grpc 1.31.0.pre2 → 1.34.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (944) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1030 -16151
  3. data/include/grpc/grpc.h +1 -7
  4. data/include/grpc/grpc_security.h +196 -186
  5. data/include/grpc/impl/codegen/README.md +22 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +9 -7
  7. data/include/grpc/impl/codegen/port_platform.h +28 -56
  8. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
  9. data/src/core/ext/filters/client_channel/client_channel.cc +243 -188
  10. data/src/core/ext/filters/client_channel/client_channel.h +1 -1
  11. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
  12. data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
  13. data/src/core/ext/filters/client_channel/config_selector.h +36 -8
  14. data/src/core/ext/filters/client_channel/health/health_check_client.cc +10 -2
  15. data/src/core/ext/filters/client_channel/health/health_check_client.h +2 -2
  16. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +3 -4
  17. data/src/core/ext/filters/client_channel/lb_policy.cc +5 -1
  18. data/src/core/ext/filters/client_channel/lb_policy.h +6 -4
  19. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
  20. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
  21. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +10 -7
  22. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +1 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +178 -162
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +3 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +23 -17
  29. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +79 -30
  30. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +10 -9
  31. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +14 -34
  32. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +26 -15
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +208 -130
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +299 -328
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +53 -17
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +809 -0
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +722 -0
  38. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
  39. data/src/core/ext/filters/client_channel/resolver.cc +3 -1
  40. data/src/core/ext/filters/client_channel/resolver.h +4 -1
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +2 -2
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +3 -3
  44. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  45. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  46. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -1
  47. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +2 -2
  48. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +1 -1
  49. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +21 -1
  50. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +661 -58
  51. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
  52. data/src/core/ext/filters/client_channel/resolver_registry.cc +4 -4
  53. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +18 -61
  54. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -3
  55. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +50 -48
  56. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +7 -11
  57. data/src/core/ext/filters/client_channel/retry_throttle.h +1 -1
  58. data/src/core/ext/filters/client_channel/server_address.cc +120 -7
  59. data/src/core/ext/filters/client_channel/server_address.h +44 -21
  60. data/src/core/ext/filters/client_channel/service_config.cc +18 -13
  61. data/src/core/ext/filters/client_channel/service_config.h +8 -5
  62. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  63. data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
  64. data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
  65. data/src/core/ext/filters/client_channel/subchannel.cc +82 -38
  66. data/src/core/ext/filters/client_channel/subchannel.h +18 -6
  67. data/src/core/ext/filters/client_channel/subchannel_interface.h +41 -5
  68. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +6 -2
  69. data/src/core/ext/filters/deadline/deadline_filter.cc +83 -77
  70. data/src/core/ext/filters/deadline/deadline_filter.h +7 -11
  71. data/src/core/ext/filters/http/client/http_client_filter.cc +1 -1
  72. data/src/core/ext/filters/http/server/http_server_filter.cc +3 -3
  73. data/src/core/ext/filters/max_age/max_age_filter.cc +3 -2
  74. data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
  75. data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
  76. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
  77. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +19 -2
  78. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
  79. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +36 -28
  80. data/src/core/ext/transport/chttp2/server/chttp2_server.h +2 -1
  81. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +2 -2
  82. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +6 -6
  83. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +3 -2
  84. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +7 -7
  85. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +260 -311
  86. data/src/core/ext/transport/chttp2/transport/flow_control.cc +11 -3
  87. data/src/core/ext/transport/chttp2/transport/flow_control.h +12 -2
  88. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +2 -1
  89. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +2 -2
  90. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +12 -8
  91. data/src/core/ext/transport/chttp2/transport/internal.h +10 -2
  92. data/src/core/ext/transport/chttp2/transport/parsing.cc +19 -31
  93. data/src/core/ext/transport/chttp2/transport/writing.cc +7 -7
  94. data/src/core/ext/transport/inproc/inproc_transport.cc +12 -12
  95. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +244 -0
  96. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +766 -0
  97. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  98. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
  99. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +458 -0
  100. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1635 -0
  101. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
  102. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
  103. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
  104. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
  105. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +124 -0
  106. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +379 -0
  107. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
  108. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
  109. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +310 -0
  110. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
  111. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +103 -0
  112. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +351 -0
  113. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  114. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
  115. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
  116. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
  117. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +241 -0
  118. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +752 -0
  119. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  120. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
  121. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
  122. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
  123. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +176 -0
  124. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +645 -0
  125. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
  126. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
  127. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
  128. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
  129. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
  130. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
  131. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
  132. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
  133. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  134. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
  135. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  136. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
  137. data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
  138. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
  139. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +128 -0
  140. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +467 -0
  141. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +155 -0
  142. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +539 -0
  143. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
  144. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
  145. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +178 -0
  146. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +616 -0
  147. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
  148. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
  149. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +900 -0
  150. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +3290 -0
  151. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +60 -0
  152. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +139 -0
  153. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
  154. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
  155. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +364 -0
  156. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1336 -0
  157. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
  158. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
  159. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +110 -0
  160. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +387 -0
  161. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +76 -0
  162. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +214 -0
  163. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +147 -0
  164. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +570 -0
  165. data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
  166. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
  167. data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
  168. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
  169. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +139 -0
  170. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +449 -0
  171. data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
  172. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
  173. data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
  174. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
  175. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
  176. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
  177. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
  178. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
  179. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
  180. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
  181. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  182. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
  183. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  184. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
  185. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  186. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
  187. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  188. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
  189. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +54 -0
  190. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +133 -0
  191. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  192. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
  193. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  194. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
  195. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  196. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
  197. data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
  198. data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -8
  199. data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
  200. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
  201. data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
  202. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
  203. data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
  204. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
  205. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
  206. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
  207. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
  208. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
  209. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +36 -36
  210. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +1 -1
  211. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
  212. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
  213. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  214. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
  215. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
  216. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
  217. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
  218. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
  219. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
  220. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
  221. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
  222. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
  223. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
  224. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
  225. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
  226. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
  227. data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
  228. data/src/core/ext/upb-generated/validate/validate.upb.h +1 -1
  229. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +38 -0
  230. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +30 -0
  231. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +41 -0
  232. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +35 -0
  233. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +254 -0
  234. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +105 -0
  235. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +100 -0
  236. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  237. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +558 -0
  238. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +145 -0
  239. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +53 -0
  240. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  241. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +133 -0
  242. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  243. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +127 -0
  244. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +65 -0
  245. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +56 -0
  246. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  247. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +266 -0
  248. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +125 -0
  249. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +143 -0
  250. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +55 -0
  251. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +56 -0
  252. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  253. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +66 -0
  254. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +40 -0
  255. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +263 -0
  256. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  257. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +233 -0
  258. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +70 -0
  259. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +56 -0
  260. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  261. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +228 -0
  262. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +80 -0
  263. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +46 -0
  264. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +35 -0
  265. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +59 -0
  266. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +35 -0
  267. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +55 -0
  268. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +35 -0
  269. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +110 -0
  270. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  271. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +113 -0
  272. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +50 -0
  273. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +146 -0
  274. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  275. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +50 -0
  276. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  277. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +190 -0
  278. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +55 -0
  279. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +185 -0
  280. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  281. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +62 -0
  282. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  283. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +97 -0
  284. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +40 -0
  285. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +915 -0
  286. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +280 -0
  287. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +71 -0
  288. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  289. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +64 -0
  290. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  291. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +511 -0
  292. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +115 -0
  293. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +48 -0
  294. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  295. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +166 -0
  296. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +55 -0
  297. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +105 -0
  298. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  299. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +249 -0
  300. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +60 -0
  301. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.c +72 -0
  302. data/src/core/ext/upbdefs-generated/envoy/service/cluster/v3/cds.upbdefs.h +35 -0
  303. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +60 -0
  304. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  305. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +152 -0
  306. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +60 -0
  307. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +83 -0
  308. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.h +35 -0
  309. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +82 -0
  310. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.h +35 -0
  311. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +83 -0
  312. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  313. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +86 -0
  314. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.h +35 -0
  315. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.c +74 -0
  316. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/srds.upbdefs.h +35 -0
  317. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +64 -0
  318. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  319. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +54 -0
  320. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  321. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +53 -0
  322. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  323. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +73 -0
  324. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  325. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +72 -0
  326. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  327. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  328. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +45 -0
  329. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +92 -0
  330. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  331. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +95 -0
  332. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  333. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +34 -0
  334. data/src/core/ext/{upb-generated/gogoproto/gogo.upb.h → upbdefs-generated/envoy/type/v3/http.upbdefs.h} +10 -9
  335. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +59 -0
  336. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +40 -0
  337. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +54 -0
  338. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +45 -0
  339. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +47 -0
  340. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  341. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +40 -0
  342. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +30 -0
  343. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +61 -0
  344. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +45 -0
  345. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +38 -0
  346. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +35 -0
  347. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +386 -0
  348. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +165 -0
  349. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +39 -0
  350. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +35 -0
  351. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +37 -0
  352. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +35 -0
  353. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +65 -0
  354. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +50 -0
  355. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +39 -0
  356. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +35 -0
  357. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +66 -0
  358. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +75 -0
  359. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +42 -0
  360. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +35 -0
  361. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +70 -0
  362. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +45 -0
  363. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +56 -0
  364. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +35 -0
  365. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +33 -0
  366. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +30 -0
  367. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +49 -0
  368. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +35 -0
  369. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +43 -0
  370. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +35 -0
  371. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +42 -0
  372. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +35 -0
  373. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +62 -0
  374. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +40 -0
  375. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +45 -0
  376. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +40 -0
  377. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +49 -0
  378. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +35 -0
  379. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +68 -0
  380. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +40 -0
  381. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +51 -0
  382. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +35 -0
  383. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +307 -0
  384. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +145 -0
  385. data/src/core/ext/xds/certificate_provider_factory.h +61 -0
  386. data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
  387. data/src/core/ext/xds/certificate_provider_registry.h +57 -0
  388. data/src/core/ext/xds/certificate_provider_store.cc +84 -0
  389. data/src/core/ext/xds/certificate_provider_store.h +107 -0
  390. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +119 -0
  391. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +72 -0
  392. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +265 -0
  393. data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +104 -0
  394. data/src/core/ext/xds/xds_api.cc +2119 -0
  395. data/src/core/ext/xds/xds_api.h +438 -0
  396. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +208 -19
  397. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +31 -10
  398. data/src/core/ext/xds/xds_certificate_provider.cc +240 -0
  399. data/src/core/ext/xds/xds_certificate_provider.h +74 -0
  400. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +9 -6
  401. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +636 -847
  402. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +120 -98
  403. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +61 -18
  404. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +38 -10
  405. data/src/core/lib/channel/channel_args.cc +2 -1
  406. data/src/core/lib/channel/channel_args.h +0 -1
  407. data/src/core/lib/channel/channel_trace.cc +4 -2
  408. data/src/core/lib/channel/channelz.cc +24 -60
  409. data/src/core/lib/channel/channelz.h +14 -22
  410. data/src/core/lib/channel/channelz_registry.cc +15 -12
  411. data/src/core/lib/channel/channelz_registry.h +3 -0
  412. data/src/core/lib/channel/handshaker.h +2 -2
  413. data/src/core/lib/compression/compression.cc +8 -4
  414. data/src/core/lib/compression/compression_internal.cc +10 -5
  415. data/src/core/lib/compression/compression_internal.h +2 -1
  416. data/src/core/lib/compression/stream_compression_identity.cc +1 -3
  417. data/src/core/lib/debug/stats_data.cc +1 -0
  418. data/src/core/lib/gpr/cpu_iphone.cc +10 -2
  419. data/src/core/lib/gpr/log_linux.cc +17 -3
  420. data/src/core/lib/gpr/log_posix.cc +13 -1
  421. data/src/core/lib/gpr/log_windows.cc +16 -4
  422. data/src/core/lib/gpr/murmur_hash.cc +1 -1
  423. data/src/core/lib/gpr/string.cc +1 -1
  424. data/src/core/lib/gpr/sync_posix.cc +2 -8
  425. data/src/core/lib/gpr/time_precise.cc +5 -2
  426. data/src/core/lib/gpr/time_precise.h +6 -2
  427. data/src/core/lib/gpr/tls.h +4 -0
  428. data/src/core/lib/gpr/tls_msvc.h +2 -0
  429. data/src/core/lib/gpr/tls_stdcpp.h +48 -0
  430. data/src/core/lib/gpr/useful.h +5 -4
  431. data/src/core/lib/gprpp/dual_ref_counted.h +331 -0
  432. data/src/core/lib/gprpp/examine_stack.cc +43 -0
  433. data/src/core/lib/gprpp/examine_stack.h +46 -0
  434. data/src/core/lib/gprpp/fork.cc +2 -2
  435. data/src/core/lib/gprpp/manual_constructor.h +1 -1
  436. data/src/core/lib/gprpp/orphanable.h +4 -8
  437. data/src/core/lib/gprpp/ref_counted.h +91 -68
  438. data/src/core/lib/gprpp/ref_counted_ptr.h +158 -7
  439. data/src/core/lib/gprpp/stat.h +38 -0
  440. data/src/core/lib/gprpp/stat_posix.cc +49 -0
  441. data/src/core/lib/gprpp/stat_windows.cc +48 -0
  442. data/src/core/lib/gprpp/thd.h +2 -2
  443. data/src/core/lib/gprpp/thd_posix.cc +36 -36
  444. data/src/core/lib/http/parser.cc +46 -25
  445. data/src/core/lib/iomgr/endpoint.cc +5 -1
  446. data/src/core/lib/iomgr/endpoint.h +7 -3
  447. data/src/core/lib/iomgr/endpoint_cfstream.cc +36 -11
  448. data/src/core/lib/iomgr/error.cc +2 -1
  449. data/src/core/lib/iomgr/ev_epollex_linux.cc +8 -4
  450. data/src/core/lib/iomgr/ev_posix.cc +0 -2
  451. data/src/core/lib/iomgr/exec_ctx.cc +1 -1
  452. data/src/core/lib/iomgr/exec_ctx.h +10 -8
  453. data/src/core/lib/iomgr/executor/mpmcqueue.h +5 -5
  454. data/src/core/lib/iomgr/executor/threadpool.h +3 -3
  455. data/src/core/lib/iomgr/iomgr.cc +0 -10
  456. data/src/core/lib/iomgr/iomgr.h +0 -10
  457. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +85 -7
  458. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +23 -3
  459. data/src/core/lib/iomgr/poller/eventmanager_libuv.cc +2 -1
  460. data/src/core/lib/iomgr/python_util.h +3 -3
  461. data/src/core/lib/iomgr/resolve_address_posix.cc +1 -5
  462. data/src/core/lib/iomgr/sockaddr_utils.cc +2 -1
  463. data/src/core/lib/iomgr/sockaddr_utils.h +2 -1
  464. data/src/core/lib/iomgr/tcp_custom.cc +32 -16
  465. data/src/core/lib/iomgr/tcp_posix.cc +34 -15
  466. data/src/core/lib/iomgr/tcp_windows.cc +26 -10
  467. data/src/core/lib/iomgr/timer_custom.cc +2 -2
  468. data/src/core/lib/iomgr/unix_sockets_posix.cc +27 -15
  469. data/src/core/lib/iomgr/unix_sockets_posix.h +5 -0
  470. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +7 -0
  471. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +2 -2
  472. data/src/core/lib/json/json.h +2 -2
  473. data/src/core/lib/json/json_reader.cc +8 -4
  474. data/src/core/lib/json/json_util.cc +58 -0
  475. data/src/core/lib/json/json_util.h +204 -0
  476. data/src/core/lib/json/json_writer.cc +2 -1
  477. data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
  478. data/src/core/lib/security/authorization/authorization_engine.h +84 -0
  479. data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
  480. data/src/core/lib/security/authorization/evaluate_args.h +59 -0
  481. data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
  482. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +44 -0
  483. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +69 -0
  484. data/src/core/lib/security/authorization/mock_cel/cel_value.h +97 -0
  485. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
  486. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +57 -0
  487. data/src/core/lib/security/context/security_context.h +3 -1
  488. data/src/core/lib/security/credentials/credentials.cc +1 -1
  489. data/src/core/lib/security/credentials/credentials.h +3 -3
  490. data/src/core/lib/security/credentials/external/aws_request_signer.cc +208 -0
  491. data/src/core/lib/security/credentials/external/aws_request_signer.h +73 -0
  492. data/src/core/lib/security/credentials/external/external_account_credentials.cc +311 -0
  493. data/src/core/lib/security/credentials/external/external_account_credentials.h +118 -0
  494. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +136 -0
  495. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +49 -0
  496. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +211 -0
  497. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +59 -0
  498. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +56 -38
  499. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +51 -0
  500. data/src/core/lib/security/credentials/jwt/json_token.cc +5 -2
  501. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +4 -3
  502. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -1
  503. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +2 -2
  504. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +351 -0
  505. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +218 -0
  506. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +78 -0
  507. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +74 -0
  508. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +77 -149
  509. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +58 -187
  510. data/src/core/lib/security/credentials/tls/tls_credentials.cc +16 -12
  511. data/src/core/lib/security/credentials/tls/tls_credentials.h +2 -2
  512. data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
  513. data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
  514. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -14
  515. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +88 -0
  516. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +70 -0
  517. data/src/core/lib/security/security_connector/load_system_roots.h +4 -0
  518. data/src/core/lib/security/security_connector/load_system_roots_linux.h +2 -0
  519. data/src/core/lib/security/security_connector/local/local_security_connector.cc +2 -2
  520. data/src/core/lib/security/security_connector/security_connector.cc +1 -1
  521. data/src/core/lib/security/security_connector/security_connector.h +4 -2
  522. data/src/core/lib/security/security_connector/ssl_utils.h +9 -2
  523. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +293 -275
  524. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +106 -61
  525. data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
  526. data/src/core/lib/security/transport/security_handshaker.cc +1 -1
  527. data/src/core/lib/security/transport/server_auth_filter.cc +2 -1
  528. data/src/core/lib/security/util/json_util.h +1 -0
  529. data/src/core/lib/slice/slice.cc +7 -4
  530. data/src/core/lib/slice/slice_buffer.cc +2 -1
  531. data/src/core/lib/slice/slice_intern.cc +2 -2
  532. data/src/core/lib/surface/call.cc +21 -20
  533. data/src/core/lib/surface/call.h +2 -1
  534. data/src/core/lib/surface/channel.cc +37 -51
  535. data/src/core/lib/surface/channel.h +18 -3
  536. data/src/core/lib/surface/completion_queue.cc +17 -278
  537. data/src/core/lib/surface/completion_queue.h +0 -8
  538. data/src/core/lib/surface/init.cc +27 -12
  539. data/src/core/lib/surface/server.cc +1069 -1245
  540. data/src/core/lib/surface/server.h +363 -87
  541. data/src/core/lib/surface/validate_metadata.h +3 -0
  542. data/src/core/lib/surface/version.cc +2 -2
  543. data/src/core/lib/transport/authority_override.cc +38 -0
  544. data/src/core/lib/transport/authority_override.h +34 -0
  545. data/src/core/lib/transport/bdp_estimator.cc +1 -1
  546. data/src/core/lib/transport/bdp_estimator.h +2 -1
  547. data/src/core/lib/transport/byte_stream.h +3 -3
  548. data/src/core/lib/transport/connectivity_state.cc +18 -13
  549. data/src/core/lib/transport/connectivity_state.h +22 -10
  550. data/src/core/lib/transport/error_utils.cc +13 -0
  551. data/src/core/lib/transport/error_utils.h +6 -0
  552. data/src/core/lib/transport/metadata.cc +11 -1
  553. data/src/core/lib/transport/metadata.h +2 -2
  554. data/src/core/lib/transport/static_metadata.cc +295 -276
  555. data/src/core/lib/transport/static_metadata.h +80 -73
  556. data/src/core/lib/transport/timeout_encoding.cc +4 -4
  557. data/src/core/lib/transport/transport.cc +5 -3
  558. data/src/core/lib/transport/transport.h +8 -1
  559. data/src/core/lib/uri/uri_parser.cc +23 -21
  560. data/src/core/lib/uri/uri_parser.h +3 -1
  561. data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
  562. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +26 -3
  563. data/src/core/tsi/fake_transport_security.cc +1 -0
  564. data/src/core/tsi/local_transport_security.cc +5 -1
  565. data/src/core/tsi/local_transport_security.h +6 -7
  566. data/src/core/tsi/ssl/session_cache/ssl_session.h +3 -0
  567. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -1
  568. data/src/core/tsi/ssl_transport_security.cc +16 -9
  569. data/src/core/tsi/ssl_transport_security.h +3 -0
  570. data/src/core/tsi/transport_security.cc +4 -2
  571. data/src/ruby/bin/math_services_pb.rb +4 -4
  572. data/src/ruby/ext/grpc/extconf.rb +1 -1
  573. data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
  574. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +26 -18
  575. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +43 -31
  576. data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
  577. data/src/ruby/lib/grpc/version.rb +1 -1
  578. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
  579. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
  580. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
  581. data/src/ruby/spec/channel_credentials_spec.rb +10 -0
  582. data/src/ruby/spec/generic/active_call_spec.rb +19 -8
  583. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  584. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  585. data/src/ruby/spec/pb/codegen/package_option_spec.rb +20 -0
  586. data/src/ruby/spec/user_agent_spec.rb +74 -0
  587. data/third_party/abseil-cpp/absl/algorithm/container.h +1764 -0
  588. data/third_party/abseil-cpp/absl/base/attributes.h +99 -38
  589. data/third_party/abseil-cpp/absl/base/call_once.h +1 -1
  590. data/third_party/abseil-cpp/absl/base/casts.h +9 -6
  591. data/third_party/abseil-cpp/absl/base/config.h +60 -17
  592. data/third_party/abseil-cpp/absl/base/dynamic_annotations.h +428 -335
  593. data/third_party/abseil-cpp/absl/base/internal/bits.h +17 -16
  594. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +166 -0
  595. data/third_party/abseil-cpp/absl/base/internal/dynamic_annotations.h +398 -0
  596. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  597. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  598. data/third_party/abseil-cpp/absl/base/internal/invoke.h +4 -4
  599. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  600. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  601. data/third_party/abseil-cpp/absl/base/internal/low_level_scheduling.h +29 -1
  602. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +2 -2
  603. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +7 -5
  604. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +25 -38
  605. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +19 -25
  606. data/third_party/abseil-cpp/absl/base/internal/spinlock_linux.inc +8 -0
  607. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +28 -5
  608. data/third_party/abseil-cpp/absl/base/internal/sysinfo.h +8 -0
  609. data/third_party/abseil-cpp/absl/base/internal/tsan_mutex_interface.h +3 -1
  610. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +2 -2
  611. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -3
  612. data/third_party/abseil-cpp/absl/base/macros.h +36 -109
  613. data/third_party/abseil-cpp/absl/base/optimization.h +61 -1
  614. data/third_party/abseil-cpp/absl/base/options.h +31 -4
  615. data/third_party/abseil-cpp/absl/base/policy_checks.h +1 -1
  616. data/third_party/abseil-cpp/absl/base/thread_annotations.h +94 -39
  617. data/third_party/abseil-cpp/absl/container/fixed_array.h +532 -0
  618. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +504 -0
  619. data/third_party/abseil-cpp/absl/container/inlined_vector.h +33 -36
  620. data/third_party/abseil-cpp/absl/container/internal/common.h +206 -0
  621. data/third_party/abseil-cpp/absl/container/internal/compressed_tuple.h +33 -8
  622. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +460 -0
  623. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +161 -0
  624. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +208 -0
  625. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  626. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +270 -0
  627. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +321 -0
  628. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  629. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +50 -0
  630. data/third_party/abseil-cpp/absl/container/internal/layout.h +743 -0
  631. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  632. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1903 -0
  633. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +139 -0
  634. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  635. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1945 -0
  636. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  637. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  638. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  639. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +196 -0
  640. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +134 -0
  641. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +89 -0
  642. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +108 -0
  643. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  644. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  645. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +93 -0
  646. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  647. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +149 -0
  648. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +173 -0
  649. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  650. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  651. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  652. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +36 -0
  653. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  654. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +101 -0
  655. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1560 -0
  656. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  657. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  658. data/third_party/abseil-cpp/absl/functional/bind_front.h +184 -0
  659. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  660. data/third_party/abseil-cpp/absl/functional/internal/front_binder.h +95 -0
  661. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  662. data/third_party/abseil-cpp/absl/hash/hash.h +325 -0
  663. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  664. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  665. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  666. data/third_party/abseil-cpp/absl/hash/internal/hash.h +996 -0
  667. data/third_party/abseil-cpp/absl/memory/memory.h +4 -0
  668. data/third_party/abseil-cpp/absl/meta/type_traits.h +2 -8
  669. data/third_party/abseil-cpp/absl/numeric/int128.cc +13 -27
  670. data/third_party/abseil-cpp/absl/numeric/int128.h +16 -15
  671. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +51 -0
  672. data/third_party/abseil-cpp/absl/status/status.cc +445 -0
  673. data/third_party/abseil-cpp/absl/status/status.h +817 -0
  674. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +38 -0
  675. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  676. data/third_party/abseil-cpp/absl/strings/charconv.cc +2 -2
  677. data/third_party/abseil-cpp/absl/strings/cord.cc +1998 -0
  678. data/third_party/abseil-cpp/absl/strings/cord.h +1276 -0
  679. data/third_party/abseil-cpp/absl/strings/escaping.cc +9 -9
  680. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +1 -1
  681. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +1 -1
  682. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.h +2 -2
  683. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  684. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +173 -0
  685. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +222 -136
  686. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +136 -64
  687. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +1 -1
  688. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +14 -21
  689. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +7 -14
  690. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +31 -7
  691. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +147 -135
  692. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +999 -87
  693. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.h +3 -3
  694. data/third_party/abseil-cpp/absl/strings/internal/str_format/output.h +4 -12
  695. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +8 -6
  696. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +13 -11
  697. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -2
  698. data/third_party/abseil-cpp/absl/strings/str_cat.cc +4 -4
  699. data/third_party/abseil-cpp/absl/strings/str_cat.h +1 -1
  700. data/third_party/abseil-cpp/absl/strings/str_format.h +289 -13
  701. data/third_party/abseil-cpp/absl/strings/str_split.cc +2 -2
  702. data/third_party/abseil-cpp/absl/strings/str_split.h +1 -0
  703. data/third_party/abseil-cpp/absl/strings/string_view.h +26 -19
  704. data/third_party/abseil-cpp/absl/strings/substitute.cc +5 -5
  705. data/third_party/abseil-cpp/absl/strings/substitute.h +32 -29
  706. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  707. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  708. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  709. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  710. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  711. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  712. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
  713. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  714. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  715. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +249 -0
  716. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  717. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  718. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +492 -0
  719. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  720. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2739 -0
  721. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1065 -0
  722. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  723. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  724. data/third_party/abseil-cpp/absl/time/civil_time.cc +9 -9
  725. data/third_party/abseil-cpp/absl/time/clock.cc +3 -3
  726. data/third_party/abseil-cpp/absl/time/duration.cc +90 -59
  727. data/third_party/abseil-cpp/absl/time/format.cc +43 -36
  728. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +26 -16
  729. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/time_zone.h +4 -2
  730. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/zone_info_source.h +1 -1
  731. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +136 -29
  732. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.cc +13 -21
  733. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_impl.h +1 -1
  734. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +136 -129
  735. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.h +4 -5
  736. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_libc.cc +8 -7
  737. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +6 -6
  738. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +2 -1
  739. data/third_party/abseil-cpp/absl/time/time.h +15 -16
  740. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  741. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  742. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  743. data/third_party/abseil-cpp/absl/types/optional.h +9 -9
  744. data/third_party/abseil-cpp/absl/types/span.h +49 -36
  745. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  746. data/third_party/abseil-cpp/absl/utility/utility.h +2 -2
  747. data/third_party/address_sorting/include/address_sorting/address_sorting.h +2 -0
  748. data/third_party/boringssl-with-bazel/err_data.c +479 -467
  749. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
  750. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +2 -0
  751. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
  752. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
  753. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
  754. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
  755. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +16 -0
  756. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
  757. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +173 -35
  758. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
  759. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
  760. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
  761. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +56 -22
  762. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +8 -2
  763. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +543 -0
  764. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +237 -0
  765. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +118 -49
  766. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +267 -95
  767. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +210 -34
  768. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +766 -0
  769. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
  770. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +6 -4
  771. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
  772. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
  773. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
  774. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
  775. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
  776. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
  777. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
  778. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
  779. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
  780. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
  781. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
  782. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
  783. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
  784. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
  785. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
  786. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
  787. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
  788. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
  789. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +5 -3
  790. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +14 -14
  791. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
  792. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
  793. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
  794. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  795. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
  796. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
  797. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +24 -0
  798. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +54 -0
  799. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
  800. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +6 -3
  801. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +4 -0
  802. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
  803. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
  804. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +6 -0
  805. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
  806. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
  807. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
  808. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +3 -0
  809. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +202 -134
  810. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +103 -10
  811. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +5 -2
  812. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +42 -14
  813. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +199 -78
  814. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +482 -432
  815. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +18 -5
  816. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +35 -0
  817. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
  818. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
  819. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
  820. data/third_party/boringssl-with-bazel/src/ssl/internal.h +49 -10
  821. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +42 -1
  822. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
  823. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
  824. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +77 -0
  825. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +11 -14
  826. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +250 -20
  827. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
  828. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +57 -19
  829. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +140 -41
  830. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  831. data/third_party/upb/upb/decode.c +64 -15
  832. data/third_party/upb/upb/def.c +2169 -0
  833. data/third_party/upb/upb/def.h +330 -0
  834. data/third_party/upb/upb/def.hpp +525 -0
  835. data/third_party/upb/upb/encode.c +2 -2
  836. data/third_party/upb/upb/msg.h +2 -2
  837. data/third_party/upb/upb/port_def.inc +1 -1
  838. data/third_party/upb/upb/reflection.c +391 -0
  839. data/third_party/upb/upb/reflection.h +168 -0
  840. data/third_party/upb/upb/table.c +0 -11
  841. data/third_party/upb/upb/table.int.h +0 -9
  842. data/third_party/upb/upb/text_encode.c +398 -0
  843. data/third_party/upb/upb/text_encode.h +35 -0
  844. data/third_party/upb/upb/upb.c +16 -14
  845. data/third_party/upb/upb/upb.h +26 -0
  846. data/third_party/upb/upb/upb.hpp +2 -0
  847. metadata +489 -161
  848. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -528
  849. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1143
  850. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -2110
  851. data/src/core/ext/filters/client_channel/xds/xds_api.h +0 -345
  852. data/src/core/ext/filters/client_channel/xds/xds_channel.h +0 -46
  853. data/src/core/ext/filters/client_channel/xds/xds_channel_secure.cc +0 -106
  854. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
  855. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -34
  856. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
  857. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -429
  858. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
  859. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -198
  860. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
  861. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -388
  862. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -52
  863. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
  864. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1453
  865. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
  866. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -226
  867. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  868. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -323
  869. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
  870. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -334
  871. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -79
  872. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
  873. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -891
  874. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
  875. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -328
  876. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
  877. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -71
  878. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
  879. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -649
  880. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
  881. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -693
  882. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  883. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
  884. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -536
  885. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -88
  886. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
  887. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -386
  888. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -52
  889. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
  890. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -224
  891. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
  892. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -32
  893. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
  894. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -273
  895. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
  896. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -332
  897. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -52
  898. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
  899. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -415
  900. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
  901. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -32
  902. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
  903. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -538
  904. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
  905. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -111
  906. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -52
  907. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
  908. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -204
  909. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
  910. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -32
  911. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
  912. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -2984
  913. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
  914. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -135
  915. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -52
  916. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
  917. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -732
  918. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
  919. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1167
  920. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  921. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
  922. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
  923. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -49
  924. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
  925. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -136
  926. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
  927. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -145
  928. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
  929. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  930. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
  931. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  932. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -86
  933. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -111
  934. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -61
  935. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
  936. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -250
  937. data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
  938. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  939. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  940. data/src/core/lib/slice/slice_hash_table.h +0 -199
  941. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  942. data/third_party/abseil-cpp/absl/base/dynamic_annotations.cc +0 -129
  943. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
  944. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h CHANGED
@@ -953,6 +953,18 @@ OPENSSL_EXPORT size_t SSL_get0_certificate_types(const SSL *ssl,
953
953
  OPENSSL_EXPORT size_t
954
954
  SSL_get0_peer_verify_algorithms(const SSL *ssl, const uint16_t **out_sigalgs);
955
955
 
956
+ // SSL_get0_peer_delegation_algorithms sets |*out_sigalgs| to an array
957
+ // containing the signature algorithms the peer is willing to use with delegated
958
+ // credentials. It returns the length of the array. If not sent, the empty
959
+ // array is returned.
960
+ //
961
+ // The behavior of this function is undefined except during the callbacks set by
962
+ // by |SSL_CTX_set_cert_cb| and |SSL_CTX_set_client_cert_cb| or when the
963
+ // handshake is paused because of them.
964
+ OPENSSL_EXPORT size_t
965
+ SSL_get0_peer_delegation_algorithms(const SSL *ssl,
966
+ const uint16_t **out_sigalgs);
967
+
956
968
  // SSL_certs_clear resets the private key, leaf certificate, and certificate
957
969
  // chain of |ssl|.
958
970
  OPENSSL_EXPORT void SSL_certs_clear(SSL *ssl);
@@ -1281,8 +1293,8 @@ OPENSSL_EXPORT const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value);
1281
1293
  // cast to a |uint16_t| to get it.
1282
1294
  OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
1283
1295
 
1284
- // SSL_CIPHER_get_value returns |cipher|'s IANA-assigned number.
1285
- OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
1296
+ // SSL_CIPHER_get_protocol_id returns |cipher|'s IANA-assigned number.
1297
+ OPENSSL_EXPORT uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *cipher);
1286
1298
 
1287
1299
  // SSL_CIPHER_is_aead returns one if |cipher| uses an AEAD cipher.
1288
1300
  OPENSSL_EXPORT int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher);
@@ -2764,6 +2776,51 @@ OPENSSL_EXPORT void SSL_CTX_set_allow_unknown_alpn_protos(SSL_CTX *ctx,
2764
2776
  int enabled);
2765
2777
 
2766
2778
 
2779
+ // Application-layer protocol settings
2780
+ //
2781
+ // The ALPS extension (draft-vvv-tls-alps) allows exchanging application-layer
2782
+ // settings in the TLS handshake for applications negotiated with ALPN. Note
2783
+ // that, when ALPS is negotiated, the client and server each advertise their own
2784
+ // settings, so there are functions to both configure setting to send and query
2785
+ // received settings.
2786
+
2787
+ // SSL_add_application_settings configures |ssl| to enable ALPS with ALPN
2788
+ // protocol |proto|, sending an ALPS value of |settings|. It returns one on
2789
+ // success and zero on error. If |proto| is negotiated via ALPN and the peer
2790
+ // supports ALPS, |settings| will be sent to the peer. The peer's ALPS value can
2791
+ // be retrieved with |SSL_get0_peer_application_settings|.
2792
+ //
2793
+ // On the client, this function should be called before the handshake, once for
2794
+ // each supported ALPN protocol which uses ALPS. |proto| must be included in the
2795
+ // client's ALPN configuration (see |SSL_CTX_set_alpn_protos| and
2796
+ // |SSL_set_alpn_protos|). On the server, ALPS can be preconfigured for each
2797
+ // protocol as in the client, or configuration can be deferred to the ALPN
2798
+ // callback (see |SSL_CTX_set_alpn_select_cb|), in which case only the selected
2799
+ // protocol needs to be configured.
2800
+ //
2801
+ // ALPS can be independently configured from 0-RTT, however changes in protocol
2802
+ // settings will fallback to 1-RTT to negotiate the new value, so it is
2803
+ // recommended for |settings| to be relatively stable.
2804
+ OPENSSL_EXPORT int SSL_add_application_settings(SSL *ssl, const uint8_t *proto,
2805
+ size_t proto_len,
2806
+ const uint8_t *settings,
2807
+ size_t settings_len);
2808
+
2809
+ // SSL_get0_peer_application_settings sets |*out_data| and |*out_len| to a
2810
+ // buffer containing the peer's ALPS value, or the empty string if ALPS was not
2811
+ // negotiated. Note an empty string could also indicate the peer sent an empty
2812
+ // settings value. Use |SSL_has_application_settings| to check if ALPS was
2813
+ // negotiated. The output buffer is owned by |ssl| and is valid until the next
2814
+ // time |ssl| is modified.
2815
+ OPENSSL_EXPORT void SSL_get0_peer_application_settings(const SSL *ssl,
2816
+ const uint8_t **out_data,
2817
+ size_t *out_len);
2818
+
2819
+ // SSL_has_application_settings returns one if ALPS was negotiated on this
2820
+ // connection and zero otherwise.
2821
+ OPENSSL_EXPORT int SSL_has_application_settings(const SSL *ssl);
2822
+
2823
+
2767
2824
  // Certificate compression.
2768
2825
  //
2769
2826
  // Certificates in TLS 1.3 can be compressed[1]. BoringSSL supports this as both
@@ -3481,8 +3538,10 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
3481
3538
  ssl_early_data_ticket_age_skew = 12,
3482
3539
  // QUIC parameters differ between this connection and the original.
3483
3540
  ssl_early_data_quic_parameter_mismatch = 13,
3541
+ // The application settings did not match the session.
3542
+ ssl_early_data_alps_mismatch = 14,
3484
3543
  // The value of the largest entry.
3485
- ssl_early_data_reason_max_value = ssl_early_data_quic_parameter_mismatch,
3544
+ ssl_early_data_reason_max_value = ssl_early_data_alps_mismatch,
3486
3545
  };
3487
3546
 
3488
3547
  // SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected
@@ -3490,6 +3549,11 @@ enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
3490
3549
  OPENSSL_EXPORT enum ssl_early_data_reason_t SSL_get_early_data_reason(
3491
3550
  const SSL *ssl);
3492
3551
 
3552
+ // SSL_early_data_reason_string returns a string representation for |reason|, or
3553
+ // NULL if |reason| is unknown. This function may be used for logging.
3554
+ OPENSSL_EXPORT const char *SSL_early_data_reason_string(
3555
+ enum ssl_early_data_reason_t reason);
3556
+
3493
3557
 
3494
3558
  // Alerts.
3495
3559
  //
@@ -4688,6 +4752,30 @@ OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_cb(SSL_CTX *ctx,
4688
4752
  // |SSL_CTX_set_tlsext_status_cb|'s callback and returns one.
4689
4753
  OPENSSL_EXPORT int SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg);
4690
4754
 
4755
+ // The following symbols are compatibility aliases for reason codes used when
4756
+ // receiving an alert from the peer. Use the other names instead, which fit the
4757
+ // naming convention.
4758
+ //
4759
+ // TODO(davidben): Fix references to |SSL_R_TLSV1_CERTIFICATE_REQUIRED| and
4760
+ // remove the compatibility value. The others come from OpenSSL.
4761
+ #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION \
4762
+ SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION
4763
+ #define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE \
4764
+ SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE
4765
+ #define SSL_R_TLSV1_UNRECOGNIZED_NAME SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME
4766
+ #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE \
4767
+ SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
4768
+ #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE \
4769
+ SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE
4770
+ #define SSL_R_TLSV1_CERTIFICATE_REQUIRED SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED
4771
+
4772
+ // SSL_CIPHER_get_value calls |SSL_CIPHER_get_protocol_id|.
4773
+ //
4774
+ // TODO(davidben): |SSL_CIPHER_get_value| was our name for this function, but
4775
+ // upstream added it as |SSL_CIPHER_get_protocol_id|. Switch callers to the new
4776
+ // name and remove this one.
4777
+ OPENSSL_EXPORT uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher);
4778
+
4691
4779
 
4692
4780
  // Nodejs compatibility section (hidden).
4693
4781
  //
@@ -5179,6 +5267,10 @@ BSSL_NAMESPACE_END
5179
5267
  #define SSL_R_INCONSISTENT_CLIENT_HELLO 303
5180
5268
  #define SSL_R_CIPHER_MISMATCH_ON_EARLY_DATA 304
5181
5269
  #define SSL_R_QUIC_TRANSPORT_PARAMETERS_MISCONFIGURED 305
5270
+ #define SSL_R_UNEXPECTED_COMPATIBILITY_MODE 306
5271
+ #define SSL_R_MISSING_ALPN 307
5272
+ #define SSL_R_NEGOTIATED_ALPS_WITHOUT_ALPN 308
5273
+ #define SSL_R_ALPS_MISMATCH_ON_EARLY_DATA 309
5182
5274
  #define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
5183
5275
  #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
5184
5276
  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
@@ -5204,12 +5296,13 @@ BSSL_NAMESPACE_END
5204
5296
  #define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086
5205
5297
  #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
5206
5298
  #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
5207
- #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110
5208
- #define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111
5209
- #define SSL_R_TLSV1_UNRECOGNIZED_NAME 1112
5210
- #define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113
5211
- #define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114
5212
- #define SSL_R_TLSV1_UNKNOWN_PSK_IDENTITY 1115
5213
- #define SSL_R_TLSV1_CERTIFICATE_REQUIRED 1116
5299
+ #define SSL_R_TLSV1_ALERT_UNSUPPORTED_EXTENSION 1110
5300
+ #define SSL_R_TLSV1_ALERT_CERTIFICATE_UNOBTAINABLE 1111
5301
+ #define SSL_R_TLSV1_ALERT_UNRECOGNIZED_NAME 1112
5302
+ #define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE 1113
5303
+ #define SSL_R_TLSV1_ALERT_BAD_CERTIFICATE_HASH_VALUE 1114
5304
+ #define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY 1115
5305
+ #define SSL_R_TLSV1_ALERT_CERTIFICATE_REQUIRED 1116
5306
+ #define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL 1120
5214
5307
 
5215
5308
  #endif // OPENSSL_HEADER_SSL_H
data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h CHANGED
@@ -232,9 +232,12 @@ extern "C" {
232
232
  // ExtensionType value from RFC5746
233
233
  #define TLSEXT_TYPE_renegotiate 0xff01
234
234
 
235
- // ExtensionType value from draft-ietf-tls-subcerts. This is not an IANA defined
235
+ // ExtensionType value from draft-ietf-tls-subcerts.
236
+ #define TLSEXT_TYPE_delegated_credential 0x22
237
+
238
+ // ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined
236
239
  // extension number.
237
- #define TLSEXT_TYPE_delegated_credential 0xff02
240
+ #define TLSEXT_TYPE_application_settings 17513
238
241
 
239
242
  // ExtensionType value from RFC6962
240
243
  #define TLSEXT_TYPE_certificate_timestamp 18
data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h CHANGED
@@ -40,6 +40,14 @@ extern "C" {
40
40
  // PMBTokens and P-384.
41
41
  OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void);
42
42
 
43
+ // TRUST_TOKEN_experiment_v2_voprf is an experimental Trust Tokens protocol
44
+ // using VOPRFs and P-384 with up to 6 keys, without RR verification.
45
+ OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_voprf(void);
46
+
47
+ // TRUST_TOKEN_experiment_v2_pmb is an experimental Trust Tokens protocol using
48
+ // PMBTokens and P-384 with up to 3 keys, without RR verification.
49
+ OPENSSL_EXPORT const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void);
50
+
43
51
  // trust_token_st represents a single-use token for the Trust Token protocol.
44
52
  // For the client, this is the token and its corresponding signature. For the
45
53
  // issuer, this is the token itself.
@@ -138,21 +146,23 @@ OPENSSL_EXPORT STACK_OF(TRUST_TOKEN) *
138
146
  // |token| and receive a signature over |data| and serializes the request into
139
147
  // a newly-allocated buffer, setting |*out| to that buffer and |*out_len| to
140
148
  // its length. |time| is the number of seconds since the UNIX epoch and used to
141
- // verify the validity of the issuer's response. The caller takes ownership of
142
- // the buffer and must call |OPENSSL_free| when done. It returns one on success
143
- // or zero on error.
149
+ // verify the validity of the issuer's response in TrustTokenV1 and ignored in
150
+ // other versions. The caller takes ownership of the buffer and must call
151
+ // |OPENSSL_free| when done. It returns one on success or zero on error.
144
152
  OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_begin_redemption(
145
153
  TRUST_TOKEN_CLIENT *ctx, uint8_t **out, size_t *out_len,
146
154
  const TRUST_TOKEN *token, const uint8_t *data, size_t data_len,
147
155
  uint64_t time);
148
156
 
149
- // TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer and
150
- // verifies the SRR. If valid, it returns one and sets |*out_srr| and
151
- // |*out_srr_len| (respectively, |*out_sig| and |*out_sig_len|) to a
152
- // newly-allocated buffer containing the SRR (respectively, the SRR signature).
153
- // Otherwise, it returns zero.
157
+ // TRUST_TOKEN_CLIENT_finish_redemption consumes |response| from the issuer. In
158
+ // |TRUST_TOKEN_experiment_v1|, it then verifies the SRR and if valid sets
159
+ // |*out_rr| and |*out_rr_len| (respectively, |*out_sig| and |*out_sig_len|)
160
+ // to a newly-allocated buffer containing the SRR (respectively, the SRR
161
+ // signature). In other versions, it sets |*out_rr| and |*out_rr_len|
162
+ // to a newly-allocated buffer containing |response| and leaves all validation
163
+ // to the caller. It returns one on success or zero on failure.
154
164
  OPENSSL_EXPORT int TRUST_TOKEN_CLIENT_finish_redemption(
155
- TRUST_TOKEN_CLIENT *ctx, uint8_t **out_srr, size_t *out_srr_len,
165
+ TRUST_TOKEN_CLIENT *ctx, uint8_t **out_rr, size_t *out_rr_len,
156
166
  uint8_t **out_sig, size_t *out_sig_len, const uint8_t *response,
157
167
  size_t response_len);
158
168
 
@@ -214,16 +224,16 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_issue(
214
224
  uint32_t public_metadata, uint8_t private_metadata, size_t max_issuance);
215
225
 
216
226
  // TRUST_TOKEN_ISSUER_redeem ingests a |request| for token redemption and
217
- // verifies the token. If the token is valid, a SRR is produced with a lifetime
227
+ // verifies the token. If the token is valid, a RR is produced with a lifetime
218
228
  // of |lifetime| (in seconds), signing over the requested data from the request
219
229
  // and the value of the token, storing the result into a newly-allocated buffer
220
230
  // and setting |*out| to that buffer and |*out_len| to its length. The extracted
221
231
  // |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
222
232
  // |*out_token|. The extracted client data is stored into a newly-allocated
223
- // buffer and stored in |*out_client_data|. The extracted redemption time is
224
- // stored in |*out_redemption_time|. The caller takes ownership of each output
225
- // buffer and must call |OPENSSL_free| when done. It returns one on success or
226
- // zero on error.
233
+ // buffer and stored in |*out_client_data|. In TrustTokenV1, the extracted
234
+ // redemption time is stored in |*out_redemption_time|. The caller takes
235
+ // ownership of each output buffer and must call |OPENSSL_free| when done. It
236
+ // returns one on success or zero on error.
227
237
  //
228
238
  // The caller must keep track of all values of |*out_token| seen globally before
229
239
  // returning the SRR to the client. If the value has been reused, the caller
@@ -235,6 +245,24 @@ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem(
235
245
  size_t *out_client_data_len, uint64_t *out_redemption_time,
236
246
  const uint8_t *request, size_t request_len, uint64_t lifetime);
237
247
 
248
+ // TRUST_TOKEN_ISSUER_redeem_raw ingests a |request| for token redemption and
249
+ // verifies the token. The public metadata is stored in |*out_public|. The
250
+ // private metadata (if any) is stored in |*out_private|. The extracted
251
+ // |TRUST_TOKEN| is stored into a newly-allocated buffer and stored in
252
+ // |*out_token|. The extracted client data is stored into a newly-allocated
253
+ // buffer and stored in |*out_client_data|. The caller takes ownership of each
254
+ // output buffer and must call |OPENSSL_free| when done. It returns one on
255
+ // success or zero on error.
256
+ //
257
+ // The caller must keep track of all values of |*out_token| seen globally before
258
+ // returning a response to the client. If the value has been reused, the caller
259
+ // must report an error to the client. Returning a response with replayed values
260
+ // allows an attacker to double-spend tokens.
261
+ OPENSSL_EXPORT int TRUST_TOKEN_ISSUER_redeem_raw(
262
+ const TRUST_TOKEN_ISSUER *ctx, uint32_t *out_public, uint8_t *out_private,
263
+ TRUST_TOKEN **out_token, uint8_t **out_client_data,
264
+ size_t *out_client_data_len, const uint8_t *request, size_t request_len);
265
+
238
266
  // TRUST_TOKEN_decode_private_metadata decodes |encrypted_bit| using the
239
267
  // private metadata key specified by a |key| buffer of length |key_len| and the
240
268
  // nonce by a |nonce| buffer of length |nonce_len|. The nonce in
data/third_party/boringssl-with-bazel/src/include/openssl/x509.h CHANGED
@@ -146,7 +146,7 @@ struct X509_name_st {
146
146
  STACK_OF(X509_NAME_ENTRY) * entries;
147
147
  int modified; // true if 'bytes' needs to be built
148
148
  BUF_MEM *bytes;
149
- // unsigned long hash; Keep the hash around for lookups
149
+ // unsigned long hash; Keep the hash around for lookups
150
150
  unsigned char *canon_enc;
151
151
  int canon_enclen;
152
152
  } /* X509_NAME */;
@@ -470,6 +470,11 @@ struct Netscape_spki_st {
470
470
  extern "C" {
471
471
  #endif
472
472
 
473
+ // TODO(davidben): Document remaining functions, reorganize them, and define
474
+ // supported patterns for using |X509| objects in general. In particular, when
475
+ // it is safe to call mutating functions is a little tricky due to various
476
+ // internal caches.
477
+
473
478
  // X509_get_version returns the numerical value of |x509|'s version. That is,
474
479
  // it returns zero for X.509v1, one for X.509v2, and two for X.509v3. Unknown
475
480
  // versions are rejected by the parser, but a manually-created |X509| object may
@@ -477,16 +482,54 @@ extern "C" {
477
482
  // version, or -1 on overflow.
478
483
  OPENSSL_EXPORT long X509_get_version(const X509 *x509);
479
484
 
480
- // X509_get_notBefore returns |x509|'s notBefore value. Note this function is
481
- // not const-correct for legacy reasons. Use |X509_get0_notBefore| or
485
+ // X509_get0_serialNumber returns |x509|'s serial number.
486
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
487
+
488
+ // X509_get0_notBefore returns |x509|'s notBefore time.
489
+ OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
490
+
491
+ // X509_get0_notAfter returns |x509|'s notAfter time.
492
+ OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
493
+
494
+ // X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
495
+ // success and zero on error.
496
+ OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
497
+
498
+ // X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
499
+ // success and zero on error.
500
+ OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
501
+
502
+ // X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time.
503
+ OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509);
504
+
505
+ // X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time.
506
+ OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
507
+
508
+ // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
509
+ // const-correct for legacy reasons. Use |X509_get0_notBefore| or
482
510
  // |X509_getm_notBefore| instead.
483
511
  OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
484
512
 
485
- // X509_get_notAfter returns |x509|'s notAfter value. Note this function is not
513
+ // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
486
514
  // const-correct for legacy reasons. Use |X509_get0_notAfter| or
487
515
  // |X509_getm_notAfter| instead.
488
516
  OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
489
517
 
518
+ // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
519
+ // instead.
520
+ OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
521
+
522
+ // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
523
+ // instead.
524
+ OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
525
+
526
+ // X509_get0_uids sets |*out_issuer_uid| and |*out_subject_uid| to non-owning
527
+ // pointers to the issuerUID and subjectUID fields, respectively, of |x509|.
528
+ // Either output pointer may be NULL to skip the field.
529
+ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
530
+ const ASN1_BIT_STRING **out_issuer_uid,
531
+ const ASN1_BIT_STRING **out_subject_uid);
532
+
490
533
  // X509_get_cert_info returns |x509|'s TBSCertificate structure. Note this
491
534
  // function is not const-correct for legacy reasons.
492
535
  //
@@ -498,6 +541,15 @@ OPENSSL_EXPORT X509_CINF *X509_get_cert_info(const X509 *x509);
498
541
  // |X509_get_pubkey| instead.
499
542
  #define X509_extract_key(x) X509_get_pubkey(x)
500
543
 
544
+ // X509_get_pathlen returns path length constraint from the basic constraints
545
+ // extension in |x509|. (See RFC5280, section 4.2.1.9.) It returns -1 if the
546
+ // constraint is not present, or if some extension in |x509| was invalid.
547
+ //
548
+ // Note that decoding an |X509| object will not check for invalid extensions. To
549
+ // detect the error case, call |X509_get_extensions_flags| and check the
550
+ // |EXFLAG_INVALID| bit.
551
+ OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
552
+
501
553
  // X509_REQ_get_version returns the numerical value of |req|'s version. That is,
502
554
  // it returns zero for a v1 request. If |req| is invalid, it may return another
503
555
  // value, or -1 on overflow.
@@ -521,15 +573,29 @@ OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
521
573
  // X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time.
522
574
  OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
523
575
 
524
- // X509_CRL_get0_lastUpdate returns |crl|'s nextUpdate time.
576
+ // X509_CRL_get0_nextUpdate returns |crl|'s nextUpdate time, or NULL if |crl|
577
+ // has none.
525
578
  OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
526
579
 
580
+ // X509_CRL_set1_lastUpdate sets |crl|'s lastUpdate time to |tm|. It returns one
581
+ // on success and zero on error.
582
+ OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
583
+
584
+ // X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
585
+ // on success and zero on error.
586
+ OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
587
+
588
+ // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
589
+ #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
590
+ #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
591
+
527
592
  // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time.
528
- // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set_lastUpdate| instead.
593
+ // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
529
594
  OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
530
595
 
531
- // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time.
532
- // Use |X509_CRL_get0_nextUpdate| or |X509_CRL_set_nextUpdate| instead.
596
+ // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
597
+ // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
598
+ // |X509_CRL_set1_nextUpdate| instead.
533
599
  OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
534
600
 
535
601
  // X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not
@@ -543,6 +609,10 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
543
609
  // would break existing callers. For now, we match upstream.
544
610
  OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
545
611
 
612
+ // X509_CRL_get0_extensions returns |crl|'s extension list.
613
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *
614
+ X509_CRL_get0_extensions(const X509_CRL *crl);
615
+
546
616
  // X509_CINF_set_modified marks |cinf| as modified so that changes will be
547
617
  // reflected in serializing the structure.
548
618
  //
@@ -559,6 +629,17 @@ OPENSSL_EXPORT void X509_CINF_set_modified(X509_CINF *cinf);
559
629
  // |X509_get0_tbs_sigalg| instead.
560
630
  OPENSSL_EXPORT const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf);
561
631
 
632
+ // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
633
+ // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
634
+ // |out_digest| may be NULL to skip those fields.
635
+ OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
636
+ const X509_ALGOR **out_alg,
637
+ const ASN1_OCTET_STRING **out_digest);
638
+
639
+ // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
640
+ OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
641
+ ASN1_OCTET_STRING **out_digest);
642
+
562
643
  OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
563
644
  OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new(
564
645
  int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl),
@@ -575,26 +656,66 @@ OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl);
575
656
  // object.
576
657
  OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
577
658
 
578
- OPENSSL_EXPORT const char *X509_verify_cert_error_string(long n);
579
-
580
- #ifndef OPENSSL_NO_EVP
581
- OPENSSL_EXPORT int X509_verify(X509 *a, EVP_PKEY *r);
582
-
583
- OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
584
- OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
585
- OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
586
-
659
+ // X509_verify_cert_error_string returns |err| as a human-readable string, where
660
+ // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
661
+ // a default description.
662
+ //
663
+ // TODO(davidben): Move this function to x509_vfy.h, with the |X509_V_*|
664
+ // definitions, or fold x509_vfy.h into this function.
665
+ OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
666
+
667
+ // X509_verify checks that |x509| has a valid signature by |pkey|. It returns
668
+ // one if the signature is valid and zero otherwise. Note this function only
669
+ // checks the signature itself and does not perform a full certificate
670
+ // validation.
671
+ OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
672
+
673
+ // X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns
674
+ // one if the signature is valid and zero otherwise.
675
+ OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
676
+
677
+ // X509_CRL_verify checks that |crl| has a valid signature by |pkey|. It returns
678
+ // one if the signature is valid and zero otherwise.
679
+ OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey);
680
+
681
+ // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
682
+ // returns one if the signature is valid and zero otherwise.
683
+ OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
684
+
685
+ // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
686
+ // Netscape signed public key and challenge (SPKAC) structure. It returns a
687
+ // newly-allocated |NETSCAPE_SPKI| structure with the result, or NULL on error.
688
+ // If |len| is 0 or negative, the length is calculated with |strlen| and |str|
689
+ // must be a NUL-terminated C string.
587
690
  OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
588
691
  int len);
589
- OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
590
- OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
591
- OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
592
692
 
593
- OPENSSL_EXPORT int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
594
-
595
- OPENSSL_EXPORT int X509_signature_dump(BIO *bp, const ASN1_STRING *sig,
693
+ // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded Netscape signed
694
+ // public key and challenge (SPKAC) structure. It returns a newly-allocated
695
+ // NUL-terminated C string with the result, or NULL on error. The caller must
696
+ // release the memory with |OPENSSL_free| when done.
697
+ OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
698
+
699
+ // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
700
+ // |EVP_PKEY|, or NULL on error. The resulting pointer is non-owning and valid
701
+ // until |spki| is released or mutated. The caller should take a reference with
702
+ // |EVP_PKEY_up_ref| to extend the lifetime.
703
+ OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
704
+
705
+ // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
706
+ // on success or zero on error. This function does not take ownership of |pkey|,
707
+ // so the caller may continue to manage its lifetime independently of |spki|.
708
+ OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
709
+ EVP_PKEY *pkey);
710
+
711
+ // X509_signature_dump writes a human-readable representation of |sig| to |bio|,
712
+ // indented with |indent| spaces. It returns one on success and zero on error.
713
+ OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
596
714
  int indent);
597
- OPENSSL_EXPORT int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
715
+
716
+ // X509_signature_print writes a human-readable representation of |alg| and
717
+ // |sig| to |bio|. It returns one on success and zero on error.
718
+ OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
598
719
  const ASN1_STRING *sig);
599
720
 
600
721
  OPENSSL_EXPORT int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
@@ -616,7 +737,6 @@ OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
616
737
  unsigned char *md, unsigned int *len);
617
738
  OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
618
739
  unsigned char *md, unsigned int *len);
619
- #endif
620
740
 
621
741
  // X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
622
742
  // fresh X509 or NULL on error. There must not be any trailing data in |buf|.
@@ -814,10 +934,9 @@ OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
814
934
  DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
815
935
  DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
816
936
 
817
- #ifndef OPENSSL_NO_EVP
818
937
  OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
819
938
  OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
820
- OPENSSL_EXPORT char *X509_NAME_oneline(X509_NAME *a, char *buf, int size);
939
+ OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
821
940
 
822
941
  OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
823
942
  unsigned char *md, unsigned int *len);
@@ -838,25 +957,19 @@ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
838
957
  X509_ALGOR *algor2,
839
958
  ASN1_BIT_STRING *signature, void *asn,
840
959
  EVP_MD_CTX *ctx);
841
- #endif
842
960
 
843
961
  OPENSSL_EXPORT int X509_set_version(X509 *x, long version);
844
962
  OPENSSL_EXPORT int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
845
963
  OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x);
846
964
  OPENSSL_EXPORT int X509_set_issuer_name(X509 *x, X509_NAME *name);
847
- OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(X509 *a);
965
+ OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *a);
848
966
  OPENSSL_EXPORT int X509_set_subject_name(X509 *x, X509_NAME *name);
849
- OPENSSL_EXPORT X509_NAME *X509_get_subject_name(X509 *a);
850
- OPENSSL_EXPORT int X509_set_notBefore(X509 *x, const ASN1_TIME *tm);
851
- OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x);
852
- OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x);
853
- OPENSSL_EXPORT int X509_set_notAfter(X509 *x, const ASN1_TIME *tm);
854
- OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x);
855
- OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
967
+ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *a);
856
968
  OPENSSL_EXPORT int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
857
969
  OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x);
858
970
  OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
859
- OPENSSL_EXPORT STACK_OF(X509_EXTENSION) * X509_get0_extensions(const X509 *x);
971
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *
972
+ X509_get0_extensions(const X509 *x);
860
973
  OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
861
974
 
862
975
  OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *x, long version);
@@ -900,8 +1013,6 @@ OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
900
1013
 
901
1014
  OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *x, long version);
902
1015
  OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
903
- OPENSSL_EXPORT int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
904
- OPENSSL_EXPORT int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
905
1016
  OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
906
1017
  OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
907
1018
 
@@ -920,6 +1031,10 @@ OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
920
1031
  OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *r,
921
1032
  ASN1_TIME *tm);
922
1033
 
1034
+ // X509_REVOKED_get0_extensions returns |r|'s extensions.
1035
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *
1036
+ X509_REVOKED_get0_extensions(const X509_REVOKED *r);
1037
+
923
1038
  OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
924
1039
  EVP_PKEY *skey, const EVP_MD *md,
925
1040
  unsigned int flags);
@@ -959,12 +1074,12 @@ OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
959
1074
  OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x);
960
1075
  OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
961
1076
  OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
962
- OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
963
- unsigned long flags);
1077
+ OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm,
1078
+ int indent, unsigned long flags);
964
1079
  #endif
965
1080
 
966
- OPENSSL_EXPORT int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
967
- OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
1081
+ OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
1082
+ OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
968
1083
  unsigned long flags);
969
1084
  OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
970
1085
  unsigned long cflag);
@@ -976,21 +1091,22 @@ OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
976
1091
  unsigned long cflag);
977
1092
  OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
978
1093
 
979
- OPENSSL_EXPORT int X509_NAME_entry_count(X509_NAME *name);
980
- OPENSSL_EXPORT int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
1094
+ OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
1095
+ OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
981
1096
  char *buf, int len);
982
- OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(X509_NAME *name,
1097
+ OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
983
1098
  const ASN1_OBJECT *obj, char *buf,
984
1099
  int len);
985
1100
 
986
1101
  // NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
987
1102
  // lastpos, search after that position on.
988
- OPENSSL_EXPORT int X509_NAME_get_index_by_NID(X509_NAME *name, int nid,
1103
+ OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
989
1104
  int lastpos);
990
- OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(X509_NAME *name,
1105
+ OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
991
1106
  const ASN1_OBJECT *obj,
992
1107
  int lastpos);
993
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
1108
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
1109
+ int loc);
994
1110
  OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
995
1111
  int loc);
996
1112
  OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
@@ -1021,8 +1137,9 @@ OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1021
1137
  OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1022
1138
  const unsigned char *bytes,
1023
1139
  int len);
1024
- OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
1025
- OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
1140
+ OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
1141
+ const X509_NAME_ENTRY *ne);
1142
+ OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
1026
1143
 
1027
1144
  OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) * x);
1028
1145
  OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) * x,
@@ -1040,59 +1157,63 @@ OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) * x,
1040
1157
  OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *
1041
1158
  X509v3_add_ext(STACK_OF(X509_EXTENSION) * *x, X509_EXTENSION *ex, int loc);
1042
1159
 
1043
- OPENSSL_EXPORT int X509_get_ext_count(X509 *x);
1044
- OPENSSL_EXPORT int X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
1045
- OPENSSL_EXPORT int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos);
1046
- OPENSSL_EXPORT int X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
1047
- OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(X509 *x, int loc);
1160
+ OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
1161
+ OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
1162
+ OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
1163
+ int lastpos);
1164
+ OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
1165
+ int lastpos);
1166
+ OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
1048
1167
  OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
1049
1168
  OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
1050
- OPENSSL_EXPORT void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
1169
+ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
1051
1170
  OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1052
1171
  unsigned long flags);
1053
1172
 
1054
- OPENSSL_EXPORT int X509_CRL_get_ext_count(X509_CRL *x);
1055
- OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
1056
- OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj,
1057
- int lastpos);
1058
- OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit,
1173
+ OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
1174
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
1175
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
1176
+ const ASN1_OBJECT *obj, int lastpos);
1177
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
1059
1178
  int lastpos);
1060
- OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
1179
+ OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
1061
1180
  OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1062
1181
  OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1063
- OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit,
1182
+ OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit,
1064
1183
  int *idx);
1065
1184
  OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
1066
1185
  int crit, unsigned long flags);
1067
1186
 
1068
- OPENSSL_EXPORT int X509_REVOKED_get_ext_count(X509_REVOKED *x);
1069
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid,
1187
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
1188
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
1189
+ int lastpos);
1190
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
1191
+ const ASN1_OBJECT *obj,
1070
1192
  int lastpos);
1071
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,
1072
- ASN1_OBJECT *obj, int lastpos);
1073
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit,
1074
- int lastpos);
1075
- OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
1193
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
1194
+ int crit, int lastpos);
1195
+ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
1196
+ int loc);
1076
1197
  OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1077
1198
  int loc);
1078
1199
  OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
1079
1200
  int loc);
1080
- OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid,
1201
+ OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid,
1081
1202
  int *crit, int *idx);
1082
1203
  OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
1083
1204
  void *value, int crit,
1084
1205
  unsigned long flags);
1085
1206
 
1086
1207
  OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
1087
- X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data);
1208
+ X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
1088
1209
  OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
1089
1210
  X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
1090
- ASN1_OCTET_STRING *data);
1211
+ const ASN1_OCTET_STRING *data);
1091
1212
  OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
1092
1213
  const ASN1_OBJECT *obj);
1093
1214
  OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1094
1215
  OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1095
- ASN1_OCTET_STRING *data);
1216
+ const ASN1_OCTET_STRING *data);
1096
1217
  OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
1097
1218
  OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1098
1219
  OPENSSL_EXPORT int X509_EXTENSION_get_critical(X509_EXTENSION *ex);
@@ -1179,9 +1300,9 @@ OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
1179
1300
  int (*ck)(X509_TRUST *, X509 *, int),
1180
1301
  char *name, int arg1, void *arg2);
1181
1302
  OPENSSL_EXPORT void X509_TRUST_cleanup(void);
1182
- OPENSSL_EXPORT int X509_TRUST_get_flags(X509_TRUST *xp);
1183
- OPENSSL_EXPORT char *X509_TRUST_get0_name(X509_TRUST *xp);
1184
- OPENSSL_EXPORT int X509_TRUST_get_trust(X509_TRUST *xp);
1303
+ OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
1304
+ OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
1305
+ OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp);
1185
1306
 
1186
1307
 
1187
1308
  typedef struct rsa_pss_params_st {