl/md5.h +109 -0
  1567. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +175 -0
  1568. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +4259 -0
  1569. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +236 -0
  1570. data/third_party/boringssl-with-bazel/src/include/openssl/obj_mac.h +18 -0
  1571. data/third_party/boringssl-with-bazel/src/include/openssl/objects.h +18 -0
  1572. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +67 -0
  1573. data/third_party/boringssl-with-bazel/src/include/openssl/opensslv.h +18 -0
  1574. data/third_party/boringssl-with-bazel/src/include/openssl/ossl_typ.h +18 -0
  1575. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +435 -0
  1576. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs12.h +18 -0
  1577. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +215 -0
  1578. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +269 -0
  1579. data/third_party/boringssl-with-bazel/src/include/openssl/poly1305.h +49 -0
  1580. data/third_party/boringssl-with-bazel/src/include/openssl/pool.h +102 -0
  1581. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +111 -0
  1582. data/third_party/boringssl-with-bazel/src/include/openssl/rc4.h +96 -0
  1583. data/third_party/boringssl-with-bazel/src/include/openssl/ripemd.h +108 -0
  1584. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +818 -0
  1585. data/third_party/boringssl-with-bazel/src/include/openssl/safestack.h +16 -0
  1586. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +294 -0
  1587. data/third_party/boringssl-with-bazel/src/include/openssl/siphash.h +37 -0
  1588. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +199 -0
  1589. data/third_party/boringssl-with-bazel/src/include/openssl/srtp.h +18 -0
  1590. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +5198 -0
  1591. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +333 -0
  1592. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +542 -0
  1593. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +191 -0
  1594. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +632 -0
  1595. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +291 -0
  1596. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +90 -0
  1597. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1207 -0
  1598. data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +681 -0
  1599. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +831 -0
  1600. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +179 -0
  1601. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +837 -0
  1602. data/third_party/boringssl-with-bazel/src/ssl/d1_lib.cc +268 -0
  1603. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +273 -0
  1604. data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +232 -0
  1605. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +200 -0
  1606. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +353 -0
  1607. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +675 -0
  1608. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +703 -0
  1609. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +1890 -0
  1610. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1805 -0
  1611. data/third_party/boringssl-with-bazel/src/ssl/internal.h +3572 -0
  1612. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +724 -0
  1613. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +221 -0
  1614. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +458 -0
  1615. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +432 -0
  1616. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +856 -0
  1617. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +306 -0
  1618. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +1019 -0
  1619. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +1718 -0
  1620. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +585 -0
  1621. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +397 -0
  1622. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +3015 -0
  1623. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +835 -0
  1624. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +1333 -0
  1625. data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +230 -0
  1626. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +277 -0
  1627. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +394 -0
  1628. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +1358 -0
  1629. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +365 -0
  1630. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +3870 -0
  1631. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +689 -0
  1632. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1017 -0
  1633. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +513 -0
  1634. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +1096 -0
  1635. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +317 -0
  1636. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +703 -0
  1637. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +981 -0
  1638. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +619 -0
  1639. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3147 -0
  1640. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1226 -0
  1641. data/third_party/cares/ares_build.h +223 -0
  1642. data/third_party/cares/cares/ares.h +670 -0
  1643. data/third_party/cares/cares/ares__close_sockets.c +61 -0
  1644. data/third_party/cares/cares/ares__get_hostent.c +261 -0
  1645. data/third_party/cares/cares/ares__read_line.c +73 -0
  1646. data/third_party/cares/cares/ares__timeval.c +111 -0
  1647. data/third_party/cares/cares/ares_cancel.c +63 -0
  1648. data/third_party/cares/cares/ares_create_query.c +206 -0
  1649. data/third_party/cares/cares/ares_data.c +222 -0
  1650. data/third_party/cares/cares/ares_data.h +72 -0
  1651. data/third_party/cares/cares/ares_destroy.c +113 -0
  1652. data/third_party/cares/cares/ares_dns.h +103 -0
  1653. data/third_party/cares/cares/ares_expand_name.c +209 -0
  1654. data/third_party/cares/cares/ares_expand_string.c +70 -0
  1655. data/third_party/cares/cares/ares_fds.c +59 -0
  1656. data/third_party/cares/cares/ares_free_hostent.c +41 -0
  1657. data/third_party/cares/cares/ares_free_string.c +25 -0
  1658. data/third_party/cares/cares/ares_getenv.c +30 -0
  1659. data/third_party/cares/cares/ares_getenv.h +26 -0
  1660. data/third_party/cares/cares/ares_gethostbyaddr.c +294 -0
  1661. data/third_party/cares/cares/ares_gethostbyname.c +529 -0
  1662. data/third_party/cares/cares/ares_getnameinfo.c +453 -0
  1663. data/third_party/cares/cares/ares_getopt.c +122 -0
  1664. data/third_party/cares/cares/ares_getopt.h +53 -0
  1665. data/third_party/cares/cares/ares_getsock.c +66 -0
  1666. data/third_party/cares/cares/ares_inet_net_pton.h +25 -0
  1667. data/third_party/cares/cares/ares_init.c +2615 -0
  1668. data/third_party/cares/cares/ares_iphlpapi.h +221 -0
  1669. data/third_party/cares/cares/ares_ipv6.h +78 -0
  1670. data/third_party/cares/cares/ares_library_init.c +195 -0
  1671. data/third_party/cares/cares/ares_library_init.h +43 -0
  1672. data/third_party/cares/cares/ares_llist.c +63 -0
  1673. data/third_party/cares/cares/ares_llist.h +39 -0
  1674. data/third_party/cares/cares/ares_mkquery.c +24 -0
  1675. data/third_party/cares/cares/ares_nowarn.c +260 -0
  1676. data/third_party/cares/cares/ares_nowarn.h +61 -0
  1677. data/third_party/cares/cares/ares_options.c +406 -0
  1678. data/third_party/cares/cares/ares_parse_a_reply.c +264 -0
  1679. data/third_party/cares/cares/ares_parse_aaaa_reply.c +264 -0
  1680. data/third_party/cares/cares/ares_parse_mx_reply.c +170 -0
  1681. data/third_party/cares/cares/ares_parse_naptr_reply.c +194 -0
  1682. data/third_party/cares/cares/ares_parse_ns_reply.c +183 -0
  1683. data/third_party/cares/cares/ares_parse_ptr_reply.c +221 -0
  1684. data/third_party/cares/cares/ares_parse_soa_reply.c +133 -0
  1685. data/third_party/cares/cares/ares_parse_srv_reply.c +179 -0
  1686. data/third_party/cares/cares/ares_parse_txt_reply.c +220 -0
  1687. data/third_party/cares/cares/ares_platform.c +11042 -0
  1688. data/third_party/cares/cares/ares_platform.h +43 -0
  1689. data/third_party/cares/cares/ares_private.h +382 -0
  1690. data/third_party/cares/cares/ares_process.c +1473 -0
  1691. data/third_party/cares/cares/ares_query.c +186 -0
  1692. data/third_party/cares/cares/ares_rules.h +125 -0
  1693. data/third_party/cares/cares/ares_search.c +323 -0
  1694. data/third_party/cares/cares/ares_send.c +137 -0
  1695. data/third_party/cares/cares/ares_setup.h +217 -0
  1696. data/third_party/cares/cares/ares_strcasecmp.c +66 -0
  1697. data/third_party/cares/cares/ares_strcasecmp.h +30 -0
  1698. data/third_party/cares/cares/ares_strdup.c +49 -0
  1699. data/third_party/cares/cares/ares_strdup.h +24 -0
  1700. data/third_party/cares/cares/ares_strerror.c +56 -0
  1701. data/third_party/cares/cares/ares_strsplit.c +174 -0
  1702. data/third_party/cares/cares/ares_strsplit.h +43 -0
  1703. data/third_party/cares/cares/ares_timeout.c +88 -0
  1704. data/third_party/cares/cares/ares_version.c +11 -0
  1705. data/third_party/cares/cares/ares_version.h +24 -0
  1706. data/third_party/cares/cares/ares_writev.c +79 -0
  1707. data/third_party/cares/cares/bitncmp.c +59 -0
  1708. data/third_party/cares/cares/bitncmp.h +26 -0
  1709. data/third_party/cares/cares/config-win32.h +351 -0
  1710. data/third_party/cares/cares/inet_net_pton.c +450 -0
  1711. data/third_party/cares/cares/inet_ntop.c +207 -0
  1712. data/third_party/cares/cares/setup_once.h +554 -0
  1713. data/third_party/cares/cares/windows_port.c +22 -0
  1714. data/third_party/cares/config_darwin/ares_config.h +428 -0
  1715. data/third_party/cares/config_freebsd/ares_config.h +505 -0
  1716. data/third_party/cares/config_linux/ares_config.h +461 -0
  1717. data/third_party/cares/config_openbsd/ares_config.h +505 -0
  1718. data/third_party/upb/upb/decode.c +609 -0
  1719. data/third_party/upb/upb/decode.h +21 -0
  1720. data/third_party/upb/upb/encode.c +378 -0
  1721. data/third_party/upb/upb/encode.h +21 -0
  1722. data/third_party/upb/upb/generated_util.h +105 -0
  1723. data/third_party/upb/upb/msg.c +111 -0
  1724. data/third_party/upb/upb/msg.h +69 -0
  1725. data/third_party/upb/upb/port.c +26 -0
  1726. data/third_party/upb/upb/port_def.inc +150 -0
  1727. data/third_party/upb/upb/port_undef.inc +21 -0
  1728. data/third_party/upb/upb/table.c +913 -0
  1729. data/third_party/upb/upb/table.int.h +507 -0
  1730. data/third_party/upb/upb/upb.c +261 -0
  1731. data/third_party/upb/upb/upb.h +364 -0
  1732. data/third_party/zlib/adler32.c +186 -0
  1733. data/third_party/zlib/compress.c +86 -0
  1734. data/third_party/zlib/crc32.c +442 -0
  1735. data/third_party/zlib/crc32.h +441 -0
  1736. data/third_party/zlib/deflate.c +2163 -0
  1737. data/third_party/zlib/deflate.h +349 -0
  1738. data/third_party/zlib/gzclose.c +25 -0
  1739. data/third_party/zlib/gzguts.h +218 -0
  1740. data/third_party/zlib/gzlib.c +637 -0
  1741. data/third_party/zlib/gzread.c +654 -0
  1742. data/third_party/zlib/gzwrite.c +665 -0
  1743. data/third_party/zlib/infback.c +640 -0
  1744. data/third_party/zlib/inffast.c +323 -0
  1745. data/third_party/zlib/inffast.h +11 -0
  1746. data/third_party/zlib/inffixed.h +94 -0
  1747. data/third_party/zlib/inflate.c +1561 -0
  1748. data/third_party/zlib/inflate.h +125 -0
  1749. data/third_party/zlib/inftrees.c +304 -0
  1750. data/third_party/zlib/inftrees.h +62 -0
  1751. data/third_party/zlib/trees.c +1203 -0
  1752. data/third_party/zlib/trees.h +128 -0
  1753. data/third_party/zlib/uncompr.c +93 -0
  1754. data/third_party/zlib/zconf.h +534 -0
  1755. data/third_party/zlib/zlib.h +1912 -0
  1756. data/third_party/zlib/zutil.c +325 -0
  1757. data/third_party/zlib/zutil.h +271 -0
  1758. metadata +2029 -0
@@ -0,0 +1,2487 @@
1
+ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2
+ * All rights reserved.
3
+ *
4
+ * This package is an SSL implementation written
5
+ * by Eric Young (eay@cryptsoft.com).
6
+ * The implementation was written so as to conform with Netscapes SSL.
7
+ *
8
+ * This library is free for commercial and non-commercial use as long as
9
+ * the following conditions are aheared to. The following conditions
10
+ * apply to all code found in this distribution, be it the RC4, RSA,
11
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12
+ * included with this distribution is covered by the same copyright terms
13
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14
+ *
15
+ * Copyright remains Eric Young's, and as such any Copyright notices in
16
+ * the code are not to be removed.
17
+ * If this package is used in a product, Eric Young should be given attribution
18
+ * as the author of the parts of the library used.
19
+ * This can be in the form of a textual message at program startup or
20
+ * in documentation (online or textual) provided with the package.
21
+ *
22
+ * Redistribution and use in source and binary forms, with or without
23
+ * modification, are permitted provided that the following conditions
24
+ * are met:
25
+ * 1. Redistributions of source code must retain the copyright
26
+ * notice, this list of conditions and the following disclaimer.
27
+ * 2. Redistributions in binary form must reproduce the above copyright
28
+ * notice, this list of conditions and the following disclaimer in the
29
+ * documentation and/or other materials provided with the distribution.
30
+ * 3. All advertising materials mentioning features or use of this software
31
+ * must display the following acknowledgement:
32
+ * "This product includes cryptographic software written by
33
+ * Eric Young (eay@cryptsoft.com)"
34
+ * The word 'cryptographic' can be left out if the rouines from the library
35
+ * being used are not cryptographic related :-).
36
+ * 4. If you include any Windows specific code (or a derivative thereof) from
37
+ * the apps directory (application code) you must include an acknowledgement:
38
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39
+ *
40
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
+ * SUCH DAMAGE.
51
+ *
52
+ * The licence and distribution terms for any publically available version or
53
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
54
+ * copied and put under another distribution licence
55
+ * [including the GNU Public Licence.] */
56
+
57
+ #include <ctype.h>
58
+ #include <string.h>
59
+ #include <time.h>
60
+
61
+ #include <openssl/asn1.h>
62
+ #include <openssl/err.h>
63
+ #include <openssl/evp.h>
64
+ #include <openssl/mem.h>
65
+ #include <openssl/obj.h>
66
+ #include <openssl/thread.h>
67
+ #include <openssl/x509.h>
68
+ #include <openssl/x509v3.h>
69
+
70
+ #include "vpm_int.h"
71
+ #include "../internal.h"
72
+ #include "../x509v3/internal.h"
73
+
74
+ static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75
+ CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
+
77
+ /* CRL score values */
78
+
79
+ /* No unhandled critical extensions */
80
+
81
+ #define CRL_SCORE_NOCRITICAL 0x100
82
+
83
+ /* certificate is within CRL scope */
84
+
85
+ #define CRL_SCORE_SCOPE 0x080
86
+
87
+ /* CRL times valid */
88
+
89
+ #define CRL_SCORE_TIME 0x040
90
+
91
+ /* Issuer name matches certificate */
92
+
93
+ #define CRL_SCORE_ISSUER_NAME 0x020
94
+
95
+ /* If this score or above CRL is probably valid */
96
+
97
+ #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
98
+
99
+ /* CRL issuer is certificate issuer */
100
+
101
+ #define CRL_SCORE_ISSUER_CERT 0x018
102
+
103
+ /* CRL issuer is on certificate path */
104
+
105
+ #define CRL_SCORE_SAME_PATH 0x008
106
+
107
+ /* CRL issuer matches CRL AKID */
108
+
109
+ #define CRL_SCORE_AKID 0x004
110
+
111
+ /* Have a delta CRL with valid times */
112
+
113
+ #define CRL_SCORE_TIME_DELTA 0x002
114
+
115
+ static int null_callback(int ok, X509_STORE_CTX *e);
116
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
117
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
118
+ static int check_chain_extensions(X509_STORE_CTX *ctx);
119
+ static int check_name_constraints(X509_STORE_CTX *ctx);
120
+ static int check_id(X509_STORE_CTX *ctx);
121
+ static int check_trust(X509_STORE_CTX *ctx);
122
+ static int check_revocation(X509_STORE_CTX *ctx);
123
+ static int check_cert(X509_STORE_CTX *ctx);
124
+ static int check_policy(X509_STORE_CTX *ctx);
125
+
126
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
127
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
128
+ static int get_crl_delta(X509_STORE_CTX *ctx,
129
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
130
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
131
+ int *pcrl_score, X509_CRL *base,
132
+ STACK_OF(X509_CRL) *crls);
133
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134
+ int *pcrl_score);
135
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136
+ unsigned int *preasons);
137
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138
+ static int check_crl_chain(X509_STORE_CTX *ctx,
139
+ STACK_OF(X509) *cert_path,
140
+ STACK_OF(X509) *crl_path);
141
+
142
+ static int internal_verify(X509_STORE_CTX *ctx);
143
+
144
+ static int null_callback(int ok, X509_STORE_CTX *e)
145
+ {
146
+ return ok;
147
+ }
148
+
149
+ /* Return 1 is a certificate is self signed */
150
+ static int cert_self_signed(X509 *x)
151
+ {
152
+ X509_check_purpose(x, -1, 0);
153
+ if (x->ex_flags & EXFLAG_SS)
154
+ return 1;
155
+ else
156
+ return 0;
157
+ }
158
+
159
+ /* Given a certificate try and find an exact match in the store */
160
+
161
+ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
162
+ {
163
+ STACK_OF(X509) *certs;
164
+ X509 *xtmp = NULL;
165
+ size_t i;
166
+ /* Lookup all certs with matching subject name */
167
+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
168
+ if (certs == NULL)
169
+ return NULL;
170
+ /* Look for exact match */
171
+ for (i = 0; i < sk_X509_num(certs); i++) {
172
+ xtmp = sk_X509_value(certs, i);
173
+ if (!X509_cmp(xtmp, x))
174
+ break;
175
+ }
176
+ if (i < sk_X509_num(certs))
177
+ X509_up_ref(xtmp);
178
+ else
179
+ xtmp = NULL;
180
+ sk_X509_pop_free(certs, X509_free);
181
+ return xtmp;
182
+ }
183
+
184
+ int X509_verify_cert(X509_STORE_CTX *ctx)
185
+ {
186
+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
187
+ int bad_chain = 0;
188
+ X509_VERIFY_PARAM *param = ctx->param;
189
+ int depth, i, ok = 0;
190
+ int num, j, retry, trust;
191
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
192
+ STACK_OF(X509) *sktmp = NULL;
193
+ if (ctx->cert == NULL) {
194
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
195
+ ctx->error = X509_V_ERR_INVALID_CALL;
196
+ return -1;
197
+ }
198
+ if (ctx->chain != NULL) {
199
+ /*
200
+ * This X509_STORE_CTX has already been used to verify a cert. We
201
+ * cannot do another one.
202
+ */
203
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
204
+ ctx->error = X509_V_ERR_INVALID_CALL;
205
+ return -1;
206
+ }
207
+
208
+ cb = ctx->verify_cb;
209
+
210
+ /*
211
+ * first we make sure the chain we are going to build is present and that
212
+ * the first entry is in place
213
+ */
214
+ ctx->chain = sk_X509_new_null();
215
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
216
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
217
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
218
+ goto end;
219
+ }
220
+ X509_up_ref(ctx->cert);
221
+ ctx->last_untrusted = 1;
222
+
223
+ /* We use a temporary STACK so we can chop and hack at it.
224
+ * sktmp = ctx->untrusted ++ ctx->ctx->additional_untrusted */
225
+ if (ctx->untrusted != NULL
226
+ && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
227
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
228
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
229
+ goto end;
230
+ }
231
+
232
+ if (ctx->ctx->additional_untrusted != NULL) {
233
+ if (sktmp == NULL) {
234
+ sktmp = sk_X509_new_null();
235
+ if (sktmp == NULL) {
236
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
237
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
238
+ goto end;
239
+ }
240
+ }
241
+
242
+ for (size_t k = 0; k < sk_X509_num(ctx->ctx->additional_untrusted);
243
+ k++) {
244
+ if (!sk_X509_push(sktmp,
245
+ sk_X509_value(ctx->ctx->additional_untrusted,
246
+ k))) {
247
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
248
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
249
+ goto end;
250
+ }
251
+ }
252
+ }
253
+
254
+ num = sk_X509_num(ctx->chain);
255
+ x = sk_X509_value(ctx->chain, num - 1);
256
+ depth = param->depth;
257
+
258
+ for (;;) {
259
+ /* If we have enough, we break */
260
+ if (depth < num)
261
+ break; /* FIXME: If this happens, we should take
262
+ * note of it and, if appropriate, use the
263
+ * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
264
+ * later. */
265
+
266
+ /* If we are self signed, we break */
267
+ if (cert_self_signed(x))
268
+ break;
269
+ /*
270
+ * If asked see if we can find issuer in trusted store first
271
+ */
272
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
273
+ ok = ctx->get_issuer(&xtmp, ctx, x);
274
+ if (ok < 0) {
275
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
276
+ goto end;
277
+ }
278
+ /*
279
+ * If successful for now free up cert so it will be picked up
280
+ * again later.
281
+ */
282
+ if (ok > 0) {
283
+ X509_free(xtmp);
284
+ break;
285
+ }
286
+ }
287
+
288
+ /* If we were passed a cert chain, use it first */
289
+ if (sktmp != NULL) {
290
+ xtmp = find_issuer(ctx, sktmp, x);
291
+ if (xtmp != NULL) {
292
+ if (!sk_X509_push(ctx->chain, xtmp)) {
293
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
294
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
295
+ ok = 0;
296
+ goto end;
297
+ }
298
+ X509_up_ref(xtmp);
299
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
300
+ ctx->last_untrusted++;
301
+ x = xtmp;
302
+ num++;
303
+ /*
304
+ * reparse the full chain for the next one
305
+ */
306
+ continue;
307
+ }
308
+ }
309
+ break;
310
+ }
311
+
312
+ /* Remember how many untrusted certs we have */
313
+ j = num;
314
+ /*
315
+ * at this point, chain should contain a list of untrusted certificates.
316
+ * We now need to add at least one trusted one, if possible, otherwise we
317
+ * complain.
318
+ */
319
+
320
+ do {
321
+ /*
322
+ * Examine last certificate in chain and see if it is self signed.
323
+ */
324
+ i = sk_X509_num(ctx->chain);
325
+ x = sk_X509_value(ctx->chain, i - 1);
326
+ if (cert_self_signed(x)) {
327
+ /* we have a self signed certificate */
328
+ if (sk_X509_num(ctx->chain) == 1) {
329
+ /*
330
+ * We have a single self signed certificate: see if we can
331
+ * find it in the store. We must have an exact match to avoid
332
+ * possible impersonation.
333
+ */
334
+ ok = ctx->get_issuer(&xtmp, ctx, x);
335
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
336
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
337
+ ctx->current_cert = x;
338
+ ctx->error_depth = i - 1;
339
+ if (ok == 1)
340
+ X509_free(xtmp);
341
+ bad_chain = 1;
342
+ ok = cb(0, ctx);
343
+ if (!ok)
344
+ goto end;
345
+ } else {
346
+ /*
347
+ * We have a match: replace certificate with store
348
+ * version so we get any trust settings.
349
+ */
350
+ X509_free(x);
351
+ x = xtmp;
352
+ (void)sk_X509_set(ctx->chain, i - 1, x);
353
+ ctx->last_untrusted = 0;
354
+ }
355
+ } else {
356
+ /*
357
+ * extract and save self signed certificate for later use
358
+ */
359
+ chain_ss = sk_X509_pop(ctx->chain);
360
+ ctx->last_untrusted--;
361
+ num--;
362
+ j--;
363
+ x = sk_X509_value(ctx->chain, num - 1);
364
+ }
365
+ }
366
+ /* We now lookup certs from the certificate store */
367
+ for (;;) {
368
+ /* If we have enough, we break */
369
+ if (depth < num)
370
+ break;
371
+ /* If we are self signed, we break */
372
+ if (cert_self_signed(x))
373
+ break;
374
+ ok = ctx->get_issuer(&xtmp, ctx, x);
375
+
376
+ if (ok < 0) {
377
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
378
+ goto end;
379
+ }
380
+ if (ok == 0)
381
+ break;
382
+ x = xtmp;
383
+ if (!sk_X509_push(ctx->chain, x)) {
384
+ X509_free(xtmp);
385
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
386
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
387
+ ok = 0;
388
+ goto end;
389
+ }
390
+ num++;
391
+ }
392
+
393
+ /* we now have our chain, lets check it... */
394
+ trust = check_trust(ctx);
395
+
396
+ /* If explicitly rejected error */
397
+ if (trust == X509_TRUST_REJECTED) {
398
+ ok = 0;
399
+ goto end;
400
+ }
401
+ /*
402
+ * If it's not explicitly trusted then check if there is an alternative
403
+ * chain that could be used. We only do this if we haven't already
404
+ * checked via TRUSTED_FIRST and the user hasn't switched off alternate
405
+ * chain checking
406
+ */
407
+ retry = 0;
408
+ if (trust != X509_TRUST_TRUSTED
409
+ && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
410
+ && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
411
+ while (j-- > 1) {
412
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
413
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
414
+ if (ok < 0)
415
+ goto end;
416
+ /* Check if we found an alternate chain */
417
+ if (ok > 0) {
418
+ /*
419
+ * Free up the found cert we'll add it again later
420
+ */
421
+ X509_free(xtmp);
422
+
423
+ /*
424
+ * Dump all the certs above this point - we've found an
425
+ * alternate chain
426
+ */
427
+ while (num > j) {
428
+ xtmp = sk_X509_pop(ctx->chain);
429
+ X509_free(xtmp);
430
+ num--;
431
+ }
432
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
433
+ retry = 1;
434
+ break;
435
+ }
436
+ }
437
+ }
438
+ } while (retry);
439
+
440
+ /*
441
+ * If not explicitly trusted then indicate error unless it's a single
442
+ * self signed certificate in which case we've indicated an error already
443
+ * and set bad_chain == 1
444
+ */
445
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
446
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
447
+ if (ctx->last_untrusted >= num)
448
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
449
+ else
450
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
451
+ ctx->current_cert = x;
452
+ } else {
453
+
454
+ sk_X509_push(ctx->chain, chain_ss);
455
+ num++;
456
+ ctx->last_untrusted = num;
457
+ ctx->current_cert = chain_ss;
458
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
459
+ chain_ss = NULL;
460
+ }
461
+
462
+ ctx->error_depth = num - 1;
463
+ bad_chain = 1;
464
+ ok = cb(0, ctx);
465
+ if (!ok)
466
+ goto end;
467
+ }
468
+
469
+ /* We have the chain complete: now we need to check its purpose */
470
+ ok = check_chain_extensions(ctx);
471
+
472
+ if (!ok)
473
+ goto end;
474
+
475
+ ok = check_id(ctx);
476
+
477
+ if (!ok)
478
+ goto end;
479
+
480
+ /*
481
+ * Check revocation status: we do this after copying parameters because
482
+ * they may be needed for CRL signature verification.
483
+ */
484
+
485
+ ok = ctx->check_revocation(ctx);
486
+ if (!ok)
487
+ goto end;
488
+
489
+ int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
490
+ ctx->param->flags);
491
+ if (err != X509_V_OK) {
492
+ ctx->error = err;
493
+ ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
494
+ ok = cb(0, ctx);
495
+ if (!ok)
496
+ goto end;
497
+ }
498
+
499
+ /* At this point, we have a chain and need to verify it */
500
+ if (ctx->verify != NULL)
501
+ ok = ctx->verify(ctx);
502
+ else
503
+ ok = internal_verify(ctx);
504
+ if (!ok)
505
+ goto end;
506
+
507
+ /* Check name constraints */
508
+
509
+ ok = check_name_constraints(ctx);
510
+ if (!ok)
511
+ goto end;
512
+
513
+ /* If we get this far evaluate policies */
514
+ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
515
+ ok = ctx->check_policy(ctx);
516
+
517
+ end:
518
+ if (sktmp != NULL)
519
+ sk_X509_free(sktmp);
520
+ if (chain_ss != NULL)
521
+ X509_free(chain_ss);
522
+
523
+ /* Safety net, error returns must set ctx->error */
524
+ if (ok <= 0 && ctx->error == X509_V_OK)
525
+ ctx->error = X509_V_ERR_UNSPECIFIED;
526
+ return ok;
527
+ }
528
+
529
+ /*
530
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
531
+ */
532
+
533
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
534
+ {
535
+ size_t i;
536
+ X509 *issuer;
537
+ for (i = 0; i < sk_X509_num(sk); i++) {
538
+ issuer = sk_X509_value(sk, i);
539
+ if (ctx->check_issued(ctx, x, issuer))
540
+ return issuer;
541
+ }
542
+ return NULL;
543
+ }
544
+
545
+ /* Given a possible certificate and issuer check them */
546
+
547
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
548
+ {
549
+ int ret;
550
+ ret = X509_check_issued(issuer, x);
551
+ if (ret == X509_V_OK)
552
+ return 1;
553
+ /* If we haven't asked for issuer errors don't set ctx */
554
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
555
+ return 0;
556
+
557
+ ctx->error = ret;
558
+ ctx->current_cert = x;
559
+ ctx->current_issuer = issuer;
560
+ return ctx->verify_cb(0, ctx);
561
+ }
562
+
563
+ /* Alternative lookup method: look from a STACK stored in other_ctx */
564
+
565
+ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
566
+ {
567
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
568
+ if (*issuer) {
569
+ X509_up_ref(*issuer);
570
+ return 1;
571
+ } else
572
+ return 0;
573
+ }
574
+
575
+ /*
576
+ * Check a certificate chains extensions for consistency with the supplied
577
+ * purpose
578
+ */
579
+
580
+ static int check_chain_extensions(X509_STORE_CTX *ctx)
581
+ {
582
+ int i, ok = 0, plen = 0;
583
+ X509 *x;
584
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
585
+ int proxy_path_length = 0;
586
+ int purpose;
587
+ int allow_proxy_certs;
588
+ cb = ctx->verify_cb;
589
+
590
+ enum {
591
+ // ca_or_leaf allows either type of certificate so that direct use of
592
+ // self-signed certificates works.
593
+ ca_or_leaf,
594
+ must_be_ca,
595
+ must_not_be_ca,
596
+ } ca_requirement;
597
+
598
+ /* CRL path validation */
599
+ if (ctx->parent) {
600
+ allow_proxy_certs = 0;
601
+ purpose = X509_PURPOSE_CRL_SIGN;
602
+ } else {
603
+ allow_proxy_certs =
604
+ ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
605
+ purpose = ctx->param->purpose;
606
+ }
607
+
608
+ ca_requirement = ca_or_leaf;
609
+
610
+ /* Check all untrusted certificates */
611
+ for (i = 0; i < ctx->last_untrusted; i++) {
612
+ int ret;
613
+ x = sk_X509_value(ctx->chain, i);
614
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
615
+ && (x->ex_flags & EXFLAG_CRITICAL)) {
616
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
617
+ ctx->error_depth = i;
618
+ ctx->current_cert = x;
619
+ ok = cb(0, ctx);
620
+ if (!ok)
621
+ goto end;
622
+ }
623
+ if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
624
+ ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
625
+ ctx->error_depth = i;
626
+ ctx->current_cert = x;
627
+ ok = cb(0, ctx);
628
+ if (!ok)
629
+ goto end;
630
+ }
631
+
632
+ switch (ca_requirement) {
633
+ case ca_or_leaf:
634
+ ret = 1;
635
+ break;
636
+ case must_not_be_ca:
637
+ if (X509_check_ca(x)) {
638
+ ret = 0;
639
+ ctx->error = X509_V_ERR_INVALID_NON_CA;
640
+ } else
641
+ ret = 1;
642
+ break;
643
+ case must_be_ca:
644
+ if (!X509_check_ca(x)) {
645
+ ret = 0;
646
+ ctx->error = X509_V_ERR_INVALID_CA;
647
+ } else
648
+ ret = 1;
649
+ break;
650
+ default:
651
+ // impossible.
652
+ ret = 0;
653
+ }
654
+
655
+ if (ret == 0) {
656
+ ctx->error_depth = i;
657
+ ctx->current_cert = x;
658
+ ok = cb(0, ctx);
659
+ if (!ok)
660
+ goto end;
661
+ }
662
+ if (ctx->param->purpose > 0) {
663
+ ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
664
+ if (ret != 1) {
665
+ ret = 0;
666
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
667
+ ctx->error_depth = i;
668
+ ctx->current_cert = x;
669
+ ok = cb(0, ctx);
670
+ if (!ok)
671
+ goto end;
672
+ }
673
+ }
674
+ /* Check pathlen if not self issued */
675
+ if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
676
+ && (x->ex_pathlen != -1)
677
+ && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
678
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
679
+ ctx->error_depth = i;
680
+ ctx->current_cert = x;
681
+ ok = cb(0, ctx);
682
+ if (!ok)
683
+ goto end;
684
+ }
685
+ /* Increment path length if not self issued */
686
+ if (!(x->ex_flags & EXFLAG_SI))
687
+ plen++;
688
+ /*
689
+ * If this certificate is a proxy certificate, the next certificate
690
+ * must be another proxy certificate or a EE certificate. If not,
691
+ * the next certificate must be a CA certificate.
692
+ */
693
+ if (x->ex_flags & EXFLAG_PROXY) {
694
+ if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
695
+ ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
696
+ ctx->error_depth = i;
697
+ ctx->current_cert = x;
698
+ ok = cb(0, ctx);
699
+ if (!ok)
700
+ goto end;
701
+ }
702
+ proxy_path_length++;
703
+ ca_requirement = must_not_be_ca;
704
+ } else {
705
+ ca_requirement = must_be_ca;
706
+ }
707
+ }
708
+ ok = 1;
709
+ end:
710
+ return ok;
711
+ }
712
+
713
+ static int reject_dns_name_in_common_name(X509 *x509)
714
+ {
715
+ X509_NAME *name = X509_get_subject_name(x509);
716
+ int i = -1;
717
+ for (;;) {
718
+ i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
719
+ if (i == -1) {
720
+ return X509_V_OK;
721
+ }
722
+
723
+ X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
724
+ ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
725
+ unsigned char *idval;
726
+ int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
727
+ if (idlen < 0) {
728
+ return X509_V_ERR_OUT_OF_MEM;
729
+ }
730
+ /* Only process attributes that look like host names. Note it is
731
+ * important that this check be mirrored in |X509_check_host|. */
732
+ int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
733
+ OPENSSL_free(idval);
734
+ if (looks_like_dns) {
735
+ return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
736
+ }
737
+ }
738
+ }
739
+
740
+ static int check_name_constraints(X509_STORE_CTX *ctx)
741
+ {
742
+ int i, j, rv;
743
+ int has_name_constraints = 0;
744
+ /* Check name constraints for all certificates */
745
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
746
+ X509 *x = sk_X509_value(ctx->chain, i);
747
+ /* Ignore self issued certs unless last in chain */
748
+ if (i && (x->ex_flags & EXFLAG_SI))
749
+ continue;
750
+ /*
751
+ * Check against constraints for all certificates higher in chain
752
+ * including trust anchor. Trust anchor not strictly speaking needed
753
+ * but if it includes constraints it is to be assumed it expects them
754
+ * to be obeyed.
755
+ */
756
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
757
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
758
+ if (nc) {
759
+ has_name_constraints = 1;
760
+ rv = NAME_CONSTRAINTS_check(x, nc);
761
+ switch (rv) {
762
+ case X509_V_OK:
763
+ continue;
764
+ case X509_V_ERR_OUT_OF_MEM:
765
+ ctx->error = rv;
766
+ return 0;
767
+ default:
768
+ ctx->error = rv;
769
+ ctx->error_depth = i;
770
+ ctx->current_cert = x;
771
+ if (!ctx->verify_cb(0, ctx))
772
+ return 0;
773
+ break;
774
+ }
775
+ }
776
+ }
777
+ }
778
+
779
+ /* Name constraints do not match against the common name, but
780
+ * |X509_check_host| still implements the legacy behavior where, on
781
+ * certificates lacking a SAN list, DNS-like names in the common name are
782
+ * checked instead.
783
+ *
784
+ * While we could apply the name constraints to the common name, name
785
+ * constraints are rare enough that can hold such certificates to a higher
786
+ * standard. Note this does not make "DNS-like" heuristic failures any
787
+ * worse. A decorative common-name misidentified as a DNS name would fail
788
+ * the name constraint anyway. */
789
+ X509 *leaf = sk_X509_value(ctx->chain, 0);
790
+ if (has_name_constraints && leaf->altname == NULL) {
791
+ rv = reject_dns_name_in_common_name(leaf);
792
+ switch (rv) {
793
+ case X509_V_OK:
794
+ break;
795
+ case X509_V_ERR_OUT_OF_MEM:
796
+ ctx->error = rv;
797
+ return 0;
798
+ default:
799
+ ctx->error = rv;
800
+ ctx->error_depth = i;
801
+ ctx->current_cert = leaf;
802
+ if (!ctx->verify_cb(0, ctx))
803
+ return 0;
804
+ break;
805
+ }
806
+ }
807
+
808
+ return 1;
809
+ }
810
+
811
+ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
812
+ {
813
+ ctx->error = errcode;
814
+ ctx->current_cert = ctx->cert;
815
+ ctx->error_depth = 0;
816
+ return ctx->verify_cb(0, ctx);
817
+ }
818
+
819
+ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
820
+ {
821
+ size_t i;
822
+ size_t n = sk_OPENSSL_STRING_num(id->hosts);
823
+ char *name;
824
+
825
+ if (id->peername != NULL) {
826
+ OPENSSL_free(id->peername);
827
+ id->peername = NULL;
828
+ }
829
+ for (i = 0; i < n; ++i) {
830
+ name = sk_OPENSSL_STRING_value(id->hosts, i);
831
+ if (X509_check_host(x, name, strlen(name), id->hostflags,
832
+ &id->peername) > 0)
833
+ return 1;
834
+ }
835
+ return n == 0;
836
+ }
837
+
838
+ static int check_id(X509_STORE_CTX *ctx)
839
+ {
840
+ X509_VERIFY_PARAM *vpm = ctx->param;
841
+ X509_VERIFY_PARAM_ID *id = vpm->id;
842
+ X509 *x = ctx->cert;
843
+ if (id->poison) {
844
+ if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
845
+ return 0;
846
+ }
847
+ if (id->hosts && check_hosts(x, id) <= 0) {
848
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
849
+ return 0;
850
+ }
851
+ if (id->email && X509_check_email(x, id->email, id->emaillen, 0) <= 0) {
852
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
853
+ return 0;
854
+ }
855
+ if (id->ip && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) {
856
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
857
+ return 0;
858
+ }
859
+ return 1;
860
+ }
861
+
862
+ static int check_trust(X509_STORE_CTX *ctx)
863
+ {
864
+ size_t i;
865
+ int ok;
866
+ X509 *x = NULL;
867
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
868
+ cb = ctx->verify_cb;
869
+ /* Check all trusted certificates in chain */
870
+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
871
+ x = sk_X509_value(ctx->chain, i);
872
+ ok = X509_check_trust(x, ctx->param->trust, 0);
873
+ /* If explicitly trusted return trusted */
874
+ if (ok == X509_TRUST_TRUSTED)
875
+ return X509_TRUST_TRUSTED;
876
+ /*
877
+ * If explicitly rejected notify callback and reject if not
878
+ * overridden.
879
+ */
880
+ if (ok == X509_TRUST_REJECTED) {
881
+ ctx->error_depth = i;
882
+ ctx->current_cert = x;
883
+ ctx->error = X509_V_ERR_CERT_REJECTED;
884
+ ok = cb(0, ctx);
885
+ if (!ok)
886
+ return X509_TRUST_REJECTED;
887
+ }
888
+ }
889
+ /*
890
+ * If we accept partial chains and have at least one trusted certificate
891
+ * return success.
892
+ */
893
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
894
+ X509 *mx;
895
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
896
+ return X509_TRUST_TRUSTED;
897
+ x = sk_X509_value(ctx->chain, 0);
898
+ mx = lookup_cert_match(ctx, x);
899
+ if (mx) {
900
+ (void)sk_X509_set(ctx->chain, 0, mx);
901
+ X509_free(x);
902
+ ctx->last_untrusted = 0;
903
+ return X509_TRUST_TRUSTED;
904
+ }
905
+ }
906
+
907
+ /*
908
+ * If no trusted certs in chain at all return untrusted and allow
909
+ * standard (no issuer cert) etc errors to be indicated.
910
+ */
911
+ return X509_TRUST_UNTRUSTED;
912
+ }
913
+
914
+ static int check_revocation(X509_STORE_CTX *ctx)
915
+ {
916
+ int i, last, ok;
917
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
918
+ return 1;
919
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
920
+ last = sk_X509_num(ctx->chain) - 1;
921
+ else {
922
+ /* If checking CRL paths this isn't the EE certificate */
923
+ if (ctx->parent)
924
+ return 1;
925
+ last = 0;
926
+ }
927
+ for (i = 0; i <= last; i++) {
928
+ ctx->error_depth = i;
929
+ ok = check_cert(ctx);
930
+ if (!ok)
931
+ return ok;
932
+ }
933
+ return 1;
934
+ }
935
+
936
+ static int check_cert(X509_STORE_CTX *ctx)
937
+ {
938
+ X509_CRL *crl = NULL, *dcrl = NULL;
939
+ X509 *x;
940
+ int ok = 0, cnum;
941
+ unsigned int last_reasons;
942
+ cnum = ctx->error_depth;
943
+ x = sk_X509_value(ctx->chain, cnum);
944
+ ctx->current_cert = x;
945
+ ctx->current_issuer = NULL;
946
+ ctx->current_crl_score = 0;
947
+ ctx->current_reasons = 0;
948
+ while (ctx->current_reasons != CRLDP_ALL_REASONS) {
949
+ last_reasons = ctx->current_reasons;
950
+ /* Try to retrieve relevant CRL */
951
+ if (ctx->get_crl)
952
+ ok = ctx->get_crl(ctx, &crl, x);
953
+ else
954
+ ok = get_crl_delta(ctx, &crl, &dcrl, x);
955
+ /*
956
+ * If error looking up CRL, nothing we can do except notify callback
957
+ */
958
+ if (!ok) {
959
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
960
+ ok = ctx->verify_cb(0, ctx);
961
+ goto err;
962
+ }
963
+ ctx->current_crl = crl;
964
+ ok = ctx->check_crl(ctx, crl);
965
+ if (!ok)
966
+ goto err;
967
+
968
+ if (dcrl) {
969
+ ok = ctx->check_crl(ctx, dcrl);
970
+ if (!ok)
971
+ goto err;
972
+ ok = ctx->cert_crl(ctx, dcrl, x);
973
+ if (!ok)
974
+ goto err;
975
+ } else
976
+ ok = 1;
977
+
978
+ /* Don't look in full CRL if delta reason is removefromCRL */
979
+ if (ok != 2) {
980
+ ok = ctx->cert_crl(ctx, crl, x);
981
+ if (!ok)
982
+ goto err;
983
+ }
984
+
985
+ X509_CRL_free(crl);
986
+ X509_CRL_free(dcrl);
987
+ crl = NULL;
988
+ dcrl = NULL;
989
+ /*
990
+ * If reasons not updated we wont get anywhere by another iteration,
991
+ * so exit loop.
992
+ */
993
+ if (last_reasons == ctx->current_reasons) {
994
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
995
+ ok = ctx->verify_cb(0, ctx);
996
+ goto err;
997
+ }
998
+ }
999
+ err:
1000
+ X509_CRL_free(crl);
1001
+ X509_CRL_free(dcrl);
1002
+
1003
+ ctx->current_crl = NULL;
1004
+ return ok;
1005
+
1006
+ }
1007
+
1008
+ /* Check CRL times against values in X509_STORE_CTX */
1009
+
1010
+ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1011
+ {
1012
+ time_t *ptime;
1013
+ int i;
1014
+ if (notify)
1015
+ ctx->current_crl = crl;
1016
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1017
+ ptime = &ctx->param->check_time;
1018
+ else
1019
+ ptime = NULL;
1020
+
1021
+ i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
1022
+ if (i == 0) {
1023
+ if (!notify)
1024
+ return 0;
1025
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
1026
+ if (!ctx->verify_cb(0, ctx))
1027
+ return 0;
1028
+ }
1029
+
1030
+ if (i > 0) {
1031
+ if (!notify)
1032
+ return 0;
1033
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
1034
+ if (!ctx->verify_cb(0, ctx))
1035
+ return 0;
1036
+ }
1037
+
1038
+ if (X509_CRL_get_nextUpdate(crl)) {
1039
+ i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
1040
+
1041
+ if (i == 0) {
1042
+ if (!notify)
1043
+ return 0;
1044
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1045
+ if (!ctx->verify_cb(0, ctx))
1046
+ return 0;
1047
+ }
1048
+ /* Ignore expiry of base CRL is delta is valid */
1049
+ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1050
+ if (!notify)
1051
+ return 0;
1052
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1053
+ if (!ctx->verify_cb(0, ctx))
1054
+ return 0;
1055
+ }
1056
+ }
1057
+
1058
+ if (notify)
1059
+ ctx->current_crl = NULL;
1060
+
1061
+ return 1;
1062
+ }
1063
+
1064
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1065
+ X509 **pissuer, int *pscore, unsigned int *preasons,
1066
+ STACK_OF(X509_CRL) *crls)
1067
+ {
1068
+ int crl_score, best_score = *pscore;
1069
+ size_t i;
1070
+ unsigned int reasons, best_reasons = 0;
1071
+ X509 *x = ctx->current_cert;
1072
+ X509_CRL *crl, *best_crl = NULL;
1073
+ X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1074
+
1075
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1076
+ crl = sk_X509_CRL_value(crls, i);
1077
+ reasons = *preasons;
1078
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1079
+ if (crl_score < best_score || crl_score == 0)
1080
+ continue;
1081
+ /* If current CRL is equivalent use it if it is newer */
1082
+ if (crl_score == best_score && best_crl != NULL) {
1083
+ int day, sec;
1084
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
1085
+ X509_CRL_get_lastUpdate(crl)) == 0)
1086
+ continue;
1087
+ /*
1088
+ * ASN1_TIME_diff never returns inconsistent signs for |day|
1089
+ * and |sec|.
1090
+ */
1091
+ if (day <= 0 && sec <= 0)
1092
+ continue;
1093
+ }
1094
+ best_crl = crl;
1095
+ best_crl_issuer = crl_issuer;
1096
+ best_score = crl_score;
1097
+ best_reasons = reasons;
1098
+ }
1099
+
1100
+ if (best_crl) {
1101
+ if (*pcrl)
1102
+ X509_CRL_free(*pcrl);
1103
+ *pcrl = best_crl;
1104
+ *pissuer = best_crl_issuer;
1105
+ *pscore = best_score;
1106
+ *preasons = best_reasons;
1107
+ X509_CRL_up_ref(best_crl);
1108
+ if (*pdcrl) {
1109
+ X509_CRL_free(*pdcrl);
1110
+ *pdcrl = NULL;
1111
+ }
1112
+ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1113
+ }
1114
+
1115
+ if (best_score >= CRL_SCORE_VALID)
1116
+ return 1;
1117
+
1118
+ return 0;
1119
+ }
1120
+
1121
+ /*
1122
+ * Compare two CRL extensions for delta checking purposes. They should be
1123
+ * both present or both absent. If both present all fields must be identical.
1124
+ */
1125
+
1126
+ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1127
+ {
1128
+ ASN1_OCTET_STRING *exta, *extb;
1129
+ int i;
1130
+ i = X509_CRL_get_ext_by_NID(a, nid, -1);
1131
+ if (i >= 0) {
1132
+ /* Can't have multiple occurrences */
1133
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1134
+ return 0;
1135
+ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1136
+ } else
1137
+ exta = NULL;
1138
+
1139
+ i = X509_CRL_get_ext_by_NID(b, nid, -1);
1140
+
1141
+ if (i >= 0) {
1142
+
1143
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1144
+ return 0;
1145
+ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1146
+ } else
1147
+ extb = NULL;
1148
+
1149
+ if (!exta && !extb)
1150
+ return 1;
1151
+
1152
+ if (!exta || !extb)
1153
+ return 0;
1154
+
1155
+ if (ASN1_OCTET_STRING_cmp(exta, extb))
1156
+ return 0;
1157
+
1158
+ return 1;
1159
+ }
1160
+
1161
+ /* See if a base and delta are compatible */
1162
+
1163
+ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1164
+ {
1165
+ /* Delta CRL must be a delta */
1166
+ if (!delta->base_crl_number)
1167
+ return 0;
1168
+ /* Base must have a CRL number */
1169
+ if (!base->crl_number)
1170
+ return 0;
1171
+ /* Issuer names must match */
1172
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1173
+ return 0;
1174
+ /* AKID and IDP must match */
1175
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1176
+ return 0;
1177
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1178
+ return 0;
1179
+ /* Delta CRL base number must not exceed Full CRL number. */
1180
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1181
+ return 0;
1182
+ /* Delta CRL number must exceed full CRL number */
1183
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1184
+ return 1;
1185
+ return 0;
1186
+ }
1187
+
1188
+ /*
1189
+ * For a given base CRL find a delta... maybe extend to delta scoring or
1190
+ * retrieve a chain of deltas...
1191
+ */
1192
+
1193
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1194
+ X509_CRL *base, STACK_OF(X509_CRL) *crls)
1195
+ {
1196
+ X509_CRL *delta;
1197
+ size_t i;
1198
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1199
+ return;
1200
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1201
+ return;
1202
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1203
+ delta = sk_X509_CRL_value(crls, i);
1204
+ if (check_delta_base(delta, base)) {
1205
+ if (check_crl_time(ctx, delta, 0))
1206
+ *pscore |= CRL_SCORE_TIME_DELTA;
1207
+ X509_CRL_up_ref(delta);
1208
+ *dcrl = delta;
1209
+ return;
1210
+ }
1211
+ }
1212
+ *dcrl = NULL;
1213
+ }
1214
+
1215
+ /*
1216
+ * For a given CRL return how suitable it is for the supplied certificate
1217
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
1218
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
1219
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
1220
+ * is rejected, otherwise reasons is updated.
1221
+ */
1222
+
1223
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1224
+ unsigned int *preasons, X509_CRL *crl, X509 *x)
1225
+ {
1226
+
1227
+ int crl_score = 0;
1228
+ unsigned int tmp_reasons = *preasons, crl_reasons;
1229
+
1230
+ /* First see if we can reject CRL straight away */
1231
+
1232
+ /* Invalid IDP cannot be processed */
1233
+ if (crl->idp_flags & IDP_INVALID)
1234
+ return 0;
1235
+ /* Reason codes or indirect CRLs need extended CRL support */
1236
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1237
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1238
+ return 0;
1239
+ } else if (crl->idp_flags & IDP_REASONS) {
1240
+ /* If no new reasons reject */
1241
+ if (!(crl->idp_reasons & ~tmp_reasons))
1242
+ return 0;
1243
+ }
1244
+ /* Don't process deltas at this stage */
1245
+ else if (crl->base_crl_number)
1246
+ return 0;
1247
+ /* If issuer name doesn't match certificate need indirect CRL */
1248
+ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1249
+ if (!(crl->idp_flags & IDP_INDIRECT))
1250
+ return 0;
1251
+ } else
1252
+ crl_score |= CRL_SCORE_ISSUER_NAME;
1253
+
1254
+ if (!(crl->flags & EXFLAG_CRITICAL))
1255
+ crl_score |= CRL_SCORE_NOCRITICAL;
1256
+
1257
+ /* Check expiry */
1258
+ if (check_crl_time(ctx, crl, 0))
1259
+ crl_score |= CRL_SCORE_TIME;
1260
+
1261
+ /* Check authority key ID and locate certificate issuer */
1262
+ crl_akid_check(ctx, crl, pissuer, &crl_score);
1263
+
1264
+ /* If we can't locate certificate issuer at this point forget it */
1265
+
1266
+ if (!(crl_score & CRL_SCORE_AKID))
1267
+ return 0;
1268
+
1269
+ /* Check cert for matching CRL distribution points */
1270
+
1271
+ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1272
+ /* If no new reasons reject */
1273
+ if (!(crl_reasons & ~tmp_reasons))
1274
+ return 0;
1275
+ tmp_reasons |= crl_reasons;
1276
+ crl_score |= CRL_SCORE_SCOPE;
1277
+ }
1278
+
1279
+ *preasons = tmp_reasons;
1280
+
1281
+ return crl_score;
1282
+
1283
+ }
1284
+
1285
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1286
+ X509 **pissuer, int *pcrl_score)
1287
+ {
1288
+ X509 *crl_issuer = NULL;
1289
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
1290
+ int cidx = ctx->error_depth;
1291
+ size_t i;
1292
+
1293
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
1294
+ cidx++;
1295
+
1296
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1297
+
1298
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1299
+ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1300
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1301
+ *pissuer = crl_issuer;
1302
+ return;
1303
+ }
1304
+ }
1305
+
1306
+ for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1307
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1308
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1309
+ continue;
1310
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1311
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1312
+ *pissuer = crl_issuer;
1313
+ return;
1314
+ }
1315
+ }
1316
+
1317
+ /* Anything else needs extended CRL support */
1318
+
1319
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1320
+ return;
1321
+
1322
+ /*
1323
+ * Otherwise the CRL issuer is not on the path. Look for it in the set of
1324
+ * untrusted certificates.
1325
+ */
1326
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1327
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
1328
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1329
+ continue;
1330
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1331
+ *pissuer = crl_issuer;
1332
+ *pcrl_score |= CRL_SCORE_AKID;
1333
+ return;
1334
+ }
1335
+ }
1336
+
1337
+ for (i = 0; i < sk_X509_num(ctx->ctx->additional_untrusted); i++) {
1338
+ crl_issuer = sk_X509_value(ctx->ctx->additional_untrusted, i);
1339
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1340
+ continue;
1341
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1342
+ *pissuer = crl_issuer;
1343
+ *pcrl_score |= CRL_SCORE_AKID;
1344
+ return;
1345
+ }
1346
+ }
1347
+ }
1348
+
1349
+ /*
1350
+ * Check the path of a CRL issuer certificate. This creates a new
1351
+ * X509_STORE_CTX and populates it with most of the parameters from the
1352
+ * parent. This could be optimised somewhat since a lot of path checking will
1353
+ * be duplicated by the parent, but this will rarely be used in practice.
1354
+ */
1355
+
1356
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1357
+ {
1358
+ X509_STORE_CTX crl_ctx;
1359
+ int ret;
1360
+ /* Don't allow recursive CRL path validation */
1361
+ if (ctx->parent)
1362
+ return 0;
1363
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1364
+ return -1;
1365
+
1366
+ crl_ctx.crls = ctx->crls;
1367
+ /* Copy verify params across */
1368
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1369
+
1370
+ crl_ctx.parent = ctx;
1371
+ crl_ctx.verify_cb = ctx->verify_cb;
1372
+
1373
+ /* Verify CRL issuer */
1374
+ ret = X509_verify_cert(&crl_ctx);
1375
+
1376
+ if (ret <= 0)
1377
+ goto err;
1378
+
1379
+ /* Check chain is acceptable */
1380
+
1381
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1382
+ err:
1383
+ X509_STORE_CTX_cleanup(&crl_ctx);
1384
+ return ret;
1385
+ }
1386
+
1387
+ /*
1388
+ * RFC3280 says nothing about the relationship between CRL path and
1389
+ * certificate path, which could lead to situations where a certificate could
1390
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
1391
+ * strict and states that the two paths must end in the same trust anchor,
1392
+ * though some discussions remain... until this is resolved we use the
1393
+ * RFC5280 version
1394
+ */
1395
+
1396
+ static int check_crl_chain(X509_STORE_CTX *ctx,
1397
+ STACK_OF(X509) *cert_path,
1398
+ STACK_OF(X509) *crl_path)
1399
+ {
1400
+ X509 *cert_ta, *crl_ta;
1401
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1402
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1403
+ if (!X509_cmp(cert_ta, crl_ta))
1404
+ return 1;
1405
+ return 0;
1406
+ }
1407
+
1408
+ /*
1409
+ * Check for match between two dist point names: three separate cases. 1.
1410
+ * Both are relative names and compare X509_NAME types. 2. One full, one
1411
+ * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1412
+ * compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1413
+ */
1414
+
1415
+ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1416
+ {
1417
+ X509_NAME *nm = NULL;
1418
+ GENERAL_NAMES *gens = NULL;
1419
+ GENERAL_NAME *gena, *genb;
1420
+ size_t i, j;
1421
+ if (!a || !b)
1422
+ return 1;
1423
+ if (a->type == 1) {
1424
+ if (!a->dpname)
1425
+ return 0;
1426
+ /* Case 1: two X509_NAME */
1427
+ if (b->type == 1) {
1428
+ if (!b->dpname)
1429
+ return 0;
1430
+ if (!X509_NAME_cmp(a->dpname, b->dpname))
1431
+ return 1;
1432
+ else
1433
+ return 0;
1434
+ }
1435
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1436
+ nm = a->dpname;
1437
+ gens = b->name.fullname;
1438
+ } else if (b->type == 1) {
1439
+ if (!b->dpname)
1440
+ return 0;
1441
+ /* Case 2: set name and GENERAL_NAMES appropriately */
1442
+ gens = a->name.fullname;
1443
+ nm = b->dpname;
1444
+ }
1445
+
1446
+ /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1447
+ if (nm) {
1448
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1449
+ gena = sk_GENERAL_NAME_value(gens, i);
1450
+ if (gena->type != GEN_DIRNAME)
1451
+ continue;
1452
+ if (!X509_NAME_cmp(nm, gena->d.directoryName))
1453
+ return 1;
1454
+ }
1455
+ return 0;
1456
+ }
1457
+
1458
+ /* Else case 3: two GENERAL_NAMES */
1459
+
1460
+ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1461
+ gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1462
+ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1463
+ genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1464
+ if (!GENERAL_NAME_cmp(gena, genb))
1465
+ return 1;
1466
+ }
1467
+ }
1468
+
1469
+ return 0;
1470
+
1471
+ }
1472
+
1473
+ static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1474
+ {
1475
+ size_t i;
1476
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
1477
+ /* If no CRLissuer return is successful iff don't need a match */
1478
+ if (!dp->CRLissuer)
1479
+ return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1480
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1481
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1482
+ if (gen->type != GEN_DIRNAME)
1483
+ continue;
1484
+ if (!X509_NAME_cmp(gen->d.directoryName, nm))
1485
+ return 1;
1486
+ }
1487
+ return 0;
1488
+ }
1489
+
1490
+ /* Check CRLDP and IDP */
1491
+
1492
+ static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1493
+ unsigned int *preasons)
1494
+ {
1495
+ size_t i;
1496
+ if (crl->idp_flags & IDP_ONLYATTR)
1497
+ return 0;
1498
+ if (x->ex_flags & EXFLAG_CA) {
1499
+ if (crl->idp_flags & IDP_ONLYUSER)
1500
+ return 0;
1501
+ } else {
1502
+ if (crl->idp_flags & IDP_ONLYCA)
1503
+ return 0;
1504
+ }
1505
+ *preasons = crl->idp_reasons;
1506
+ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1507
+ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1508
+ if (crldp_check_crlissuer(dp, crl, crl_score)) {
1509
+ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1510
+ *preasons &= dp->dp_reasons;
1511
+ return 1;
1512
+ }
1513
+ }
1514
+ }
1515
+ if ((!crl->idp || !crl->idp->distpoint)
1516
+ && (crl_score & CRL_SCORE_ISSUER_NAME))
1517
+ return 1;
1518
+ return 0;
1519
+ }
1520
+
1521
+ /*
1522
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
1523
+ * to find a delta CRL too
1524
+ */
1525
+
1526
+ static int get_crl_delta(X509_STORE_CTX *ctx,
1527
+ X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1528
+ {
1529
+ int ok;
1530
+ X509 *issuer = NULL;
1531
+ int crl_score = 0;
1532
+ unsigned int reasons;
1533
+ X509_CRL *crl = NULL, *dcrl = NULL;
1534
+ STACK_OF(X509_CRL) *skcrl;
1535
+ X509_NAME *nm = X509_get_issuer_name(x);
1536
+ reasons = ctx->current_reasons;
1537
+ ok = get_crl_sk(ctx, &crl, &dcrl,
1538
+ &issuer, &crl_score, &reasons, ctx->crls);
1539
+
1540
+ if (ok)
1541
+ goto done;
1542
+
1543
+ /* Lookup CRLs from store */
1544
+
1545
+ skcrl = ctx->lookup_crls(ctx, nm);
1546
+
1547
+ /* If no CRLs found and a near match from get_crl_sk use that */
1548
+ if (!skcrl && crl)
1549
+ goto done;
1550
+
1551
+ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1552
+
1553
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1554
+
1555
+ done:
1556
+
1557
+ /* If we got any kind of CRL use it and return success */
1558
+ if (crl) {
1559
+ ctx->current_issuer = issuer;
1560
+ ctx->current_crl_score = crl_score;
1561
+ ctx->current_reasons = reasons;
1562
+ *pcrl = crl;
1563
+ *pdcrl = dcrl;
1564
+ return 1;
1565
+ }
1566
+
1567
+ return 0;
1568
+ }
1569
+
1570
+ /* Check CRL validity */
1571
+ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1572
+ {
1573
+ X509 *issuer = NULL;
1574
+ EVP_PKEY *ikey = NULL;
1575
+ int ok = 0, chnum, cnum;
1576
+ cnum = ctx->error_depth;
1577
+ chnum = sk_X509_num(ctx->chain) - 1;
1578
+ /* if we have an alternative CRL issuer cert use that */
1579
+ if (ctx->current_issuer)
1580
+ issuer = ctx->current_issuer;
1581
+
1582
+ /*
1583
+ * Else find CRL issuer: if not last certificate then issuer is next
1584
+ * certificate in chain.
1585
+ */
1586
+ else if (cnum < chnum)
1587
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
1588
+ else {
1589
+ issuer = sk_X509_value(ctx->chain, chnum);
1590
+ /* If not self signed, can't check signature */
1591
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
1592
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1593
+ ok = ctx->verify_cb(0, ctx);
1594
+ if (!ok)
1595
+ goto err;
1596
+ }
1597
+ }
1598
+
1599
+ if (issuer) {
1600
+ /*
1601
+ * Skip most tests for deltas because they have already been done
1602
+ */
1603
+ if (!crl->base_crl_number) {
1604
+ /* Check for cRLSign bit if keyUsage present */
1605
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1606
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
1607
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1608
+ ok = ctx->verify_cb(0, ctx);
1609
+ if (!ok)
1610
+ goto err;
1611
+ }
1612
+
1613
+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1614
+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1615
+ ok = ctx->verify_cb(0, ctx);
1616
+ if (!ok)
1617
+ goto err;
1618
+ }
1619
+
1620
+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1621
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1622
+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1623
+ ok = ctx->verify_cb(0, ctx);
1624
+ if (!ok)
1625
+ goto err;
1626
+ }
1627
+ }
1628
+
1629
+ if (crl->idp_flags & IDP_INVALID) {
1630
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
1631
+ ok = ctx->verify_cb(0, ctx);
1632
+ if (!ok)
1633
+ goto err;
1634
+ }
1635
+
1636
+ }
1637
+
1638
+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1639
+ ok = check_crl_time(ctx, crl, 1);
1640
+ if (!ok)
1641
+ goto err;
1642
+ }
1643
+
1644
+ /* Attempt to get issuer certificate public key */
1645
+ ikey = X509_get_pubkey(issuer);
1646
+
1647
+ if (!ikey) {
1648
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1649
+ ok = ctx->verify_cb(0, ctx);
1650
+ if (!ok)
1651
+ goto err;
1652
+ } else {
1653
+ int rv;
1654
+ rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1655
+ if (rv != X509_V_OK) {
1656
+ ctx->error = rv;
1657
+ ok = ctx->verify_cb(0, ctx);
1658
+ if (!ok)
1659
+ goto err;
1660
+ }
1661
+ /* Verify CRL signature */
1662
+ if (X509_CRL_verify(crl, ikey) <= 0) {
1663
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1664
+ ok = ctx->verify_cb(0, ctx);
1665
+ if (!ok)
1666
+ goto err;
1667
+ }
1668
+ }
1669
+ }
1670
+
1671
+ ok = 1;
1672
+
1673
+ err:
1674
+ EVP_PKEY_free(ikey);
1675
+ return ok;
1676
+ }
1677
+
1678
+ /* Check certificate against CRL */
1679
+ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1680
+ {
1681
+ int ok;
1682
+ X509_REVOKED *rev;
1683
+ /*
1684
+ * The rules changed for this... previously if a CRL contained unhandled
1685
+ * critical extensions it could still be used to indicate a certificate
1686
+ * was revoked. This has since been changed since critical extension can
1687
+ * change the meaning of CRL entries.
1688
+ */
1689
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1690
+ && (crl->flags & EXFLAG_CRITICAL)) {
1691
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1692
+ ok = ctx->verify_cb(0, ctx);
1693
+ if (!ok)
1694
+ return 0;
1695
+ }
1696
+ /*
1697
+ * Look for serial number of certificate in CRL If found make sure reason
1698
+ * is not removeFromCRL.
1699
+ */
1700
+ if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1701
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1702
+ return 2;
1703
+ ctx->error = X509_V_ERR_CERT_REVOKED;
1704
+ ok = ctx->verify_cb(0, ctx);
1705
+ if (!ok)
1706
+ return 0;
1707
+ }
1708
+
1709
+ return 1;
1710
+ }
1711
+
1712
+ static int check_policy(X509_STORE_CTX *ctx)
1713
+ {
1714
+ int ret;
1715
+ if (ctx->parent)
1716
+ return 1;
1717
+ ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1718
+ ctx->param->policies, ctx->param->flags);
1719
+ if (ret == 0) {
1720
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1721
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
1722
+ return 0;
1723
+ }
1724
+ /* Invalid or inconsistent extensions */
1725
+ if (ret == -1) {
1726
+ /*
1727
+ * Locate certificates with bad extensions and notify callback.
1728
+ */
1729
+ X509 *x;
1730
+ size_t i;
1731
+ for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1732
+ x = sk_X509_value(ctx->chain, i);
1733
+ if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1734
+ continue;
1735
+ ctx->current_cert = x;
1736
+ ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1737
+ if (!ctx->verify_cb(0, ctx))
1738
+ return 0;
1739
+ }
1740
+ return 1;
1741
+ }
1742
+ if (ret == -2) {
1743
+ ctx->current_cert = NULL;
1744
+ ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1745
+ return ctx->verify_cb(0, ctx);
1746
+ }
1747
+
1748
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1749
+ ctx->current_cert = NULL;
1750
+ /*
1751
+ * Verification errors need to be "sticky", a callback may have allowed
1752
+ * an SSL handshake to continue despite an error, and we must then
1753
+ * remain in an error state. Therefore, we MUST NOT clear earlier
1754
+ * verification errors by setting the error to X509_V_OK.
1755
+ */
1756
+ if (!ctx->verify_cb(2, ctx))
1757
+ return 0;
1758
+ }
1759
+
1760
+ return 1;
1761
+ }
1762
+
1763
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1764
+ {
1765
+ time_t *ptime;
1766
+ int i;
1767
+
1768
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1769
+ ptime = &ctx->param->check_time;
1770
+ else
1771
+ ptime = NULL;
1772
+
1773
+ i = X509_cmp_time(X509_get_notBefore(x), ptime);
1774
+ if (i == 0) {
1775
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1776
+ ctx->current_cert = x;
1777
+ if (!ctx->verify_cb(0, ctx))
1778
+ return 0;
1779
+ }
1780
+
1781
+ if (i > 0) {
1782
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1783
+ ctx->current_cert = x;
1784
+ if (!ctx->verify_cb(0, ctx))
1785
+ return 0;
1786
+ }
1787
+
1788
+ i = X509_cmp_time(X509_get_notAfter(x), ptime);
1789
+ if (i == 0) {
1790
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1791
+ ctx->current_cert = x;
1792
+ if (!ctx->verify_cb(0, ctx))
1793
+ return 0;
1794
+ }
1795
+
1796
+ if (i < 0) {
1797
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1798
+ ctx->current_cert = x;
1799
+ if (!ctx->verify_cb(0, ctx))
1800
+ return 0;
1801
+ }
1802
+
1803
+ return 1;
1804
+ }
1805
+
1806
+ static int internal_verify(X509_STORE_CTX *ctx)
1807
+ {
1808
+ int ok = 0, n;
1809
+ X509 *xs, *xi;
1810
+ EVP_PKEY *pkey = NULL;
1811
+ int (*cb) (int xok, X509_STORE_CTX *xctx);
1812
+
1813
+ cb = ctx->verify_cb;
1814
+
1815
+ n = sk_X509_num(ctx->chain);
1816
+ ctx->error_depth = n - 1;
1817
+ n--;
1818
+ xi = sk_X509_value(ctx->chain, n);
1819
+
1820
+ if (ctx->check_issued(ctx, xi, xi))
1821
+ xs = xi;
1822
+ else {
1823
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1824
+ xs = xi;
1825
+ goto check_cert;
1826
+ }
1827
+ if (n <= 0) {
1828
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1829
+ ctx->current_cert = xi;
1830
+ ok = cb(0, ctx);
1831
+ goto end;
1832
+ } else {
1833
+ n--;
1834
+ ctx->error_depth = n;
1835
+ xs = sk_X509_value(ctx->chain, n);
1836
+ }
1837
+ }
1838
+
1839
+ /* ctx->error=0; not needed */
1840
+ while (n >= 0) {
1841
+ ctx->error_depth = n;
1842
+
1843
+ /*
1844
+ * Skip signature check for self signed certificates unless
1845
+ * explicitly asked for. It doesn't add any security and just wastes
1846
+ * time.
1847
+ */
1848
+ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1849
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
1850
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1851
+ ctx->current_cert = xi;
1852
+ ok = (*cb) (0, ctx);
1853
+ if (!ok)
1854
+ goto end;
1855
+ } else if (X509_verify(xs, pkey) <= 0) {
1856
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1857
+ ctx->current_cert = xs;
1858
+ ok = (*cb) (0, ctx);
1859
+ if (!ok) {
1860
+ EVP_PKEY_free(pkey);
1861
+ goto end;
1862
+ }
1863
+ }
1864
+ EVP_PKEY_free(pkey);
1865
+ pkey = NULL;
1866
+ }
1867
+
1868
+ check_cert:
1869
+ ok = check_cert_time(ctx, xs);
1870
+ if (!ok)
1871
+ goto end;
1872
+
1873
+ /* The last error (if any) is still in the error value */
1874
+ ctx->current_issuer = xi;
1875
+ ctx->current_cert = xs;
1876
+ ok = (*cb) (1, ctx);
1877
+ if (!ok)
1878
+ goto end;
1879
+
1880
+ n--;
1881
+ if (n >= 0) {
1882
+ xi = xs;
1883
+ xs = sk_X509_value(ctx->chain, n);
1884
+ }
1885
+ }
1886
+ ok = 1;
1887
+ end:
1888
+ return ok;
1889
+ }
1890
+
1891
+ int X509_cmp_current_time(const ASN1_TIME *ctm)
1892
+ {
1893
+ return X509_cmp_time(ctm, NULL);
1894
+ }
1895
+
1896
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1897
+ {
1898
+ static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
1899
+ static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
1900
+ ASN1_TIME *asn1_cmp_time = NULL;
1901
+ int i, day, sec, ret = 0;
1902
+
1903
+ /*
1904
+ * Note that ASN.1 allows much more slack in the time format than RFC5280.
1905
+ * In RFC5280, the representation is fixed:
1906
+ * UTCTime: YYMMDDHHMMSSZ
1907
+ * GeneralizedTime: YYYYMMDDHHMMSSZ
1908
+ *
1909
+ * We do NOT currently enforce the following RFC 5280 requirement:
1910
+ * "CAs conforming to this profile MUST always encode certificate
1911
+ * validity dates through the year 2049 as UTCTime; certificate validity
1912
+ * dates in 2050 or later MUST be encoded as GeneralizedTime."
1913
+ */
1914
+ switch (ctm->type) {
1915
+ case V_ASN1_UTCTIME:
1916
+ if (ctm->length != (int)(utctime_length))
1917
+ return 0;
1918
+ break;
1919
+ case V_ASN1_GENERALIZEDTIME:
1920
+ if (ctm->length != (int)(generalizedtime_length))
1921
+ return 0;
1922
+ break;
1923
+ default:
1924
+ return 0;
1925
+ }
1926
+
1927
+ /**
1928
+ * Verify the format: the ASN.1 functions we use below allow a more
1929
+ * flexible format than what's mandated by RFC 5280.
1930
+ * Digit and date ranges will be verified in the conversion methods.
1931
+ */
1932
+ for (i = 0; i < ctm->length - 1; i++) {
1933
+ if (!isdigit(ctm->data[i]))
1934
+ return 0;
1935
+ }
1936
+ if (ctm->data[ctm->length - 1] != 'Z')
1937
+ return 0;
1938
+
1939
+ /*
1940
+ * There is ASN1_UTCTIME_cmp_time_t but no
1941
+ * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
1942
+ * so we go through ASN.1
1943
+ */
1944
+ asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
1945
+ if (asn1_cmp_time == NULL)
1946
+ goto err;
1947
+ if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
1948
+ goto err;
1949
+
1950
+ /*
1951
+ * X509_cmp_time comparison is <=.
1952
+ * The return value 0 is reserved for errors.
1953
+ */
1954
+ ret = (day >= 0 && sec >= 0) ? -1 : 1;
1955
+
1956
+ err:
1957
+ ASN1_TIME_free(asn1_cmp_time);
1958
+ return ret;
1959
+ }
1960
+
1961
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
1962
+ {
1963
+ return X509_time_adj(s, adj, NULL);
1964
+ }
1965
+
1966
+ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1967
+ {
1968
+ return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1969
+ }
1970
+
1971
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1972
+ int offset_day, long offset_sec, time_t *in_tm)
1973
+ {
1974
+ time_t t = 0;
1975
+
1976
+ if (in_tm)
1977
+ t = *in_tm;
1978
+ else
1979
+ time(&t);
1980
+
1981
+ if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
1982
+ if (s->type == V_ASN1_UTCTIME)
1983
+ return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
1984
+ if (s->type == V_ASN1_GENERALIZEDTIME)
1985
+ return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
1986
+ }
1987
+ return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1988
+ }
1989
+
1990
+ /* Make a delta CRL as the diff between two full CRLs */
1991
+
1992
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
1993
+ EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
1994
+ {
1995
+ X509_CRL *crl = NULL;
1996
+ int i;
1997
+ size_t j;
1998
+ STACK_OF(X509_REVOKED) *revs = NULL;
1999
+ /* CRLs can't be delta already */
2000
+ if (base->base_crl_number || newer->base_crl_number) {
2001
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
2002
+ return NULL;
2003
+ }
2004
+ /* Base and new CRL must have a CRL number */
2005
+ if (!base->crl_number || !newer->crl_number) {
2006
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
2007
+ return NULL;
2008
+ }
2009
+ /* Issuer names must match */
2010
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
2011
+ OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
2012
+ return NULL;
2013
+ }
2014
+ /* AKID and IDP must match */
2015
+ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
2016
+ OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
2017
+ return NULL;
2018
+ }
2019
+ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
2020
+ OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2021
+ return NULL;
2022
+ }
2023
+ /* Newer CRL number must exceed full CRL number */
2024
+ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
2025
+ OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2026
+ return NULL;
2027
+ }
2028
+ /* CRLs must verify */
2029
+ if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2030
+ X509_CRL_verify(newer, skey) <= 0)) {
2031
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2032
+ return NULL;
2033
+ }
2034
+ /* Create new CRL */
2035
+ crl = X509_CRL_new();
2036
+ if (!crl || !X509_CRL_set_version(crl, 1))
2037
+ goto memerr;
2038
+ /* Set issuer name */
2039
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2040
+ goto memerr;
2041
+
2042
+ if (!X509_CRL_set_lastUpdate(crl, X509_CRL_get_lastUpdate(newer)))
2043
+ goto memerr;
2044
+ if (!X509_CRL_set_nextUpdate(crl, X509_CRL_get_nextUpdate(newer)))
2045
+ goto memerr;
2046
+
2047
+ /* Set base CRL number: must be critical */
2048
+
2049
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
2050
+ goto memerr;
2051
+
2052
+ /*
2053
+ * Copy extensions across from newest CRL to delta: this will set CRL
2054
+ * number to correct value too.
2055
+ */
2056
+
2057
+ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
2058
+ X509_EXTENSION *ext;
2059
+ ext = X509_CRL_get_ext(newer, i);
2060
+ if (!X509_CRL_add_ext(crl, ext, -1))
2061
+ goto memerr;
2062
+ }
2063
+
2064
+ /* Go through revoked entries, copying as needed */
2065
+
2066
+ revs = X509_CRL_get_REVOKED(newer);
2067
+
2068
+ for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
2069
+ X509_REVOKED *rvn, *rvtmp;
2070
+ rvn = sk_X509_REVOKED_value(revs, j);
2071
+ /*
2072
+ * Add only if not also in base. TODO: need something cleverer here
2073
+ * for some more complex CRLs covering multiple CAs.
2074
+ */
2075
+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2076
+ rvtmp = X509_REVOKED_dup(rvn);
2077
+ if (!rvtmp)
2078
+ goto memerr;
2079
+ if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2080
+ X509_REVOKED_free(rvtmp);
2081
+ goto memerr;
2082
+ }
2083
+ }
2084
+ }
2085
+ /* TODO: optionally prune deleted entries */
2086
+
2087
+ if (skey && md && !X509_CRL_sign(crl, skey, md))
2088
+ goto memerr;
2089
+
2090
+ return crl;
2091
+
2092
+ memerr:
2093
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2094
+ if (crl)
2095
+ X509_CRL_free(crl);
2096
+ return NULL;
2097
+ }
2098
+
2099
+ int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2100
+ CRYPTO_EX_unused * unused,
2101
+ CRYPTO_EX_dup *dup_unused,
2102
+ CRYPTO_EX_free *free_func)
2103
+ {
2104
+ /*
2105
+ * This function is (usually) called only once, by
2106
+ * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2107
+ */
2108
+ int index;
2109
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2110
+ free_func)) {
2111
+ return -1;
2112
+ }
2113
+ return index;
2114
+ }
2115
+
2116
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2117
+ {
2118
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2119
+ }
2120
+
2121
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2122
+ {
2123
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2124
+ }
2125
+
2126
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2127
+ {
2128
+ return ctx->error;
2129
+ }
2130
+
2131
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2132
+ {
2133
+ ctx->error = err;
2134
+ }
2135
+
2136
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2137
+ {
2138
+ return ctx->error_depth;
2139
+ }
2140
+
2141
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2142
+ {
2143
+ return ctx->current_cert;
2144
+ }
2145
+
2146
+ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2147
+ {
2148
+ return ctx->chain;
2149
+ }
2150
+
2151
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
2152
+ {
2153
+ return ctx->chain;
2154
+ }
2155
+
2156
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2157
+ {
2158
+ if (!ctx->chain)
2159
+ return NULL;
2160
+ return X509_chain_up_ref(ctx->chain);
2161
+ }
2162
+
2163
+ X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2164
+ {
2165
+ return ctx->current_issuer;
2166
+ }
2167
+
2168
+ X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2169
+ {
2170
+ return ctx->current_crl;
2171
+ }
2172
+
2173
+ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2174
+ {
2175
+ return ctx->parent;
2176
+ }
2177
+
2178
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2179
+ {
2180
+ ctx->cert = x;
2181
+ }
2182
+
2183
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2184
+ {
2185
+ ctx->untrusted = sk;
2186
+ }
2187
+
2188
+ STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
2189
+ {
2190
+ return ctx->untrusted;
2191
+ }
2192
+
2193
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2194
+ {
2195
+ ctx->crls = sk;
2196
+ }
2197
+
2198
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2199
+ {
2200
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2201
+ }
2202
+
2203
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2204
+ {
2205
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2206
+ }
2207
+
2208
+ /*
2209
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
2210
+ * This is intended to be used when another structure has its own trust and
2211
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
2212
+ * set then we will usually have a default purpose in mind which should then
2213
+ * be used to set the trust value. An example of this is SSL use: an SSL
2214
+ * structure will have its own purpose and trust settings which the
2215
+ * application can set: if they aren't set then we use the default of SSL
2216
+ * client/server.
2217
+ */
2218
+
2219
+ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2220
+ int purpose, int trust)
2221
+ {
2222
+ int idx;
2223
+ /* If purpose not set use default */
2224
+ if (!purpose)
2225
+ purpose = def_purpose;
2226
+ /* If we have a purpose then check it is valid */
2227
+ if (purpose) {
2228
+ X509_PURPOSE *ptmp;
2229
+ idx = X509_PURPOSE_get_by_id(purpose);
2230
+ if (idx == -1) {
2231
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2232
+ return 0;
2233
+ }
2234
+ ptmp = X509_PURPOSE_get0(idx);
2235
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
2236
+ idx = X509_PURPOSE_get_by_id(def_purpose);
2237
+ if (idx == -1) {
2238
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2239
+ return 0;
2240
+ }
2241
+ ptmp = X509_PURPOSE_get0(idx);
2242
+ }
2243
+ /* If trust not set then get from purpose default */
2244
+ if (!trust)
2245
+ trust = ptmp->trust;
2246
+ }
2247
+ if (trust) {
2248
+ idx = X509_TRUST_get_by_id(trust);
2249
+ if (idx == -1) {
2250
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2251
+ return 0;
2252
+ }
2253
+ }
2254
+
2255
+ if (purpose && !ctx->param->purpose)
2256
+ ctx->param->purpose = purpose;
2257
+ if (trust && !ctx->param->trust)
2258
+ ctx->param->trust = trust;
2259
+ return 1;
2260
+ }
2261
+
2262
+ X509_STORE_CTX *X509_STORE_CTX_new(void)
2263
+ {
2264
+ X509_STORE_CTX *ctx;
2265
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2266
+ if (!ctx) {
2267
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2268
+ return NULL;
2269
+ }
2270
+ X509_STORE_CTX_zero(ctx);
2271
+ return ctx;
2272
+ }
2273
+
2274
+ void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2275
+ {
2276
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2277
+ }
2278
+
2279
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2280
+ {
2281
+ if (ctx == NULL) {
2282
+ return;
2283
+ }
2284
+ X509_STORE_CTX_cleanup(ctx);
2285
+ OPENSSL_free(ctx);
2286
+ }
2287
+
2288
+ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2289
+ STACK_OF(X509) *chain)
2290
+ {
2291
+ int ret = 1;
2292
+
2293
+ X509_STORE_CTX_zero(ctx);
2294
+ ctx->ctx = store;
2295
+ ctx->cert = x509;
2296
+ ctx->untrusted = chain;
2297
+
2298
+ CRYPTO_new_ex_data(&ctx->ex_data);
2299
+
2300
+ ctx->param = X509_VERIFY_PARAM_new();
2301
+ if (!ctx->param)
2302
+ goto err;
2303
+
2304
+ /*
2305
+ * Inherit callbacks and flags from X509_STORE if not set use defaults.
2306
+ */
2307
+
2308
+ if (store)
2309
+ ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
2310
+ else
2311
+ ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
2312
+
2313
+ if (store) {
2314
+ ctx->verify_cb = store->verify_cb;
2315
+ ctx->cleanup = store->cleanup;
2316
+ } else
2317
+ ctx->cleanup = 0;
2318
+
2319
+ if (ret)
2320
+ ret = X509_VERIFY_PARAM_inherit(ctx->param,
2321
+ X509_VERIFY_PARAM_lookup("default"));
2322
+
2323
+ if (ret == 0)
2324
+ goto err;
2325
+
2326
+ if (store && store->check_issued)
2327
+ ctx->check_issued = store->check_issued;
2328
+ else
2329
+ ctx->check_issued = check_issued;
2330
+
2331
+ if (store && store->get_issuer)
2332
+ ctx->get_issuer = store->get_issuer;
2333
+ else
2334
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2335
+
2336
+ if (store && store->verify_cb)
2337
+ ctx->verify_cb = store->verify_cb;
2338
+ else
2339
+ ctx->verify_cb = null_callback;
2340
+
2341
+ if (store && store->verify)
2342
+ ctx->verify = store->verify;
2343
+ else
2344
+ ctx->verify = internal_verify;
2345
+
2346
+ if (store && store->check_revocation)
2347
+ ctx->check_revocation = store->check_revocation;
2348
+ else
2349
+ ctx->check_revocation = check_revocation;
2350
+
2351
+ if (store && store->get_crl)
2352
+ ctx->get_crl = store->get_crl;
2353
+ else
2354
+ ctx->get_crl = NULL;
2355
+
2356
+ if (store && store->check_crl)
2357
+ ctx->check_crl = store->check_crl;
2358
+ else
2359
+ ctx->check_crl = check_crl;
2360
+
2361
+ if (store && store->cert_crl)
2362
+ ctx->cert_crl = store->cert_crl;
2363
+ else
2364
+ ctx->cert_crl = cert_crl;
2365
+
2366
+ if (store && store->lookup_certs)
2367
+ ctx->lookup_certs = store->lookup_certs;
2368
+ else
2369
+ ctx->lookup_certs = X509_STORE_get1_certs;
2370
+
2371
+ if (store && store->lookup_crls)
2372
+ ctx->lookup_crls = store->lookup_crls;
2373
+ else
2374
+ ctx->lookup_crls = X509_STORE_get1_crls;
2375
+
2376
+ ctx->check_policy = check_policy;
2377
+
2378
+ return 1;
2379
+
2380
+ err:
2381
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2382
+ if (ctx->param != NULL) {
2383
+ X509_VERIFY_PARAM_free(ctx->param);
2384
+ }
2385
+
2386
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2387
+ OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2388
+ return 0;
2389
+ }
2390
+
2391
+ /*
2392
+ * Set alternative lookup method: just a STACK of trusted certificates. This
2393
+ * avoids X509_STORE nastiness where it isn't needed.
2394
+ */
2395
+
2396
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2397
+ {
2398
+ ctx->other_ctx = sk;
2399
+ ctx->get_issuer = get_issuer_sk;
2400
+ }
2401
+
2402
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2403
+ {
2404
+ /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2405
+ * also calls this function. */
2406
+ if (ctx->cleanup != NULL) {
2407
+ ctx->cleanup(ctx);
2408
+ ctx->cleanup = NULL;
2409
+ }
2410
+ if (ctx->param != NULL) {
2411
+ if (ctx->parent == NULL)
2412
+ X509_VERIFY_PARAM_free(ctx->param);
2413
+ ctx->param = NULL;
2414
+ }
2415
+ if (ctx->tree != NULL) {
2416
+ X509_policy_tree_free(ctx->tree);
2417
+ ctx->tree = NULL;
2418
+ }
2419
+ if (ctx->chain != NULL) {
2420
+ sk_X509_pop_free(ctx->chain, X509_free);
2421
+ ctx->chain = NULL;
2422
+ }
2423
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2424
+ OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2425
+ }
2426
+
2427
+ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2428
+ {
2429
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2430
+ }
2431
+
2432
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2433
+ {
2434
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2435
+ }
2436
+
2437
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2438
+ time_t t)
2439
+ {
2440
+ X509_VERIFY_PARAM_set_time(ctx->param, t);
2441
+ }
2442
+
2443
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2444
+ {
2445
+ return ctx->cert;
2446
+ }
2447
+
2448
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2449
+ int (*verify_cb) (int, X509_STORE_CTX *))
2450
+ {
2451
+ ctx->verify_cb = verify_cb;
2452
+ }
2453
+
2454
+ X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2455
+ {
2456
+ return ctx->tree;
2457
+ }
2458
+
2459
+ int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2460
+ {
2461
+ return ctx->explicit_policy;
2462
+ }
2463
+
2464
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2465
+ {
2466
+ const X509_VERIFY_PARAM *param;
2467
+ param = X509_VERIFY_PARAM_lookup(name);
2468
+ if (!param)
2469
+ return 0;
2470
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
2471
+ }
2472
+
2473
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2474
+ {
2475
+ return ctx->param;
2476
+ }
2477
+
2478
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2479
+ {
2480
+ if (ctx->param)
2481
+ X509_VERIFY_PARAM_free(ctx->param);
2482
+ ctx->param = param;
2483
+ }
2484
+
2485
+ IMPLEMENT_ASN1_SET_OF(X509)
2486
+
2487
+ IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)