grpc 1.48.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (2600) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +501 -260
  3. data/include/grpc/byte_buffer.h +76 -1
  4. data/include/grpc/byte_buffer_reader.h +19 -1
  5. data/include/grpc/compression.h +2 -2
  6. data/include/grpc/event_engine/endpoint_config.h +11 -5
  7. data/include/grpc/event_engine/event_engine.h +99 -36
  8. data/include/grpc/event_engine/internal/memory_allocator_impl.h +1 -1
  9. data/include/grpc/event_engine/internal/slice_cast.h +67 -0
  10. data/include/grpc/event_engine/memory_allocator.h +1 -1
  11. data/include/grpc/event_engine/slice.h +24 -4
  12. data/include/grpc/event_engine/slice_buffer.h +44 -3
  13. data/include/grpc/fork.h +25 -1
  14. data/include/grpc/grpc.h +3 -13
  15. data/include/grpc/grpc_audit_logging.h +96 -0
  16. data/include/grpc/grpc_posix.h +1 -1
  17. data/include/grpc/grpc_security.h +4 -0
  18. data/include/grpc/impl/codegen/atm.h +3 -71
  19. data/include/grpc/impl/codegen/atm_gcc_atomic.h +3 -67
  20. data/include/grpc/impl/codegen/atm_gcc_sync.h +3 -61
  21. data/include/grpc/impl/codegen/atm_windows.h +3 -108
  22. data/include/grpc/impl/codegen/byte_buffer.h +4 -78
  23. data/include/grpc/impl/codegen/byte_buffer_reader.h +4 -19
  24. data/include/grpc/impl/codegen/compression_types.h +3 -82
  25. data/include/grpc/impl/codegen/connectivity_state.h +3 -20
  26. data/include/grpc/impl/codegen/fork.h +4 -25
  27. data/include/grpc/impl/codegen/gpr_types.h +2 -34
  28. data/include/grpc/impl/codegen/grpc_types.h +3 -790
  29. data/include/grpc/impl/codegen/log.h +3 -86
  30. data/include/grpc/impl/codegen/port_platform.h +3 -766
  31. data/include/grpc/impl/codegen/propagation_bits.h +3 -28
  32. data/include/grpc/impl/codegen/slice.h +3 -106
  33. data/include/grpc/impl/codegen/status.h +4 -131
  34. data/include/grpc/impl/codegen/sync.h +3 -42
  35. data/include/grpc/impl/codegen/sync_abseil.h +3 -12
  36. data/include/grpc/impl/codegen/sync_custom.h +3 -14
  37. data/include/grpc/impl/codegen/sync_generic.h +3 -25
  38. data/include/grpc/impl/codegen/sync_posix.h +3 -28
  39. data/include/grpc/impl/codegen/sync_windows.h +3 -16
  40. data/include/grpc/impl/compression_types.h +109 -0
  41. data/include/grpc/impl/connectivity_state.h +47 -0
  42. data/include/grpc/impl/grpc_types.h +838 -0
  43. data/include/grpc/impl/propagation_bits.h +54 -0
  44. data/include/grpc/impl/slice_type.h +112 -0
  45. data/include/grpc/load_reporting.h +1 -1
  46. data/include/grpc/module.modulemap +7 -1
  47. data/include/grpc/slice.h +1 -1
  48. data/include/grpc/status.h +131 -1
  49. data/include/grpc/support/atm.h +70 -1
  50. data/include/grpc/support/atm_gcc_atomic.h +59 -1
  51. data/include/grpc/support/atm_gcc_sync.h +58 -1
  52. data/include/grpc/support/atm_windows.h +105 -1
  53. data/include/grpc/support/json.h +218 -0
  54. data/include/grpc/support/log.h +87 -1
  55. data/include/grpc/support/log_windows.h +1 -1
  56. data/include/grpc/support/port_platform.h +767 -1
  57. data/include/grpc/support/string_util.h +1 -1
  58. data/include/grpc/support/sync.h +35 -2
  59. data/include/grpc/support/sync_abseil.h +11 -1
  60. data/include/grpc/support/sync_custom.h +13 -1
  61. data/include/grpc/support/sync_generic.h +24 -1
  62. data/include/grpc/support/sync_posix.h +27 -1
  63. data/include/grpc/support/sync_windows.h +15 -1
  64. data/include/grpc/support/time.h +31 -6
  65. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +164 -0
  66. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +52 -0
  67. data/src/core/ext/filters/backend_metrics/backend_metric_provider.h +29 -0
  68. data/src/core/ext/filters/census/grpc_context.cc +17 -18
  69. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +34 -28
  70. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +7 -6
  71. data/src/core/ext/filters/channel_idle/idle_filter_state.h +4 -4
  72. data/src/core/ext/filters/client_channel/backend_metric.cc +12 -1
  73. data/src/core/ext/filters/client_channel/backend_metric.h +3 -3
  74. data/src/core/ext/filters/client_channel/backup_poller.cc +30 -41
  75. data/src/core/ext/filters/client_channel/backup_poller.h +24 -27
  76. data/src/core/ext/filters/client_channel/channel_connectivity.cc +51 -28
  77. data/src/core/ext/filters/client_channel/client_channel.cc +1135 -1201
  78. data/src/core/ext/filters/client_channel/client_channel.h +170 -195
  79. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +36 -37
  80. data/src/core/ext/filters/client_channel/client_channel_channelz.h +22 -22
  81. data/src/core/ext/filters/client_channel/client_channel_factory.cc +17 -46
  82. data/src/core/ext/filters/client_channel/client_channel_factory.h +5 -13
  83. data/src/core/ext/filters/client_channel/client_channel_internal.h +77 -0
  84. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -34
  85. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
  86. data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -26
  87. data/src/core/ext/filters/client_channel/config_selector.h +34 -56
  88. data/src/core/ext/filters/client_channel/connector.h +13 -10
  89. data/src/core/ext/filters/client_channel/dynamic_filters.cc +28 -55
  90. data/src/core/ext/filters/client_channel/dynamic_filters.h +10 -11
  91. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +21 -21
  92. data/src/core/ext/filters/client_channel/http_proxy.cc +125 -112
  93. data/src/core/ext/filters/client_channel/http_proxy.h +36 -32
  94. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
  95. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -3
  96. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +29 -21
  97. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +27 -18
  98. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +14 -14
  99. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +66 -132
  100. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +40 -24
  101. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +325 -360
  102. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +26 -27
  103. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +12 -4
  104. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +9 -7
  105. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +18 -20
  106. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +21 -22
  107. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +19 -19
  108. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +22 -24
  109. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  110. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  111. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  112. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +30 -104
  113. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +5 -5
  114. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +117 -0
  115. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +436 -311
  116. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +69 -8
  117. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +61 -56
  118. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +261 -401
  119. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +288 -310
  120. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +32 -10
  121. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +561 -626
  122. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +60 -53
  123. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +94 -57
  124. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +198 -0
  125. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.h +71 -0
  126. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +1002 -0
  127. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +176 -186
  128. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +166 -176
  129. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
  130. data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
  131. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +3 -3
  132. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +159 -262
  133. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +183 -215
  134. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +391 -444
  135. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +814 -0
  136. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +67 -0
  137. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +363 -0
  138. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +21 -21
  139. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +13 -18
  140. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +456 -286
  141. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
  142. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +42 -43
  143. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +22 -23
  144. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +92 -87
  145. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +303 -232
  146. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +69 -57
  147. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +18 -18
  148. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +18 -18
  149. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +60 -0
  150. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.h +27 -0
  151. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +549 -0
  152. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
  153. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +97 -0
  154. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +32 -0
  155. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -46
  156. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +24 -0
  157. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +8 -20
  158. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +15 -4
  159. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +127 -246
  160. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +122 -67
  161. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +25 -18
  162. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +8 -19
  163. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +431 -341
  164. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +19 -4
  165. data/src/core/ext/filters/client_channel/retry_filter.cc +220 -295
  166. data/src/core/ext/filters/client_channel/retry_filter.h +3 -3
  167. data/src/core/ext/filters/client_channel/retry_service_config.cc +195 -225
  168. data/src/core/ext/filters/client_channel/retry_service_config.h +22 -28
  169. data/src/core/ext/filters/client_channel/retry_throttle.cc +27 -29
  170. data/src/core/ext/filters/client_channel/retry_throttle.h +29 -28
  171. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +22 -53
  172. data/src/core/ext/filters/client_channel/subchannel.cc +211 -450
  173. data/src/core/ext/filters/client_channel/subchannel.h +42 -96
  174. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +4 -4
  175. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +6 -76
  176. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +37 -46
  177. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +38 -42
  178. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +11 -8
  179. data/src/core/ext/filters/deadline/deadline_filter.cc +78 -69
  180. data/src/core/ext/filters/deadline/deadline_filter.h +8 -13
  181. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +26 -20
  182. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +12 -8
  183. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
  184. data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -13
  185. data/src/core/ext/filters/http/client/http_client_filter.cc +48 -46
  186. data/src/core/ext/filters/http/client/http_client_filter.h +21 -21
  187. data/src/core/ext/filters/http/client_authority_filter.cc +20 -21
  188. data/src/core/ext/filters/http/client_authority_filter.h +22 -22
  189. data/src/core/ext/filters/http/http_filters_plugin.cc +30 -57
  190. data/src/core/ext/filters/http/message_compress/compression_filter.cc +323 -0
  191. data/src/core/ext/filters/http/message_compress/compression_filter.h +139 -0
  192. data/src/core/ext/filters/http/server/http_server_filter.cc +55 -55
  193. data/src/core/ext/filters/http/server/http_server_filter.h +22 -22
  194. data/src/core/ext/filters/message_size/message_size_filter.cc +183 -290
  195. data/src/core/ext/filters/message_size/message_size_filter.h +72 -23
  196. data/src/core/ext/filters/rbac/rbac_filter.cc +16 -15
  197. data/src/core/ext/filters/rbac/rbac_filter.h +3 -3
  198. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +831 -536
  199. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +7 -8
  200. data/src/core/ext/filters/server_config_selector/server_config_selector.h +14 -11
  201. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +15 -21
  202. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +3 -3
  203. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +220 -0
  204. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +81 -0
  205. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.cc +82 -0
  206. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +93 -0
  207. data/src/core/ext/gcp/metadata_query.cc +137 -0
  208. data/src/core/ext/gcp/metadata_query.h +87 -0
  209. data/src/core/ext/transport/chttp2/alpn/alpn.cc +18 -18
  210. data/src/core/ext/transport/chttp2/alpn/alpn.h +24 -24
  211. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +108 -130
  212. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +30 -24
  213. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +221 -242
  214. data/src/core/ext/transport/chttp2/server/chttp2_server.h +25 -27
  215. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +22 -22
  216. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +33 -33
  217. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +42 -38
  218. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +35 -31
  219. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +808 -730
  220. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +45 -24
  221. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +70 -0
  222. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +251 -0
  223. data/src/core/ext/transport/chttp2/transport/decode_huff.h +971 -0
  224. data/src/core/ext/transport/chttp2/transport/flow_control.cc +180 -60
  225. data/src/core/ext/transport/chttp2/transport/flow_control.h +78 -45
  226. data/src/core/ext/transport/chttp2/transport/frame.h +21 -21
  227. data/src/core/ext/transport/chttp2/transport/frame_data.cc +35 -32
  228. data/src/core/ext/transport/chttp2/transport/frame_data.h +27 -27
  229. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +38 -36
  230. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +20 -20
  231. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +28 -33
  232. data/src/core/ext/transport/chttp2/transport/frame_ping.h +21 -24
  233. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +30 -25
  234. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +21 -21
  235. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +39 -37
  236. data/src/core/ext/transport/chttp2/transport/frame_settings.h +22 -22
  237. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +24 -21
  238. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +21 -21
  239. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +10 -4
  240. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +212 -365
  241. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +328 -160
  242. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +4 -2
  243. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +13 -5
  244. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +500 -754
  245. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +30 -26
  246. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +42 -47
  247. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +41 -28
  248. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +21 -19
  249. data/src/core/ext/transport/chttp2/transport/http2_settings.h +39 -37
  250. data/src/core/ext/transport/chttp2/transport/http_trace.cc +19 -0
  251. data/src/core/ext/transport/chttp2/transport/http_trace.h +24 -0
  252. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +20 -20
  253. data/src/core/ext/transport/chttp2/transport/huffsyms.h +21 -21
  254. data/src/core/ext/transport/chttp2/transport/internal.h +224 -193
  255. data/src/core/ext/transport/chttp2/transport/parsing.cc +307 -109
  256. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +19 -19
  257. data/src/core/ext/transport/chttp2/transport/stream_map.cc +23 -23
  258. data/src/core/ext/transport/chttp2/transport/stream_map.h +33 -33
  259. data/src/core/ext/transport/chttp2/transport/varint.cc +19 -20
  260. data/src/core/ext/transport/chttp2/transport/varint.h +37 -34
  261. data/src/core/ext/transport/chttp2/transport/writing.cc +94 -84
  262. data/src/core/ext/transport/inproc/inproc_plugin.cc +17 -17
  263. data/src/core/ext/transport/inproc/inproc_transport.cc +184 -232
  264. data/src/core/ext/transport/inproc/inproc_transport.h +21 -21
  265. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +87 -52
  266. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +435 -182
  267. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -59
  268. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +502 -220
  269. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +93 -377
  270. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +468 -1881
  271. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +535 -0
  272. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +2796 -0
  273. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +30 -17
  274. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +152 -47
  275. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +34 -19
  276. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +176 -49
  277. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +27 -14
  278. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +82 -38
  279. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +20 -11
  280. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +52 -26
  281. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +20 -11
  282. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +52 -26
  283. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +109 -62
  284. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +574 -244
  285. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +21 -12
  286. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +49 -30
  287. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +22 -19
  288. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +82 -29
  289. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +23 -16
  290. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +49 -30
  291. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +230 -143
  292. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +795 -406
  293. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +417 -256
  294. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1954 -858
  295. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -41
  296. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +298 -148
  297. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +537 -348
  298. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2136 -1171
  299. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -12
  300. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +49 -30
  301. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -52
  302. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +351 -232
  303. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +264 -165
  304. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +948 -480
  305. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +154 -72
  306. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +631 -213
  307. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +22 -13
  308. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +54 -36
  309. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +380 -219
  310. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1263 -598
  311. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +166 -94
  312. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +694 -292
  313. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +18 -11
  314. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +41 -26
  315. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +21 -12
  316. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +49 -30
  317. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +30 -17
  318. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +152 -47
  319. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +274 -167
  320. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +841 -440
  321. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +222 -128
  322. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1152 -485
  323. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -13
  324. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +64 -37
  325. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +350 -207
  326. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1156 -620
  327. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +44 -11
  328. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +179 -18
  329. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +34 -19
  330. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +127 -57
  331. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +48 -16
  332. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +193 -44
  333. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +31 -18
  334. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +147 -65
  335. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +22 -13
  336. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +55 -37
  337. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +78 -43
  338. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +277 -127
  339. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +147 -84
  340. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +479 -227
  341. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +115 -62
  342. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +579 -227
  343. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +18 -11
  344. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +39 -26
  345. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +198 -94
  346. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +1072 -358
  347. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +172 -95
  348. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +893 -375
  349. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +49 -23
  350. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +186 -89
  351. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +40 -16
  352. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +95 -45
  353. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +28 -15
  354. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +75 -45
  355. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +131 -74
  356. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +521 -249
  357. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +135 -80
  358. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +542 -246
  359. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +263 -121
  360. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +1083 -374
  361. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +83 -48
  362. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +656 -232
  363. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1317 -722
  364. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5948 -2306
  365. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +49 -28
  366. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +177 -85
  367. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +223 -117
  368. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +847 -369
  369. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +20 -10
  370. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +57 -22
  371. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +21 -12
  372. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +49 -30
  373. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +32 -19
  374. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +78 -49
  375. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +27 -14
  376. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +114 -43
  377. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +46 -25
  378. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +263 -100
  379. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +55 -0
  380. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +122 -0
  381. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +18 -11
  382. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +39 -26
  383. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +42 -23
  384. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +116 -70
  385. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +8 -4
  386. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +21 -15
  387. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +43 -24
  388. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +118 -75
  389. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +30 -16
  390. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +104 -46
  391. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +16 -9
  392. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +77 -23
  393. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +60 -37
  394. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +170 -108
  395. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +74 -43
  396. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +369 -167
  397. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +47 -21
  398. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +146 -58
  399. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -18
  400. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +257 -67
  401. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +75 -0
  402. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +201 -0
  403. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +476 -283
  404. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2259 -1015
  405. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +53 -0
  406. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +107 -0
  407. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +69 -0
  408. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +246 -0
  409. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +138 -0
  410. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +499 -0
  411. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +36 -17
  412. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +148 -55
  413. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +18 -11
  414. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +39 -26
  415. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -4
  416. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +15 -10
  417. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +184 -94
  418. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +948 -349
  419. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +56 -33
  420. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +162 -101
  421. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +188 -109
  422. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +855 -408
  423. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +32 -19
  424. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +118 -54
  425. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +10 -7
  426. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +22 -14
  427. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +325 -85
  428. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +1705 -299
  429. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +42 -23
  430. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +197 -76
  431. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +131 -84
  432. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +531 -239
  433. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +22 -13
  434. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +59 -34
  435. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +39 -26
  436. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +141 -69
  437. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +56 -0
  438. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +130 -0
  439. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +60 -26
  440. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +146 -51
  441. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +37 -20
  442. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +141 -63
  443. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -13
  444. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +95 -40
  445. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -12
  446. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +54 -32
  447. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +18 -11
  448. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +41 -26
  449. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +46 -27
  450. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +113 -70
  451. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +46 -0
  452. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +117 -0
  453. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +40 -23
  454. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +170 -76
  455. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +31 -18
  456. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +123 -57
  457. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +46 -29
  458. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +151 -91
  459. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +65 -42
  460. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +228 -121
  461. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +80 -45
  462. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +228 -131
  463. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +34 -21
  464. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +86 -53
  465. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -4
  466. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +13 -8
  467. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +16 -9
  468. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +32 -18
  469. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +28 -15
  470. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +63 -34
  471. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +43 -22
  472. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +103 -53
  473. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +78 -0
  474. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +237 -0
  475. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +7 -4
  476. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +16 -9
  477. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -11
  478. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +52 -26
  479. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +23 -14
  480. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +65 -41
  481. data/src/core/ext/upb-generated/google/api/annotations.upb.c +14 -11
  482. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -20
  483. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +255 -154
  484. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +979 -451
  485. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +299 -180
  486. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +995 -484
  487. data/src/core/ext/upb-generated/google/api/http.upb.c +68 -35
  488. data/src/core/ext/upb-generated/google/api/http.upb.h +297 -121
  489. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +22 -13
  490. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +99 -37
  491. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -10
  492. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +42 -22
  493. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +1037 -442
  494. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +3972 -1411
  495. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -10
  496. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +42 -22
  497. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +10 -7
  498. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +22 -14
  499. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +62 -39
  500. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +220 -103
  501. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -10
  502. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +42 -22
  503. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +90 -51
  504. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +193 -107
  505. data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -13
  506. data/src/core/ext/upb-generated/google/rpc/status.upb.h +99 -37
  507. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +59 -34
  508. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +170 -92
  509. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +43 -24
  510. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +122 -60
  511. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +250 -145
  512. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +960 -416
  513. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +34 -19
  514. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +84 -51
  515. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +25 -14
  516. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +53 -30
  517. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +144 -81
  518. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +442 -218
  519. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +51 -26
  520. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +161 -61
  521. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +173 -102
  522. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +884 -299
  523. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +68 -49
  524. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +167 -104
  525. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +26 -17
  526. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +59 -34
  527. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +12 -9
  528. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +31 -14
  529. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +26 -17
  530. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +59 -34
  531. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +23 -16
  532. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +49 -30
  533. data/src/core/ext/upb-generated/validate/validate.upb.c +846 -456
  534. data/src/core/ext/upb-generated/validate/validate.upb.h +4439 -1908
  535. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +68 -49
  536. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +167 -104
  537. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +26 -17
  538. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +59 -34
  539. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +12 -9
  540. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +31 -14
  541. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +65 -44
  542. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +153 -91
  543. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +23 -16
  544. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +49 -30
  545. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +16 -9
  546. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +32 -18
  547. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +56 -0
  548. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +122 -0
  549. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +37 -22
  550. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +104 -63
  551. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +26 -17
  552. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +56 -29
  553. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +21 -12
  554. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +49 -30
  555. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +23 -14
  556. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +66 -42
  557. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +44 -25
  558. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +177 -79
  559. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +27 -14
  560. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +69 -38
  561. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +86 -30
  562. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +227 -54
  563. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +21 -13
  564. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +93 -34
  565. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +53 -0
  566. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +107 -0
  567. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +75 -0
  568. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +270 -0
  569. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +39 -0
  570. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +78 -0
  571. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +78 -0
  572. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +289 -0
  573. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +162 -101
  574. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +539 -295
  575. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +160 -0
  576. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +740 -0
  577. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +24 -15
  578. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +61 -37
  579. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +40 -23
  580. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +170 -76
  581. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +82 -0
  582. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +240 -0
  583. data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +85 -0
  584. data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +246 -0
  585. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +21 -13
  586. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +49 -30
  587. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +1 -1
  588. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +6 -5
  589. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +55 -54
  590. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +6 -5
  591. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +68 -275
  592. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +6 -90
  593. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +277 -0
  594. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +126 -0
  595. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +1 -1
  596. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +6 -5
  597. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +15 -12
  598. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +6 -5
  599. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +1 -1
  600. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +6 -5
  601. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +1 -1
  602. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +6 -5
  603. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +1 -1
  604. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +6 -5
  605. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +1 -1
  606. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +6 -5
  607. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +1 -1
  608. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +6 -5
  609. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +1 -1
  610. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +6 -5
  611. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +1 -1
  612. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +6 -5
  613. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +108 -108
  614. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +6 -5
  615. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +251 -236
  616. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +6 -5
  617. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +1 -1
  618. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +6 -5
  619. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +233 -223
  620. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +6 -10
  621. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +1 -1
  622. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +6 -5
  623. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +1 -1
  624. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +6 -5
  625. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +1 -1
  626. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +6 -5
  627. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +96 -76
  628. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +11 -5
  629. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +1 -1
  630. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +6 -5
  631. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +188 -184
  632. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +6 -5
  633. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +13 -12
  634. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +11 -5
  635. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +1 -1
  636. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +6 -5
  637. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +1 -1
  638. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +6 -5
  639. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +1 -1
  640. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +6 -5
  641. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +1 -1
  642. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +6 -5
  643. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +82 -76
  644. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +6 -5
  645. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +1 -1
  646. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +6 -5
  647. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +194 -187
  648. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +6 -5
  649. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +32 -16
  650. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +11 -5
  651. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +1 -1
  652. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +6 -5
  653. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +8 -4
  654. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +11 -5
  655. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +17 -17
  656. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +6 -5
  657. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +1 -1
  658. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +6 -5
  659. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +1 -1
  660. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +6 -5
  661. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +72 -67
  662. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +6 -5
  663. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +1 -1
  664. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +6 -5
  665. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +1 -1
  666. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +6 -5
  667. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +161 -131
  668. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +26 -5
  669. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +1 -1
  670. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +6 -5
  671. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +55 -42
  672. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +6 -5
  673. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +40 -32
  674. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +6 -5
  675. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +1 -1
  676. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +6 -5
  677. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +1 -1
  678. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +6 -5
  679. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +1 -1
  680. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +6 -5
  681. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +162 -129
  682. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +21 -5
  683. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +83 -75
  684. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +8 -7
  685. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +744 -668
  686. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +26 -5
  687. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +1 -1
  688. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +6 -5
  689. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +151 -140
  690. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +11 -5
  691. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +17 -15
  692. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +6 -5
  693. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +1 -1
  694. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +6 -5
  695. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +1 -1
  696. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +6 -5
  697. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +1 -1
  698. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +6 -5
  699. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +1 -1
  700. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +6 -5
  701. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +45 -0
  702. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +36 -0
  703. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +1 -1
  704. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +6 -5
  705. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +1 -1
  706. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +6 -5
  707. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +17 -13
  708. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +6 -5
  709. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +1 -1
  710. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +6 -5
  711. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +21 -19
  712. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +6 -5
  713. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +1 -1
  714. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +6 -5
  715. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +1 -1
  716. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +6 -5
  717. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +1 -1
  718. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +6 -5
  719. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +47 -26
  720. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +6 -5
  721. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +54 -43
  722. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +6 -5
  723. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +60 -0
  724. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +41 -0
  725. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +497 -468
  726. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +6 -5
  727. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +50 -0
  728. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +36 -0
  729. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +1 -1
  730. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +6 -5
  731. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +138 -133
  732. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +6 -5
  733. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +1 -1
  734. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +6 -5
  735. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +151 -147
  736. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +6 -5
  737. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +1 -1
  738. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +6 -5
  739. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +6 -6
  740. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +6 -5
  741. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +157 -85
  742. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +41 -5
  743. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +6 -6
  744. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +6 -5
  745. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +113 -114
  746. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +6 -5
  747. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +1 -1
  748. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +6 -5
  749. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +1 -1
  750. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +6 -5
  751. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +48 -0
  752. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +36 -0
  753. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +13 -10
  754. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +11 -5
  755. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +1 -1
  756. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +6 -5
  757. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +1 -1
  758. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +6 -5
  759. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +1 -1
  760. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +6 -5
  761. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +1 -1
  762. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +6 -5
  763. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +30 -29
  764. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +6 -5
  765. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +40 -0
  766. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +41 -0
  767. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +1 -1
  768. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +6 -5
  769. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +1 -1
  770. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +6 -5
  771. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +1 -1
  772. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +6 -5
  773. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +1 -1
  774. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +6 -5
  775. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +1 -1
  776. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +6 -5
  777. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +1 -1
  778. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +6 -5
  779. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +1 -1
  780. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +6 -5
  781. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +1 -1
  782. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +6 -5
  783. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +1 -1
  784. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +6 -5
  785. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +1 -1
  786. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +6 -5
  787. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +69 -0
  788. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +41 -0
  789. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +11 -10
  790. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +6 -5
  791. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +1 -1
  792. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +6 -5
  793. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +1 -1
  794. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +6 -5
  795. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +1 -1
  796. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +6 -5
  797. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +1 -1
  798. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +6 -5
  799. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +1 -1
  800. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +6 -5
  801. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +1 -1
  802. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +6 -5
  803. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +1 -1
  804. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +6 -5
  805. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +1 -1
  806. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +6 -5
  807. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +328 -270
  808. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +11 -5
  809. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +1 -1
  810. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +6 -5
  811. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +1 -1
  812. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +6 -5
  813. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +1 -1
  814. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +6 -5
  815. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +1 -1
  816. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +6 -5
  817. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +1 -1
  818. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +6 -5
  819. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +1 -1
  820. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +6 -5
  821. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +1 -1
  822. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +6 -5
  823. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +1 -1
  824. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +6 -5
  825. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +1 -1
  826. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +6 -5
  827. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +1 -1
  828. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +6 -5
  829. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +1 -1
  830. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +6 -5
  831. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +1 -1
  832. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +6 -5
  833. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +1 -1
  834. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +6 -5
  835. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +1 -1
  836. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +6 -5
  837. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +1 -1
  838. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +6 -5
  839. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +1 -1
  840. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +6 -5
  841. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +1 -1
  842. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +6 -5
  843. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +1 -1
  844. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +6 -5
  845. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +1 -1
  846. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +6 -5
  847. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +1 -1
  848. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +6 -5
  849. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +45 -0
  850. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +36 -0
  851. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +1 -1
  852. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +6 -5
  853. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +1 -1
  854. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +6 -5
  855. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +1 -1
  856. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +6 -5
  857. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +1 -1
  858. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +6 -5
  859. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +1 -1
  860. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +6 -5
  861. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +1 -1
  862. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +6 -5
  863. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +43 -0
  864. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +36 -0
  865. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +51 -0
  866. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +41 -0
  867. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +36 -0
  868. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +36 -0
  869. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +55 -0
  870. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +41 -0
  871. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +10 -10
  872. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +6 -5
  873. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +71 -0
  874. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +61 -0
  875. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +1 -1
  876. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +6 -5
  877. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +1 -1
  878. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +6 -5
  879. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +60 -0
  880. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +41 -0
  881. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +36 -0
  882. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +46 -0
  883. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +5 -8
  884. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +6 -5
  885. data/src/core/ext/xds/certificate_provider_store.cc +58 -3
  886. data/src/core/ext/xds/certificate_provider_store.h +12 -4
  887. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +36 -50
  888. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +18 -13
  889. data/src/core/ext/xds/upb_utils.h +4 -25
  890. data/src/core/ext/xds/xds_api.cc +117 -198
  891. data/src/core/ext/xds/xds_api.h +32 -36
  892. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  893. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  894. data/src/core/ext/xds/xds_bootstrap.cc +7 -552
  895. data/src/core/ext/xds/xds_bootstrap.h +41 -94
  896. data/src/core/ext/xds/xds_bootstrap_grpc.cc +374 -0
  897. data/src/core/ext/xds/xds_bootstrap_grpc.h +189 -0
  898. data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
  899. data/src/core/ext/xds/xds_certificate_provider.h +13 -4
  900. data/src/core/ext/xds/xds_channel_args.h +3 -3
  901. data/src/core/ext/xds/xds_channel_stack_modifier.cc +7 -7
  902. data/src/core/ext/xds/xds_channel_stack_modifier.h +12 -4
  903. data/src/core/ext/xds/xds_client.cc +830 -1348
  904. data/src/core/ext/xds/xds_client.h +46 -64
  905. data/src/core/ext/xds/xds_client_grpc.cc +235 -0
  906. data/src/core/ext/xds/xds_client_grpc.h +79 -0
  907. data/src/core/ext/xds/xds_client_stats.cc +50 -36
  908. data/src/core/ext/xds/xds_client_stats.h +46 -41
  909. data/src/core/ext/xds/xds_cluster.cc +396 -246
  910. data/src/core/ext/xds/xds_cluster.h +60 -43
  911. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +62 -77
  912. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +50 -25
  913. data/src/core/ext/xds/xds_common_types.cc +234 -130
  914. data/src/core/ext/xds/xds_common_types.h +24 -19
  915. data/src/core/ext/xds/xds_endpoint.cc +263 -164
  916. data/src/core/ext/xds/xds_endpoint.h +19 -15
  917. data/src/core/ext/xds/xds_health_status.cc +80 -0
  918. data/src/core/ext/xds/xds_health_status.h +109 -0
  919. data/src/core/ext/xds/xds_http_fault_filter.cc +72 -62
  920. data/src/core/ext/xds/xds_http_fault_filter.h +21 -28
  921. data/src/core/ext/xds/xds_http_filters.cc +65 -73
  922. data/src/core/ext/xds/xds_http_filters.h +78 -27
  923. data/src/core/ext/xds/xds_http_rbac_filter.cc +307 -295
  924. data/src/core/ext/xds/xds_http_rbac_filter.h +21 -23
  925. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +222 -0
  926. data/src/core/ext/xds/xds_http_stateful_session_filter.h +59 -0
  927. data/src/core/ext/xds/xds_lb_policy_registry.cc +215 -171
  928. data/src/core/ext/xds/xds_lb_policy_registry.h +15 -16
  929. data/src/core/ext/xds/xds_listener.cc +549 -478
  930. data/src/core/ext/xds/xds_listener.h +51 -54
  931. data/src/core/ext/xds/xds_resource_type.h +28 -22
  932. data/src/core/ext/xds/xds_resource_type_impl.h +13 -16
  933. data/src/core/ext/xds/xds_route_config.cc +610 -576
  934. data/src/core/ext/xds/xds_route_config.h +69 -44
  935. data/src/core/ext/xds/xds_routing.cc +7 -9
  936. data/src/core/ext/xds/xds_routing.h +12 -12
  937. data/src/core/ext/xds/xds_server_config_fetcher.cc +184 -184
  938. data/src/core/ext/xds/xds_transport.h +86 -0
  939. data/src/core/ext/xds/xds_transport_grpc.cc +358 -0
  940. data/src/core/ext/xds/xds_transport_grpc.h +135 -0
  941. data/src/core/lib/address_utils/parse_address.cc +49 -46
  942. data/src/core/lib/address_utils/parse_address.h +43 -40
  943. data/src/core/lib/address_utils/sockaddr_utils.cc +30 -28
  944. data/src/core/lib/address_utils/sockaddr_utils.h +36 -36
  945. data/src/core/lib/avl/avl.h +59 -32
  946. data/src/core/lib/backoff/backoff.cc +19 -21
  947. data/src/core/lib/backoff/backoff.h +20 -20
  948. data/src/core/lib/backoff/random_early_detection.cc +31 -0
  949. data/src/core/lib/backoff/random_early_detection.h +59 -0
  950. data/src/core/lib/channel/call_finalization.h +5 -7
  951. data/src/core/lib/channel/call_tracer.cc +51 -0
  952. data/src/core/lib/channel/call_tracer.h +106 -34
  953. data/src/core/lib/channel/channel_args.cc +188 -61
  954. data/src/core/lib/channel/channel_args.h +318 -112
  955. data/src/core/lib/channel/channel_args_preconditioning.h +4 -4
  956. data/src/core/lib/channel/channel_fwd.h +3 -3
  957. data/src/core/lib/channel/channel_stack.cc +60 -58
  958. data/src/core/lib/channel/channel_stack.h +148 -135
  959. data/src/core/lib/channel/channel_stack_builder.cc +21 -24
  960. data/src/core/lib/channel/channel_stack_builder.h +17 -9
  961. data/src/core/lib/channel/channel_stack_builder_impl.cc +55 -26
  962. data/src/core/lib/channel/channel_stack_builder_impl.h +5 -3
  963. data/src/core/lib/channel/channel_trace.cc +40 -38
  964. data/src/core/lib/channel/channel_trace.h +22 -22
  965. data/src/core/lib/channel/channelz.cc +190 -173
  966. data/src/core/lib/channel/channelz.h +80 -64
  967. data/src/core/lib/channel/channelz_registry.cc +41 -37
  968. data/src/core/lib/channel/channelz_registry.h +21 -21
  969. data/src/core/lib/channel/connected_channel.cc +764 -67
  970. data/src/core/lib/channel/connected_channel.h +20 -24
  971. data/src/core/lib/channel/context.h +33 -22
  972. data/src/core/lib/channel/promise_based_filter.cc +1607 -295
  973. data/src/core/lib/channel/promise_based_filter.h +485 -104
  974. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  975. data/src/core/lib/channel/status_util.cc +62 -17
  976. data/src/core/lib/channel/status_util.h +39 -22
  977. data/src/core/lib/compression/compression.cc +19 -19
  978. data/src/core/lib/compression/compression_internal.cc +38 -48
  979. data/src/core/lib/compression/compression_internal.h +25 -25
  980. data/src/core/lib/compression/message_compress.cc +26 -26
  981. data/src/core/lib/compression/message_compress.h +27 -27
  982. data/src/core/lib/config/config_vars.cc +153 -0
  983. data/src/core/lib/config/config_vars.h +127 -0
  984. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  985. data/src/core/lib/config/core_configuration.cc +5 -1
  986. data/src/core/lib/config/core_configuration.h +84 -38
  987. data/src/core/lib/config/load_config.cc +79 -0
  988. data/src/core/lib/config/load_config.h +55 -0
  989. data/src/core/lib/debug/event_log.cc +88 -0
  990. data/src/core/lib/debug/event_log.h +81 -0
  991. data/src/core/lib/debug/histogram_view.cc +69 -0
  992. data/src/core/lib/debug/histogram_view.h +37 -0
  993. data/src/core/lib/debug/stats.cc +47 -151
  994. data/src/core/lib/debug/stats.h +49 -57
  995. data/src/core/lib/debug/stats_data.cc +302 -646
  996. data/src/core/lib/debug/stats_data.h +295 -543
  997. data/src/core/lib/debug/trace.cc +56 -81
  998. data/src/core/lib/debug/trace.h +37 -54
  999. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  1000. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  1001. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  1002. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  1003. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  1004. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +15 -18
  1005. data/src/core/lib/event_engine/channel_args_endpoint_config.h +16 -10
  1006. data/src/core/lib/event_engine/common_closures.h +71 -0
  1007. data/src/core/lib/event_engine/default_event_engine.cc +111 -0
  1008. data/src/core/lib/event_engine/default_event_engine.h +73 -0
  1009. data/src/core/lib/event_engine/default_event_engine_factory.cc +32 -5
  1010. data/src/core/lib/event_engine/{event_engine_factory.h → default_event_engine_factory.h} +4 -12
  1011. data/src/core/lib/event_engine/event_engine.cc +29 -36
  1012. data/src/core/lib/event_engine/forkable.cc +106 -0
  1013. data/src/core/lib/event_engine/forkable.h +61 -0
  1014. data/src/core/lib/event_engine/handle_containers.h +12 -20
  1015. data/src/core/lib/event_engine/memory_allocator.cc +1 -1
  1016. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  1017. data/src/core/lib/event_engine/poller.h +62 -0
  1018. data/src/core/lib/event_engine/posix.h +162 -0
  1019. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +642 -0
  1020. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +139 -0
  1021. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +895 -0
  1022. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
  1023. data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
  1024. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +68 -0
  1025. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +33 -0
  1026. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
  1027. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
  1028. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +254 -0
  1029. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
  1030. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1338 -0
  1031. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +726 -0
  1032. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +637 -0
  1033. data/src/core/lib/event_engine/posix_engine/posix_engine.h +259 -0
  1034. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
  1035. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +292 -0
  1036. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +278 -0
  1037. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +379 -0
  1038. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +91 -0
  1039. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +867 -0
  1040. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +316 -0
  1041. data/src/core/lib/event_engine/{iomgr_engine → posix_engine}/timer.cc +51 -52
  1042. data/src/core/lib/event_engine/posix_engine/timer.h +194 -0
  1043. data/src/core/lib/event_engine/{iomgr_engine → posix_engine}/timer_heap.cc +29 -29
  1044. data/src/core/lib/event_engine/posix_engine/timer_heap.h +56 -0
  1045. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +173 -0
  1046. data/src/core/lib/event_engine/posix_engine/timer_manager.h +114 -0
  1047. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +332 -0
  1048. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +185 -0
  1049. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +127 -0
  1050. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
  1051. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +150 -0
  1052. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
  1053. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
  1054. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
  1055. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
  1056. data/src/core/lib/event_engine/resolved_address.cc +21 -1
  1057. data/src/core/lib/event_engine/resolved_address_internal.h +34 -0
  1058. data/src/core/lib/event_engine/shim.cc +64 -0
  1059. data/src/core/lib/event_engine/shim.h +33 -0
  1060. data/src/core/lib/event_engine/slice.cc +8 -7
  1061. data/src/core/lib/event_engine/slice_buffer.cc +2 -2
  1062. data/src/core/lib/event_engine/tcp_socket_utils.cc +389 -0
  1063. data/src/core/lib/event_engine/tcp_socket_utils.h +90 -0
  1064. data/src/core/lib/event_engine/thread_local.cc +29 -0
  1065. data/src/core/lib/event_engine/thread_local.h +32 -0
  1066. data/src/core/lib/event_engine/thread_pool/original_thread_pool.cc +256 -0
  1067. data/src/core/lib/event_engine/thread_pool/original_thread_pool.h +137 -0
  1068. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  1069. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +40 -0
  1070. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  1071. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  1072. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  1073. data/src/core/lib/event_engine/{iomgr_engine/iomgr_engine.h → thready_event_engine/thready_event_engine.h} +51 -65
  1074. data/src/core/lib/event_engine/time_util.cc +30 -0
  1075. data/src/core/lib/event_engine/time_util.h +32 -0
  1076. data/src/core/lib/event_engine/trace.cc +7 -0
  1077. data/src/core/lib/event_engine/trace.h +22 -3
  1078. data/src/core/lib/event_engine/utils.cc +44 -0
  1079. data/src/core/lib/event_engine/utils.h +44 -0
  1080. data/src/core/lib/event_engine/windows/iocp.cc +141 -0
  1081. data/src/core/lib/event_engine/windows/iocp.h +69 -0
  1082. data/src/core/lib/event_engine/windows/win_socket.cc +218 -0
  1083. data/src/core/lib/event_engine/windows/win_socket.h +129 -0
  1084. data/src/core/lib/event_engine/windows/windows_endpoint.cc +379 -0
  1085. data/src/core/lib/event_engine/windows/windows_endpoint.h +120 -0
  1086. data/src/core/lib/event_engine/windows/windows_engine.cc +411 -0
  1087. data/src/core/lib/event_engine/windows/windows_engine.h +164 -0
  1088. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  1089. data/src/core/lib/event_engine/windows/windows_listener.h +156 -0
  1090. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  1091. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  1092. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  1093. data/src/core/lib/experiments/config.cc +185 -0
  1094. data/src/core/lib/experiments/config.h +69 -0
  1095. data/src/core/lib/experiments/experiments.cc +138 -0
  1096. data/src/core/lib/experiments/experiments.h +134 -0
  1097. data/src/core/lib/gpr/alloc.cc +19 -25
  1098. data/src/core/lib/gpr/alloc.h +20 -20
  1099. data/src/core/lib/gpr/{log_android.cc → android/log.cc} +22 -20
  1100. data/src/core/lib/gpr/atm.cc +17 -17
  1101. data/src/core/lib/gpr/iphone/cpu.cc +44 -0
  1102. data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +28 -23
  1103. data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +24 -24
  1104. data/src/core/lib/gpr/log.cc +42 -47
  1105. data/src/core/lib/gpr/log_internal.h +55 -0
  1106. data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +21 -20
  1107. data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +23 -22
  1108. data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +20 -19
  1109. data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +24 -24
  1110. data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +22 -34
  1111. data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +40 -36
  1112. data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +22 -20
  1113. data/src/core/lib/gpr/spinlock.h +20 -20
  1114. data/src/core/lib/gpr/string.cc +25 -24
  1115. data/src/core/lib/gpr/string.h +61 -61
  1116. data/src/core/lib/gpr/sync.cc +25 -25
  1117. data/src/core/lib/gpr/sync_abseil.cc +36 -40
  1118. data/src/core/lib/gpr/time.cc +34 -30
  1119. data/src/core/lib/gpr/time_precise.cc +22 -22
  1120. data/src/core/lib/gpr/time_precise.h +21 -22
  1121. data/src/core/lib/gpr/tmpfile.h +24 -24
  1122. data/src/core/lib/gpr/useful.h +83 -30
  1123. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc → lib/gpr/windows/cpu.cc} +16 -11
  1124. data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +25 -25
  1125. data/src/core/lib/gpr/windows/string.cc +69 -0
  1126. data/src/core/lib/gpr/windows/string_util.cc +55 -0
  1127. data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +29 -27
  1128. data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +25 -22
  1129. data/src/core/lib/gpr/windows/tmpfile.cc +68 -0
  1130. data/src/core/lib/gpr/wrap_memcpy.cc +23 -23
  1131. data/src/core/lib/gprpp/atomic_utils.h +20 -20
  1132. data/src/core/lib/gprpp/bitset.h +30 -16
  1133. data/src/core/lib/gprpp/chunked_vector.h +3 -3
  1134. data/src/core/lib/gprpp/construct_destruct.h +3 -3
  1135. data/src/core/lib/gprpp/cpp_impl_of.h +3 -3
  1136. data/src/core/lib/gprpp/crash.cc +43 -0
  1137. data/src/core/lib/gprpp/crash.h +37 -0
  1138. data/src/core/lib/gprpp/debug_location.h +60 -31
  1139. data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
  1140. data/src/core/lib/gprpp/env.h +53 -0
  1141. data/src/core/lib/gprpp/examine_stack.cc +17 -17
  1142. data/src/core/lib/gprpp/examine_stack.h +21 -21
  1143. data/src/core/lib/gprpp/fork.cc +63 -61
  1144. data/src/core/lib/gprpp/fork.h +29 -35
  1145. data/src/core/lib/gprpp/host_port.cc +28 -26
  1146. data/src/core/lib/gprpp/host_port.h +32 -31
  1147. data/src/core/lib/gprpp/linux/env.cc +80 -0
  1148. data/src/core/lib/gprpp/load_file.cc +75 -0
  1149. data/src/core/lib/gprpp/load_file.h +33 -0
  1150. data/src/core/lib/gprpp/manual_constructor.h +21 -21
  1151. data/src/core/lib/gprpp/match.h +3 -3
  1152. data/src/core/lib/gprpp/memory.h +21 -21
  1153. data/src/core/lib/gprpp/mpscq.cc +17 -17
  1154. data/src/core/lib/gprpp/mpscq.h +21 -21
  1155. data/src/core/lib/gprpp/no_destruct.h +95 -0
  1156. data/src/core/lib/gprpp/notification.h +67 -0
  1157. data/src/core/lib/gprpp/orphanable.h +25 -24
  1158. data/src/core/lib/gprpp/overload.h +3 -3
  1159. data/src/core/lib/gprpp/packed_table.h +40 -0
  1160. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  1161. data/src/core/lib/gprpp/per_cpu.h +75 -0
  1162. data/src/core/lib/gprpp/posix/env.cc +47 -0
  1163. data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +5 -4
  1164. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +75 -64
  1165. data/src/core/lib/gprpp/ref_counted.h +54 -55
  1166. data/src/core/lib/gprpp/ref_counted_ptr.h +41 -54
  1167. data/src/core/lib/gprpp/single_set_ptr.h +3 -3
  1168. data/src/core/lib/gprpp/sorted_pack.h +98 -0
  1169. data/src/core/lib/gprpp/stat.h +3 -3
  1170. data/src/core/lib/gprpp/status_helper.cc +6 -4
  1171. data/src/core/lib/gprpp/status_helper.h +9 -5
  1172. data/src/core/lib/gprpp/strerror.cc +43 -0
  1173. data/src/core/lib/gprpp/strerror.h +29 -0
  1174. data/src/core/lib/gprpp/sync.h +23 -23
  1175. data/src/core/lib/gprpp/table.h +12 -4
  1176. data/src/core/lib/gprpp/tchar.cc +49 -0
  1177. data/src/core/lib/gprpp/tchar.h +33 -0
  1178. data/src/core/lib/gprpp/thd.h +39 -23
  1179. data/src/core/lib/gprpp/time.cc +37 -8
  1180. data/src/core/lib/gprpp/time.h +69 -4
  1181. data/src/core/lib/{event_engine/iomgr_engine → gprpp}/time_averaged_stats.cc +23 -25
  1182. data/src/core/lib/gprpp/time_averaged_stats.h +79 -0
  1183. data/src/core/lib/gprpp/time_util.h +4 -4
  1184. data/src/core/lib/gprpp/unique_type_name.h +21 -21
  1185. data/src/core/lib/gprpp/validation_errors.cc +66 -0
  1186. data/src/core/lib/gprpp/validation_errors.h +134 -0
  1187. data/src/core/lib/gprpp/windows/env.cc +56 -0
  1188. data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +4 -2
  1189. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +28 -28
  1190. data/src/core/lib/{iomgr → gprpp}/work_serializer.cc +34 -18
  1191. data/src/core/lib/{iomgr → gprpp}/work_serializer.h +21 -27
  1192. data/src/core/lib/handshaker/proxy_mapper.h +53 -0
  1193. data/src/core/lib/handshaker/proxy_mapper_registry.cc +71 -0
  1194. data/src/core/lib/handshaker/proxy_mapper_registry.h +75 -0
  1195. data/src/core/lib/http/format_request.cc +19 -18
  1196. data/src/core/lib/http/format_request.h +20 -20
  1197. data/src/core/lib/http/httpcli.cc +69 -84
  1198. data/src/core/lib/http/httpcli.h +29 -29
  1199. data/src/core/lib/http/httpcli_security_connector.cc +33 -36
  1200. data/src/core/lib/http/httpcli_ssl_credentials.h +3 -3
  1201. data/src/core/lib/http/parser.cc +76 -87
  1202. data/src/core/lib/http/parser.h +35 -35
  1203. data/src/core/lib/iomgr/block_annotate.h +23 -23
  1204. data/src/core/lib/iomgr/buffer_list.cc +156 -136
  1205. data/src/core/lib/iomgr/buffer_list.h +122 -101
  1206. data/src/core/lib/iomgr/call_combiner.cc +32 -64
  1207. data/src/core/lib/iomgr/call_combiner.h +26 -27
  1208. data/src/core/lib/iomgr/cfstream_handle.cc +34 -37
  1209. data/src/core/lib/iomgr/cfstream_handle.h +25 -25
  1210. data/src/core/lib/iomgr/closure.cc +27 -0
  1211. data/src/core/lib/iomgr/closure.h +95 -58
  1212. data/src/core/lib/iomgr/combiner.cc +20 -39
  1213. data/src/core/lib/iomgr/combiner.h +20 -20
  1214. data/src/core/lib/iomgr/dualstack_socket_posix.cc +21 -21
  1215. data/src/core/lib/iomgr/dynamic_annotations.h +22 -22
  1216. data/src/core/lib/iomgr/endpoint.cc +17 -17
  1217. data/src/core/lib/iomgr/endpoint.h +49 -49
  1218. data/src/core/lib/iomgr/endpoint_cfstream.cc +58 -53
  1219. data/src/core/lib/iomgr/endpoint_cfstream.h +32 -32
  1220. data/src/core/lib/iomgr/endpoint_pair.h +22 -22
  1221. data/src/core/lib/iomgr/endpoint_pair_posix.cc +36 -30
  1222. data/src/core/lib/iomgr/endpoint_pair_windows.cc +31 -22
  1223. data/src/core/lib/iomgr/error.cc +49 -834
  1224. data/src/core/lib/iomgr/error.h +45 -321
  1225. data/src/core/lib/iomgr/error_cfstream.cc +18 -23
  1226. data/src/core/lib/iomgr/error_cfstream.h +21 -21
  1227. data/src/core/lib/iomgr/ev_apple.cc +33 -33
  1228. data/src/core/lib/iomgr/ev_apple.h +21 -21
  1229. data/src/core/lib/iomgr/ev_epoll1_linux.cc +219 -236
  1230. data/src/core/lib/iomgr/ev_epoll1_linux.h +20 -20
  1231. data/src/core/lib/iomgr/ev_poll_posix.cc +231 -231
  1232. data/src/core/lib/iomgr/ev_poll_posix.h +20 -20
  1233. data/src/core/lib/iomgr/ev_posix.cc +47 -79
  1234. data/src/core/lib/iomgr/ev_posix.h +88 -87
  1235. data/src/core/lib/iomgr/ev_windows.cc +18 -18
  1236. data/src/core/lib/iomgr/event_engine_shims/closure.cc +62 -0
  1237. data/src/core/lib/iomgr/event_engine_shims/closure.h +39 -0
  1238. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +471 -0
  1239. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +43 -0
  1240. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +91 -0
  1241. data/src/core/lib/iomgr/event_engine_shims/tcp_client.h +44 -0
  1242. data/src/core/lib/iomgr/exec_ctx.cc +34 -56
  1243. data/src/core/lib/iomgr/exec_ctx.h +151 -175
  1244. data/src/core/lib/iomgr/executor.cc +21 -31
  1245. data/src/core/lib/iomgr/executor.h +27 -30
  1246. data/src/core/lib/iomgr/fork_posix.cc +29 -26
  1247. data/src/core/lib/iomgr/fork_windows.cc +21 -21
  1248. data/src/core/lib/iomgr/gethostname.h +20 -20
  1249. data/src/core/lib/iomgr/gethostname_fallback.cc +17 -17
  1250. data/src/core/lib/iomgr/gethostname_host_name_max.cc +17 -17
  1251. data/src/core/lib/iomgr/gethostname_sysconf.cc +17 -17
  1252. data/src/core/lib/iomgr/grpc_if_nametoindex.h +22 -22
  1253. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +20 -19
  1254. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +20 -19
  1255. data/src/core/lib/iomgr/internal_errqueue.cc +4 -2
  1256. data/src/core/lib/iomgr/internal_errqueue.h +83 -83
  1257. data/src/core/lib/iomgr/iocp_windows.cc +47 -26
  1258. data/src/core/lib/iomgr/iocp_windows.h +32 -21
  1259. data/src/core/lib/iomgr/iomgr.cc +29 -34
  1260. data/src/core/lib/iomgr/iomgr.h +35 -35
  1261. data/src/core/lib/iomgr/iomgr_fwd.h +4 -3
  1262. data/src/core/lib/iomgr/iomgr_internal.cc +17 -17
  1263. data/src/core/lib/iomgr/iomgr_internal.h +28 -28
  1264. data/src/core/lib/iomgr/iomgr_posix.cc +20 -20
  1265. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +21 -20
  1266. data/src/core/lib/iomgr/iomgr_windows.cc +32 -24
  1267. data/src/core/lib/iomgr/load_file.cc +24 -27
  1268. data/src/core/lib/iomgr/load_file.h +22 -22
  1269. data/src/core/lib/iomgr/lockfree_event.cc +114 -131
  1270. data/src/core/lib/iomgr/lockfree_event.h +23 -23
  1271. data/src/core/lib/iomgr/nameser.h +86 -86
  1272. data/src/core/lib/iomgr/polling_entity.cc +25 -21
  1273. data/src/core/lib/iomgr/polling_entity.h +29 -29
  1274. data/src/core/lib/iomgr/pollset.cc +17 -17
  1275. data/src/core/lib/iomgr/pollset.h +55 -55
  1276. data/src/core/lib/iomgr/pollset_set.cc +17 -17
  1277. data/src/core/lib/iomgr/pollset_set.h +25 -26
  1278. data/src/core/lib/iomgr/pollset_set_windows.cc +27 -27
  1279. data/src/core/lib/iomgr/pollset_set_windows.h +20 -20
  1280. data/src/core/lib/iomgr/pollset_windows.cc +33 -32
  1281. data/src/core/lib/iomgr/pollset_windows.h +24 -24
  1282. data/src/core/lib/iomgr/port.h +34 -31
  1283. data/src/core/lib/iomgr/python_util.h +24 -24
  1284. data/src/core/lib/iomgr/resolve_address.cc +26 -20
  1285. data/src/core/lib/iomgr/resolve_address.h +54 -31
  1286. data/src/core/lib/iomgr/resolve_address_impl.h +5 -4
  1287. data/src/core/lib/iomgr/resolve_address_posix.cc +74 -49
  1288. data/src/core/lib/iomgr/resolve_address_posix.h +23 -10
  1289. data/src/core/lib/iomgr/resolve_address_windows.cc +59 -26
  1290. data/src/core/lib/iomgr/resolve_address_windows.h +23 -10
  1291. data/src/core/lib/iomgr/resolved_address.h +3 -3
  1292. data/src/core/lib/iomgr/sockaddr.h +23 -23
  1293. data/src/core/lib/iomgr/sockaddr_posix.h +21 -21
  1294. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +20 -18
  1295. data/src/core/lib/iomgr/sockaddr_windows.h +21 -21
  1296. data/src/core/lib/iomgr/socket_factory_posix.cc +18 -18
  1297. data/src/core/lib/iomgr/socket_factory_posix.h +32 -32
  1298. data/src/core/lib/iomgr/socket_mutator.cc +19 -18
  1299. data/src/core/lib/iomgr/socket_mutator.h +39 -39
  1300. data/src/core/lib/iomgr/socket_utils.h +27 -27
  1301. data/src/core/lib/iomgr/socket_utils_common_posix.cc +99 -104
  1302. data/src/core/lib/iomgr/socket_utils_linux.cc +18 -17
  1303. data/src/core/lib/iomgr/socket_utils_posix.cc +106 -19
  1304. data/src/core/lib/iomgr/socket_utils_posix.h +179 -84
  1305. data/src/core/lib/iomgr/socket_utils_windows.cc +20 -19
  1306. data/src/core/lib/iomgr/socket_windows.cc +97 -42
  1307. data/src/core/lib/iomgr/socket_windows.h +68 -63
  1308. data/src/core/lib/iomgr/systemd_utils.cc +116 -0
  1309. data/src/core/lib/iomgr/systemd_utils.h +33 -0
  1310. data/src/core/lib/iomgr/tcp_client.cc +23 -24
  1311. data/src/core/lib/iomgr/tcp_client.h +39 -39
  1312. data/src/core/lib/iomgr/tcp_client_cfstream.cc +43 -35
  1313. data/src/core/lib/iomgr/tcp_client_posix.cc +117 -100
  1314. data/src/core/lib/iomgr/tcp_client_posix.h +54 -51
  1315. data/src/core/lib/iomgr/tcp_client_windows.cc +57 -48
  1316. data/src/core/lib/iomgr/tcp_posix.cc +448 -350
  1317. data/src/core/lib/iomgr/tcp_posix.h +32 -30
  1318. data/src/core/lib/iomgr/tcp_server.cc +33 -24
  1319. data/src/core/lib/iomgr/tcp_server.h +78 -69
  1320. data/src/core/lib/iomgr/tcp_server_posix.cc +390 -126
  1321. data/src/core/lib/iomgr/tcp_server_utils_posix.h +68 -55
  1322. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +93 -58
  1323. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +40 -40
  1324. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +19 -19
  1325. data/src/core/lib/iomgr/tcp_server_windows.cc +280 -123
  1326. data/src/core/lib/iomgr/tcp_windows.cc +121 -102
  1327. data/src/core/lib/iomgr/tcp_windows.h +34 -35
  1328. data/src/core/lib/iomgr/timer.cc +17 -17
  1329. data/src/core/lib/iomgr/timer.h +68 -68
  1330. data/src/core/lib/iomgr/timer_generic.cc +142 -150
  1331. data/src/core/lib/iomgr/timer_generic.h +21 -21
  1332. data/src/core/lib/iomgr/timer_heap.cc +25 -25
  1333. data/src/core/lib/iomgr/timer_heap.h +22 -22
  1334. data/src/core/lib/iomgr/timer_manager.cc +31 -31
  1335. data/src/core/lib/iomgr/timer_manager.h +27 -27
  1336. data/src/core/lib/iomgr/unix_sockets_posix.cc +20 -21
  1337. data/src/core/lib/iomgr/unix_sockets_posix.h +21 -21
  1338. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +19 -17
  1339. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +23 -23
  1340. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +23 -23
  1341. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +29 -26
  1342. data/src/core/lib/iomgr/wakeup_fd_pipe.h +20 -20
  1343. data/src/core/lib/iomgr/wakeup_fd_posix.cc +18 -18
  1344. data/src/core/lib/iomgr/wakeup_fd_posix.h +52 -52
  1345. data/src/core/lib/json/json.h +21 -240
  1346. data/src/core/{ext/filters/http/message_compress/message_decompress_filter.h → lib/json/json_args.h} +13 -11
  1347. data/src/core/lib/json/json_channel_args.h +42 -0
  1348. data/src/core/lib/json/json_object_loader.cc +216 -0
  1349. data/src/core/lib/json/json_object_loader.h +646 -0
  1350. data/src/core/lib/json/json_reader.cc +181 -129
  1351. data/src/core/lib/json/json_reader.h +34 -0
  1352. data/src/core/lib/json/json_util.cc +23 -55
  1353. data/src/core/lib/json/json_util.h +12 -11
  1354. data/src/core/lib/json/json_writer.cc +80 -81
  1355. data/src/core/{ext/xds/xds_resource_type.cc → lib/json/json_writer.h} +11 -11
  1356. data/src/core/lib/load_balancing/lb_policy.cc +98 -0
  1357. data/src/core/{ext/filters/client_channel → lib/load_balancing}/lb_policy.h +49 -36
  1358. data/src/core/lib/load_balancing/lb_policy_factory.h +49 -0
  1359. data/src/core/lib/load_balancing/lb_policy_registry.cc +143 -0
  1360. data/src/core/lib/load_balancing/lb_policy_registry.h +82 -0
  1361. data/src/core/{ext/filters/client_channel → lib/load_balancing}/subchannel_interface.h +9 -14
  1362. data/src/core/lib/matchers/matchers.cc +10 -9
  1363. data/src/core/lib/matchers/matchers.h +5 -4
  1364. data/src/core/lib/promise/activity.cc +43 -6
  1365. data/src/core/lib/promise/activity.h +159 -48
  1366. data/src/core/lib/promise/arena_promise.h +105 -72
  1367. data/src/core/lib/promise/cancel_callback.h +77 -0
  1368. data/src/core/lib/promise/context.h +17 -10
  1369. data/src/core/lib/promise/detail/basic_join.h +197 -0
  1370. data/src/core/lib/promise/detail/basic_seq.h +28 -33
  1371. data/src/core/lib/promise/detail/promise_factory.h +66 -14
  1372. data/src/core/lib/promise/detail/promise_like.h +3 -3
  1373. data/src/core/lib/promise/detail/status.h +31 -3
  1374. data/src/core/lib/promise/detail/switch.h +21 -21
  1375. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +23 -15
  1376. data/src/core/lib/promise/for_each.h +176 -0
  1377. data/src/core/lib/promise/if.h +204 -0
  1378. data/src/core/lib/promise/interceptor_list.h +329 -0
  1379. data/src/core/lib/promise/latch.h +197 -23
  1380. data/src/core/lib/promise/loop.h +22 -16
  1381. data/src/core/lib/promise/map.h +11 -6
  1382. data/src/core/lib/promise/party.cc +304 -0
  1383. data/src/core/lib/promise/party.h +508 -0
  1384. data/src/core/lib/promise/pipe.h +762 -0
  1385. data/src/core/lib/promise/poll.h +177 -11
  1386. data/src/core/lib/promise/prioritized_race.h +95 -0
  1387. data/src/core/lib/promise/promise.h +6 -7
  1388. data/src/core/lib/promise/race.h +6 -9
  1389. data/src/core/lib/promise/seq.h +32 -12
  1390. data/src/core/lib/promise/sleep.cc +53 -43
  1391. data/src/core/lib/promise/sleep.h +34 -26
  1392. data/src/core/lib/promise/trace.cc +20 -0
  1393. data/src/core/lib/promise/trace.h +24 -0
  1394. data/src/core/lib/promise/try_join.h +82 -0
  1395. data/src/core/lib/promise/try_seq.h +39 -21
  1396. data/src/core/lib/resolver/resolver.cc +17 -64
  1397. data/src/core/lib/resolver/resolver.h +18 -18
  1398. data/src/core/lib/resolver/resolver_factory.h +6 -7
  1399. data/src/core/lib/resolver/resolver_registry.cc +16 -1
  1400. data/src/core/lib/resolver/resolver_registry.h +5 -6
  1401. data/src/core/lib/resolver/server_address.cc +29 -39
  1402. data/src/core/lib/resolver/server_address.h +25 -37
  1403. data/src/core/lib/resource_quota/api.cc +10 -2
  1404. data/src/core/lib/resource_quota/api.h +10 -4
  1405. data/src/core/lib/resource_quota/arena.cc +101 -21
  1406. data/src/core/lib/resource_quota/arena.h +310 -23
  1407. data/src/core/lib/resource_quota/memory_quota.cc +280 -59
  1408. data/src/core/lib/resource_quota/memory_quota.h +165 -36
  1409. data/src/core/lib/resource_quota/periodic_update.cc +78 -0
  1410. data/src/core/lib/resource_quota/periodic_update.h +71 -0
  1411. data/src/core/lib/resource_quota/resource_quota.h +4 -4
  1412. data/src/core/lib/resource_quota/thread_quota.h +3 -3
  1413. data/src/core/lib/resource_quota/trace.h +3 -3
  1414. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  1415. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  1416. data/src/core/lib/security/authorization/authorization_engine.h +3 -3
  1417. data/src/core/lib/security/authorization/authorization_policy_provider.h +4 -4
  1418. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +0 -1
  1419. data/src/core/lib/security/authorization/evaluate_args.cc +10 -7
  1420. data/src/core/lib/security/authorization/evaluate_args.h +3 -3
  1421. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -4
  1422. data/src/core/lib/security/authorization/grpc_authorization_engine.h +21 -4
  1423. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +5 -4
  1424. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +4 -4
  1425. data/src/core/lib/security/authorization/matchers.cc +38 -32
  1426. data/src/core/lib/security/authorization/matchers.h +3 -3
  1427. data/src/core/lib/security/authorization/rbac_policy.cc +39 -8
  1428. data/src/core/lib/security/authorization/rbac_policy.h +22 -5
  1429. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  1430. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  1431. data/src/core/{ext/xds → lib/security/certificate_provider}/certificate_provider_factory.h +11 -7
  1432. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +50 -0
  1433. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +76 -0
  1434. data/src/core/lib/security/context/security_context.cc +22 -23
  1435. data/src/core/lib/security/context/security_context.h +43 -33
  1436. data/src/core/lib/security/credentials/alts/alts_credentials.cc +19 -20
  1437. data/src/core/lib/security/credentials/alts/alts_credentials.h +56 -57
  1438. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +19 -19
  1439. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +43 -43
  1440. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +17 -17
  1441. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +18 -17
  1442. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +18 -17
  1443. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +19 -19
  1444. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +18 -18
  1445. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +38 -39
  1446. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +18 -18
  1447. data/src/core/lib/security/credentials/call_creds_util.h +3 -3
  1448. data/src/core/lib/security/credentials/channel_creds_registry.h +3 -3
  1449. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +4 -4
  1450. data/src/core/lib/security/credentials/composite/composite_credentials.cc +25 -29
  1451. data/src/core/lib/security/credentials/composite/composite_credentials.h +25 -28
  1452. data/src/core/lib/security/credentials/credentials.cc +19 -18
  1453. data/src/core/lib/security/credentials/credentials.h +53 -48
  1454. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +131 -120
  1455. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -3
  1456. data/src/core/lib/security/credentials/external/aws_request_signer.cc +5 -3
  1457. data/src/core/lib/security/credentials/external/aws_request_signer.h +3 -3
  1458. data/src/core/lib/security/credentials/external/external_account_credentials.cc +121 -121
  1459. data/src/core/lib/security/credentials/external/external_account_credentials.h +3 -3
  1460. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +40 -43
  1461. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +3 -3
  1462. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +51 -54
  1463. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +3 -3
  1464. data/src/core/lib/security/credentials/fake/fake_credentials.cc +23 -31
  1465. data/src/core/lib/security/credentials/fake/fake_credentials.h +37 -42
  1466. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +22 -25
  1467. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +105 -156
  1468. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +22 -25
  1469. data/src/core/lib/security/credentials/iam/iam_credentials.cc +19 -18
  1470. data/src/core/lib/security/credentials/iam/iam_credentials.h +20 -20
  1471. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +3 -3
  1472. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +6 -7
  1473. data/src/core/lib/security/credentials/jwt/json_token.cc +54 -43
  1474. data/src/core/lib/security/credentials/jwt/json_token.h +35 -35
  1475. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +27 -26
  1476. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +22 -22
  1477. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +125 -124
  1478. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +47 -47
  1479. data/src/core/lib/security/credentials/local/local_credentials.cc +20 -21
  1480. data/src/core/lib/security/credentials/local/local_credentials.h +26 -27
  1481. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +89 -91
  1482. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -23
  1483. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +24 -24
  1484. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +25 -25
  1485. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +31 -40
  1486. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +23 -24
  1487. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +20 -28
  1488. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +7 -14
  1489. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +48 -47
  1490. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +15 -5
  1491. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
  1492. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +3 -3
  1493. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +18 -18
  1494. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +3 -3
  1495. data/src/core/lib/security/credentials/tls/tls_credentials.cc +30 -43
  1496. data/src/core/lib/security/credentials/tls/tls_credentials.h +24 -25
  1497. data/src/core/lib/security/credentials/tls/tls_utils.cc +3 -1
  1498. data/src/core/lib/security/credentials/tls/tls_utils.h +3 -3
  1499. data/src/core/lib/security/credentials/xds/xds_credentials.cc +13 -31
  1500. data/src/core/lib/security/credentials/xds/xds_credentials.h +6 -6
  1501. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +43 -61
  1502. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +43 -44
  1503. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +58 -78
  1504. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +24 -25
  1505. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +7 -7
  1506. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +11 -15
  1507. data/src/core/lib/security/security_connector/load_system_roots.h +20 -20
  1508. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +18 -18
  1509. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +24 -31
  1510. data/src/core/lib/security/security_connector/load_system_roots_supported.h +22 -23
  1511. data/src/core/lib/security/security_connector/local/local_security_connector.cc +43 -45
  1512. data/src/core/lib/security/security_connector/local/local_security_connector.h +44 -45
  1513. data/src/core/lib/security/security_connector/security_connector.cc +17 -17
  1514. data/src/core/lib/security/security_connector/security_connector.h +40 -39
  1515. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +40 -43
  1516. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +40 -41
  1517. data/src/core/lib/security/security_connector/ssl_utils.cc +48 -64
  1518. data/src/core/lib/security/security_connector/ssl_utils.h +35 -35
  1519. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +59 -53
  1520. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +26 -26
  1521. data/src/core/lib/security/transport/auth_filters.h +46 -24
  1522. data/src/core/lib/security/transport/client_auth_filter.cc +36 -26
  1523. data/src/core/lib/security/transport/secure_endpoint.cc +58 -62
  1524. data/src/core/lib/security/transport/secure_endpoint.h +25 -25
  1525. data/src/core/lib/security/transport/security_handshaker.cc +111 -114
  1526. data/src/core/lib/security/transport/security_handshaker.h +24 -23
  1527. data/src/core/lib/security/transport/server_auth_filter.cc +160 -274
  1528. data/src/core/lib/security/transport/tsi_error.cc +23 -20
  1529. data/src/core/lib/security/transport/tsi_error.h +20 -20
  1530. data/src/core/lib/security/util/json_util.cc +27 -27
  1531. data/src/core/lib/security/util/json_util.h +20 -20
  1532. data/src/core/lib/service_config/service_config.h +15 -4
  1533. data/src/core/lib/service_config/service_config_call_data.h +54 -19
  1534. data/src/core/lib/service_config/service_config_impl.cc +113 -152
  1535. data/src/core/lib/service_config/service_config_impl.h +19 -24
  1536. data/src/core/lib/service_config/service_config_parser.cc +10 -28
  1537. data/src/core/lib/service_config/service_config_parser.h +13 -21
  1538. data/src/core/lib/slice/b64.cc +26 -26
  1539. data/src/core/lib/slice/b64.h +32 -32
  1540. data/src/core/lib/slice/percent_encoding.cc +21 -30
  1541. data/src/core/lib/slice/percent_encoding.h +28 -28
  1542. data/src/core/lib/slice/slice.cc +58 -46
  1543. data/src/core/lib/slice/slice.h +59 -18
  1544. data/src/core/lib/slice/slice_buffer.cc +63 -59
  1545. data/src/core/lib/slice/slice_buffer.h +35 -4
  1546. data/src/core/lib/slice/slice_internal.h +34 -42
  1547. data/src/core/lib/slice/slice_refcount.cc +3 -18
  1548. data/src/core/lib/slice/slice_refcount.h +53 -18
  1549. data/src/core/lib/slice/slice_string_helpers.cc +17 -17
  1550. data/src/core/lib/slice/slice_string_helpers.h +21 -21
  1551. data/src/core/lib/surface/api_trace.cc +17 -17
  1552. data/src/core/lib/surface/api_trace.h +25 -25
  1553. data/src/core/lib/surface/builtins.cc +2 -0
  1554. data/src/core/lib/surface/builtins.h +3 -3
  1555. data/src/core/lib/surface/byte_buffer.cc +22 -23
  1556. data/src/core/lib/surface/byte_buffer_reader.cc +23 -23
  1557. data/src/core/lib/surface/call.cc +2305 -547
  1558. data/src/core/lib/surface/call.h +123 -42
  1559. data/src/core/lib/surface/call_details.cc +20 -21
  1560. data/src/core/lib/surface/call_log_batch.cc +19 -18
  1561. data/src/core/lib/surface/call_test_only.h +33 -33
  1562. data/src/core/lib/surface/call_trace.cc +123 -0
  1563. data/src/core/lib/surface/call_trace.h +30 -0
  1564. data/src/core/lib/surface/channel.cc +65 -69
  1565. data/src/core/lib/surface/channel.h +43 -35
  1566. data/src/core/lib/surface/channel_init.cc +17 -17
  1567. data/src/core/lib/surface/channel_init.h +20 -20
  1568. data/src/core/lib/surface/channel_ping.cc +19 -19
  1569. data/src/core/lib/surface/channel_stack_type.cc +21 -17
  1570. data/src/core/lib/surface/channel_stack_type.h +22 -20
  1571. data/src/core/lib/surface/completion_queue.cc +195 -221
  1572. data/src/core/lib/surface/completion_queue.h +37 -40
  1573. data/src/core/lib/surface/completion_queue_factory.cc +33 -28
  1574. data/src/core/lib/surface/completion_queue_factory.h +22 -22
  1575. data/src/core/lib/surface/event_string.cc +18 -17
  1576. data/src/core/lib/surface/event_string.h +22 -22
  1577. data/src/core/lib/surface/init.cc +44 -72
  1578. data/src/core/lib/surface/init.h +20 -20
  1579. data/src/core/lib/surface/init_internally.cc +25 -0
  1580. data/src/core/lib/surface/init_internally.h +37 -0
  1581. data/src/core/lib/surface/lame_client.cc +33 -29
  1582. data/src/core/lib/surface/lame_client.h +22 -22
  1583. data/src/core/lib/surface/metadata_array.cc +17 -18
  1584. data/src/core/lib/surface/server.cc +371 -130
  1585. data/src/core/lib/surface/server.h +20 -21
  1586. data/src/core/lib/surface/validate_metadata.cc +64 -74
  1587. data/src/core/lib/surface/validate_metadata.h +30 -21
  1588. data/src/core/lib/surface/version.cc +21 -21
  1589. data/src/core/lib/transport/batch_builder.cc +182 -0
  1590. data/src/core/lib/transport/batch_builder.h +480 -0
  1591. data/src/core/lib/transport/bdp_estimator.cc +25 -27
  1592. data/src/core/lib/transport/bdp_estimator.h +31 -28
  1593. data/src/core/lib/transport/connectivity_state.cc +19 -20
  1594. data/src/core/lib/transport/connectivity_state.h +23 -23
  1595. data/src/core/lib/transport/custom_metadata.h +30 -0
  1596. data/src/core/lib/transport/error_utils.cc +51 -81
  1597. data/src/core/lib/transport/error_utils.h +24 -24
  1598. data/src/core/lib/transport/handshaker.cc +66 -54
  1599. data/src/core/lib/transport/handshaker.h +51 -47
  1600. data/src/core/lib/transport/handshaker_factory.h +49 -24
  1601. data/src/core/lib/transport/handshaker_registry.cc +27 -20
  1602. data/src/core/lib/transport/handshaker_registry.h +25 -28
  1603. data/src/core/lib/transport/http2_errors.h +22 -22
  1604. data/src/core/lib/transport/http_connect_handshaker.cc +56 -57
  1605. data/src/core/lib/transport/http_connect_handshaker.h +21 -21
  1606. data/src/core/lib/transport/metadata_batch.cc +31 -10
  1607. data/src/core/lib/transport/metadata_batch.h +252 -65
  1608. data/src/core/lib/transport/metadata_compression_traits.h +67 -0
  1609. data/src/core/lib/transport/parsed_metadata.cc +2 -6
  1610. data/src/core/lib/transport/parsed_metadata.h +23 -11
  1611. data/src/core/lib/transport/pid_controller.cc +20 -20
  1612. data/src/core/lib/transport/pid_controller.h +27 -27
  1613. data/src/core/lib/transport/simple_slice_based_metadata.h +48 -0
  1614. data/src/core/lib/transport/status_conversion.cc +23 -25
  1615. data/src/core/lib/transport/status_conversion.h +22 -22
  1616. data/src/core/lib/transport/tcp_connect_handshaker.cc +34 -42
  1617. data/src/core/lib/transport/tcp_connect_handshaker.h +3 -3
  1618. data/src/core/lib/transport/timeout_encoding.cc +28 -23
  1619. data/src/core/lib/transport/timeout_encoding.h +20 -20
  1620. data/src/core/lib/transport/transport.cc +113 -43
  1621. data/src/core/lib/transport/transport.h +275 -218
  1622. data/src/core/lib/transport/transport_fwd.h +3 -3
  1623. data/src/core/lib/transport/transport_impl.h +53 -47
  1624. data/src/core/lib/transport/transport_op_string.cc +75 -63
  1625. data/src/core/lib/uri/uri_parser.cc +1 -1
  1626. data/src/core/lib/uri/uri_parser.h +3 -3
  1627. data/src/core/plugin_registry/grpc_plugin_registry.cc +55 -79
  1628. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +22 -39
  1629. data/src/core/tsi/alts/crypt/aes_gcm.cc +20 -20
  1630. data/src/core/tsi/alts/crypt/gsec.cc +26 -26
  1631. data/src/core/tsi/alts/crypt/gsec.h +336 -336
  1632. data/src/core/tsi/alts/frame_protector/alts_counter.cc +23 -23
  1633. data/src/core/tsi/alts/frame_protector/alts_counter.h +68 -68
  1634. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +19 -19
  1635. data/src/core/tsi/alts/frame_protector/alts_crypter.h +209 -209
  1636. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +73 -71
  1637. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +40 -40
  1638. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +18 -18
  1639. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +82 -83
  1640. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +22 -22
  1641. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +22 -22
  1642. data/src/core/tsi/alts/frame_protector/frame_handler.cc +26 -25
  1643. data/src/core/tsi/alts/frame_protector/frame_handler.h +169 -169
  1644. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +137 -100
  1645. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +109 -104
  1646. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +18 -17
  1647. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +43 -44
  1648. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +52 -44
  1649. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +60 -60
  1650. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +24 -24
  1651. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +21 -20
  1652. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +38 -38
  1653. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +19 -19
  1654. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +105 -104
  1655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +45 -44
  1656. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +40 -41
  1657. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +38 -36
  1658. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +35 -36
  1659. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +67 -68
  1660. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +32 -31
  1661. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +55 -56
  1662. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +54 -53
  1663. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +141 -142
  1664. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +58 -57
  1665. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +43 -44
  1666. data/src/core/tsi/fake_transport_security.cc +133 -109
  1667. data/src/core/tsi/fake_transport_security.h +33 -33
  1668. data/src/core/tsi/local_transport_security.cc +43 -38
  1669. data/src/core/tsi/local_transport_security.h +33 -33
  1670. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +9 -4
  1671. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +3 -3
  1672. data/src/core/tsi/ssl/session_cache/ssl_session.h +21 -21
  1673. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +19 -19
  1674. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +18 -17
  1675. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +31 -22
  1676. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +25 -20
  1677. data/src/core/tsi/ssl_transport_security.cc +302 -371
  1678. data/src/core/tsi/ssl_transport_security.h +206 -203
  1679. data/src/core/tsi/ssl_transport_security_utils.cc +250 -0
  1680. data/src/core/tsi/ssl_transport_security_utils.h +147 -0
  1681. data/src/core/tsi/ssl_types.h +27 -27
  1682. data/src/core/tsi/transport_security.cc +44 -32
  1683. data/src/core/tsi/transport_security.h +49 -48
  1684. data/src/core/tsi/transport_security_grpc.cc +20 -20
  1685. data/src/core/tsi/transport_security_grpc.h +41 -41
  1686. data/src/core/tsi/transport_security_interface.h +344 -332
  1687. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.clang +2 -0
  1688. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.gcc +7 -0
  1689. data/src/ruby/ext/grpc/ext-export.clang +0 -1
  1690. data/src/ruby/ext/grpc/ext-export.gcc +1 -2
  1691. data/src/ruby/ext/grpc/extconf.rb +57 -11
  1692. data/src/ruby/ext/grpc/rb_call.c +1 -0
  1693. data/src/ruby/ext/grpc/rb_channel.c +1 -0
  1694. data/src/ruby/ext/grpc/rb_channel_args.c +1 -0
  1695. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  1696. data/src/ruby/ext/grpc/rb_grpc.c +1 -0
  1697. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +38 -38
  1698. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +59 -59
  1699. data/src/ruby/ext/grpc/rb_loader.c +6 -2
  1700. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
  1701. data/src/ruby/lib/grpc/version.rb +1 -1
  1702. data/src/ruby/pb/generate_proto_ruby.sh +0 -6
  1703. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +4 -0
  1704. data/src/ruby/spec/channel_spec.rb +5 -43
  1705. data/src/ruby/spec/client_server_spec.rb +20 -8
  1706. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  1707. data/src/ruby/spec/generic/server_interceptors_spec.rb +1 -1
  1708. data/src/ruby/spec/user_agent_spec.rb +1 -1
  1709. data/third_party/abseil-cpp/absl/algorithm/container.h +56 -57
  1710. data/third_party/abseil-cpp/absl/base/attributes.h +39 -19
  1711. data/third_party/abseil-cpp/absl/base/config.h +45 -4
  1712. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +3 -18
  1713. data/third_party/abseil-cpp/absl/base/internal/cycleclock_config.h +55 -0
  1714. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +2 -1
  1715. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +3 -3
  1716. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +2 -2
  1717. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +1 -1
  1718. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +10 -6
  1719. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +23 -24
  1720. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +3 -3
  1721. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +2 -6
  1722. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +4 -1
  1723. data/third_party/abseil-cpp/absl/base/internal/strerror.cc +4 -4
  1724. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +14 -10
  1725. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +9 -0
  1726. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +4 -0
  1727. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -40
  1728. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock_config.h +62 -0
  1729. data/third_party/abseil-cpp/absl/base/macros.h +4 -21
  1730. data/third_party/abseil-cpp/absl/base/optimization.h +58 -6
  1731. data/third_party/abseil-cpp/absl/base/options.h +1 -7
  1732. data/third_party/abseil-cpp/absl/base/policy_checks.h +15 -13
  1733. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
  1734. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
  1735. data/third_party/abseil-cpp/absl/container/fixed_array.h +7 -5
  1736. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -7
  1737. data/third_party/abseil-cpp/absl/container/inlined_vector.h +66 -18
  1738. data/third_party/abseil-cpp/absl/container/internal/common.h +3 -3
  1739. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +132 -0
  1740. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -1
  1741. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +4 -55
  1742. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +50 -5
  1743. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +14 -46
  1744. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +110 -32
  1745. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +155 -4
  1746. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +661 -341
  1747. data/third_party/abseil-cpp/absl/crc/crc32c.cc +99 -0
  1748. data/third_party/abseil-cpp/absl/crc/crc32c.h +183 -0
  1749. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +256 -0
  1750. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +57 -0
  1751. data/third_party/abseil-cpp/absl/crc/internal/crc.cc +468 -0
  1752. data/third_party/abseil-cpp/absl/crc/internal/crc.h +91 -0
  1753. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +269 -0
  1754. data/third_party/abseil-cpp/absl/crc/internal/crc32c.h +39 -0
  1755. data/third_party/abseil-cpp/absl/crc/internal/crc32c_inline.h +72 -0
  1756. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.cc +130 -0
  1757. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.h +159 -0
  1758. data/third_party/abseil-cpp/absl/crc/internal/crc_internal.h +179 -0
  1759. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +119 -0
  1760. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +75 -0
  1761. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_x86_64.cc +434 -0
  1762. data/third_party/abseil-cpp/absl/crc/internal/crc_non_temporal_memcpy.cc +93 -0
  1763. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +725 -0
  1764. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_arm_intrinsics.h +79 -0
  1765. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_memcpy.h +180 -0
  1766. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +1 -1
  1767. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +67 -38
  1768. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +1 -1
  1769. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +12 -13
  1770. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +11 -9
  1771. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +1 -1
  1772. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +40 -85
  1773. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +5 -4
  1774. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +33 -8
  1775. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +3 -2
  1776. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +3 -2
  1777. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +118 -94
  1778. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +7 -6
  1779. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  1780. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  1781. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  1782. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  1783. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  1784. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  1785. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc +26 -0
  1786. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  1787. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  1788. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  1789. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  1790. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  1791. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  1792. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  1793. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  1794. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  1795. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  1796. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  1797. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  1798. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  1799. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  1800. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  1801. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  1802. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  1803. data/third_party/abseil-cpp/absl/functional/any_invocable.h +316 -0
  1804. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +878 -0
  1805. data/third_party/abseil-cpp/absl/hash/internal/city.cc +10 -10
  1806. data/third_party/abseil-cpp/absl/hash/internal/hash.h +18 -4
  1807. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +3 -14
  1808. data/third_party/abseil-cpp/absl/memory/memory.h +26 -447
  1809. data/third_party/abseil-cpp/absl/meta/type_traits.h +104 -12
  1810. data/third_party/abseil-cpp/absl/numeric/bits.h +2 -3
  1811. data/third_party/abseil-cpp/absl/numeric/int128.cc +10 -8
  1812. data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +14 -6
  1813. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +2 -1
  1814. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +1 -1
  1815. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +2 -23
  1816. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +9 -9
  1817. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +2 -2
  1818. data/third_party/abseil-cpp/absl/random/random.h +6 -6
  1819. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +1 -0
  1820. data/third_party/abseil-cpp/absl/status/status.cc +19 -12
  1821. data/third_party/abseil-cpp/absl/status/status.h +2 -2
  1822. data/third_party/abseil-cpp/absl/strings/ascii.cc +5 -5
  1823. data/third_party/abseil-cpp/absl/strings/charconv.cc +534 -96
  1824. data/third_party/abseil-cpp/absl/strings/cord.cc +92 -40
  1825. data/third_party/abseil-cpp/absl/strings/cord.h +71 -80
  1826. data/third_party/abseil-cpp/absl/strings/cord_buffer.h +8 -5
  1827. data/third_party/abseil-cpp/absl/strings/escaping.cc +73 -62
  1828. data/third_party/abseil-cpp/absl/strings/escaping.h +24 -19
  1829. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +14 -12
  1830. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +4 -4
  1831. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  1832. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +330 -70
  1833. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +8 -4
  1834. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +26 -14
  1835. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +5 -5
  1836. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.cc +9 -7
  1837. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.h +5 -4
  1838. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +7 -15
  1839. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +3 -3
  1840. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +8 -5
  1841. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +7 -7
  1842. data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +4 -4
  1843. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.cc +93 -0
  1844. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.h +34 -0
  1845. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +12 -10
  1846. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +7 -9
  1847. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +55 -0
  1848. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +9 -6
  1849. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +14 -7
  1850. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +35 -10
  1851. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +113 -46
  1852. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +126 -29
  1853. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +3 -2
  1854. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +4 -3
  1855. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +49 -287
  1856. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +351 -0
  1857. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +2 -1
  1858. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +4 -2
  1859. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +215 -181
  1860. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +10 -209
  1861. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +10 -101
  1862. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -1
  1863. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.cc +28 -0
  1864. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.h +57 -0
  1865. data/third_party/abseil-cpp/absl/strings/numbers.cc +34 -31
  1866. data/third_party/abseil-cpp/absl/strings/str_cat.cc +9 -6
  1867. data/third_party/abseil-cpp/absl/strings/str_cat.h +50 -3
  1868. data/third_party/abseil-cpp/absl/strings/str_format.h +71 -9
  1869. data/third_party/abseil-cpp/absl/strings/string_view.cc +6 -6
  1870. data/third_party/abseil-cpp/absl/strings/string_view.h +3 -10
  1871. data/third_party/abseil-cpp/absl/strings/substitute.cc +8 -6
  1872. data/third_party/abseil-cpp/absl/strings/substitute.h +46 -20
  1873. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +20 -17
  1874. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +37 -31
  1875. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +22 -8
  1876. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +104 -55
  1877. data/third_party/abseil-cpp/absl/synchronization/mutex.h +85 -46
  1878. data/third_party/abseil-cpp/absl/synchronization/notification.cc +0 -1
  1879. data/third_party/abseil-cpp/absl/synchronization/notification.h +0 -1
  1880. data/third_party/abseil-cpp/absl/time/civil_time.cc +26 -0
  1881. data/third_party/abseil-cpp/absl/time/civil_time.h +25 -0
  1882. data/third_party/abseil-cpp/absl/time/clock.cc +17 -11
  1883. data/third_party/abseil-cpp/absl/time/duration.cc +7 -7
  1884. data/third_party/abseil-cpp/absl/time/format.cc +2 -1
  1885. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  1886. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +26 -5
  1887. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +7 -6
  1888. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +36 -35
  1889. data/third_party/abseil-cpp/absl/time/time.cc +2 -2
  1890. data/third_party/abseil-cpp/absl/time/time.h +253 -158
  1891. data/third_party/abseil-cpp/absl/types/internal/span.h +30 -19
  1892. data/third_party/abseil-cpp/absl/types/internal/variant.h +28 -40
  1893. data/third_party/abseil-cpp/absl/types/span.h +29 -7
  1894. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  1895. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  1896. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  1897. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  1898. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  1899. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  1900. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  1901. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  1902. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +177 -196
  1903. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  1904. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  1905. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  1906. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  1907. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  1908. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  1909. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  1910. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  1911. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  1912. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  1913. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  1914. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  1915. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +135 -90
  1916. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  1917. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +797 -793
  1918. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +529 -526
  1919. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  1920. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  1921. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  1922. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  1923. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  1924. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +17 -11
  1925. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +37 -51
  1926. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  1927. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +13 -9
  1928. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +22 -19
  1929. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +5 -5
  1930. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  1931. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  1932. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  1933. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +40 -27
  1934. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  1935. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  1936. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  1937. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  1938. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  1939. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  1940. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  1941. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  1942. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  1943. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  1944. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  1945. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  1946. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  1947. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  1948. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  1949. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  1950. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +34 -37
  1951. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +22 -11
  1952. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  1953. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  1954. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  1955. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  1956. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  1957. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  1958. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  1959. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  1960. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  1961. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  1962. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  1963. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  1964. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  1965. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  1966. data/third_party/boringssl-with-bazel/src/crypto/{cpu-ppc64le.c → cpu_arm_openbsd.c} +10 -17
  1967. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  1968. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  1969. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +22 -31
  1970. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  1971. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  1972. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  1973. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  1974. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  1975. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  1976. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  1977. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  1978. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +43 -16
  1979. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  1980. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  1981. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  1982. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +229 -102
  1983. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +31 -7
  1984. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  1985. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  1986. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  1987. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  1988. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  1989. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  1990. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  1991. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  1992. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  1993. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  1994. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  1995. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  1996. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  1997. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +6 -6
  1998. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  1999. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  2000. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  2001. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  2002. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  2003. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  2004. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  2005. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  2006. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  2007. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  2008. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  2009. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  2010. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +36 -27
  2011. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  2012. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  2013. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  2014. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  2015. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  2016. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  2017. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  2018. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  2019. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  2020. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  2021. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  2022. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  2023. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  2024. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  2025. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  2026. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  2027. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  2028. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  2029. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  2030. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  2031. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  2032. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  2033. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  2034. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  2035. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  2036. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  2037. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  2038. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +24 -6
  2039. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  2040. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  2041. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  2042. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +49 -49
  2043. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +92 -18
  2044. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +12 -12
  2045. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +108 -86
  2046. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +55 -25
  2047. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +55 -71
  2048. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  2049. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +72 -65
  2050. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  2051. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +62 -51
  2052. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  2053. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  2054. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +12 -17
  2055. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +25 -26
  2056. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -14
  2057. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +9 -1
  2058. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +44 -16
  2059. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  2060. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  2061. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  2062. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -23
  2063. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  2064. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +3 -8
  2065. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +170 -160
  2066. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  2067. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +69 -61
  2068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -12
  2069. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  2070. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  2071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  2072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  2073. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  2074. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  2075. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  2076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +22 -68
  2077. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  2078. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +43 -16
  2079. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +42 -314
  2080. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +244 -139
  2081. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +144 -205
  2082. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  2083. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +593 -421
  2084. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  2085. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  2086. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  2087. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  2088. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  2089. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  2090. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  2091. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +52 -6
  2092. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +192 -18
  2093. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  2094. data/third_party/boringssl-with-bazel/src/crypto/internal.h +391 -18
  2095. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +91 -0
  2096. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +204 -0
  2097. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +833 -0
  2098. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  2099. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  2100. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  2101. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +9 -4
  2102. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  2103. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  2104. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +633 -613
  2105. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  2106. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  2107. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  2108. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  2109. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  2110. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  2111. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  2112. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  2113. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  2114. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  2115. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  2116. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  2117. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  2118. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  2119. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  2120. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +6 -17
  2121. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  2122. data/third_party/boringssl-with-bazel/src/crypto/{asn1/a_print.c → rsa_extra/internal.h} +15 -21
  2123. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  2124. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  2125. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  2126. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  2127. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  2128. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +128 -34
  2129. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +418 -133
  2130. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +116 -284
  2131. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +701 -87
  2132. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  2133. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +63 -55
  2134. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  2135. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  2136. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  2137. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +285 -331
  2138. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  2139. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  2140. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +68 -50
  2141. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +132 -151
  2142. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +790 -0
  2143. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  2144. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  2145. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  2146. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +220 -254
  2147. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  2148. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  2149. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +136 -270
  2150. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  2151. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  2152. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  2153. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  2154. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +528 -616
  2155. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  2156. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +164 -181
  2157. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  2158. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +186 -203
  2159. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  2160. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  2161. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1864 -2050
  2162. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +380 -480
  2163. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  2164. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +266 -265
  2165. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  2166. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  2167. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  2168. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  2169. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  2170. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +329 -416
  2171. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  2172. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  2173. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  2174. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  2175. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  2176. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  2177. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  2178. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  2179. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  2180. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  2181. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  2182. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  2183. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +79 -171
  2184. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  2185. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  2186. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  2187. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  2188. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  2189. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +294 -344
  2190. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +342 -365
  2191. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  2192. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  2193. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  2194. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  2195. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  2196. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +120 -125
  2197. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  2198. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +228 -265
  2199. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  2200. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  2201. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  2202. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  2203. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +130 -135
  2204. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +652 -691
  2205. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +90 -75
  2206. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1063 -1145
  2207. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -11
  2208. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  2209. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +217 -191
  2210. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  2211. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +50 -14
  2212. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +29 -14
  2213. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  2214. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  2215. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  2216. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  2217. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  2218. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  2219. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  2220. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  2221. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  2222. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  2223. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  2224. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  2225. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  2226. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  2227. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  2228. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -33
  2229. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  2230. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  2231. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +69 -16
  2232. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  2233. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +128 -0
  2234. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  2235. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +7 -3
  2236. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +8 -1
  2237. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  2238. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -18
  2239. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  2240. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  2241. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +98 -5
  2242. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  2243. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -21
  2244. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +285 -92
  2245. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  2246. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +381 -287
  2247. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +9 -6
  2248. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  2249. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +22 -7
  2250. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +57 -23
  2251. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  2252. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2075 -1407
  2253. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +242 -214
  2254. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  2255. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  2256. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  2257. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  2258. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  2259. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +45 -26
  2260. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +64 -35
  2261. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  2262. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  2263. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +53 -34
  2264. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  2265. data/third_party/boringssl-with-bazel/src/ssl/internal.h +200 -121
  2266. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -12
  2267. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  2268. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  2269. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  2270. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +47 -69
  2271. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  2272. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  2273. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +217 -226
  2274. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +78 -101
  2275. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +106 -142
  2276. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +244 -35
  2277. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +167 -64
  2278. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +41 -32
  2279. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  2280. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  2281. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  2282. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +7 -44
  2283. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  2284. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +7 -23
  2285. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +25 -34
  2286. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  2287. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  2288. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  2289. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  2290. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  2291. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  2292. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  2293. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  2294. data/third_party/cares/cares/include/ares.h +23 -1
  2295. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  2296. data/third_party/cares/cares/include/ares_rules.h +2 -2
  2297. data/third_party/cares/cares/include/ares_version.h +3 -3
  2298. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  2299. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  2300. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  2301. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  2302. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  2303. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  2304. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  2305. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  2306. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  2307. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  2308. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  2309. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  2310. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  2311. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  2312. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  2313. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  2314. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  2315. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  2316. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  2317. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  2318. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  2319. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  2320. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  2321. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  2322. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  2323. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  2324. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  2325. data/third_party/re2/re2/bitstate.cc +3 -3
  2326. data/third_party/re2/re2/dfa.cc +13 -13
  2327. data/third_party/re2/re2/nfa.cc +4 -4
  2328. data/third_party/re2/re2/onepass.cc +2 -2
  2329. data/third_party/re2/re2/prefilter_tree.cc +27 -59
  2330. data/third_party/re2/re2/prefilter_tree.h +3 -2
  2331. data/third_party/re2/re2/prog.cc +11 -2
  2332. data/third_party/re2/re2/prog.h +17 -5
  2333. data/third_party/re2/re2/re2.cc +6 -11
  2334. data/third_party/re2/re2/re2.h +1 -1
  2335. data/third_party/re2/re2/regexp.cc +1 -2
  2336. data/third_party/re2/re2/stringpiece.h +10 -7
  2337. data/third_party/re2/re2/unicode_casefold.cc +25 -11
  2338. data/third_party/re2/re2/unicode_groups.cc +319 -151
  2339. data/third_party/re2/re2/walker-inl.h +3 -2
  2340. data/third_party/re2/util/mutex.h +4 -4
  2341. data/third_party/upb/upb/alloc.h +36 -0
  2342. data/third_party/upb/upb/arena.h +36 -0
  2343. data/third_party/upb/upb/array.h +36 -0
  2344. data/third_party/upb/upb/base/descriptor_constants.h +104 -0
  2345. data/third_party/upb/upb/base/log2.h +57 -0
  2346. data/third_party/upb/upb/base/status.c +81 -0
  2347. data/third_party/upb/upb/base/status.h +66 -0
  2348. data/third_party/upb/upb/base/string_view.h +75 -0
  2349. data/third_party/upb/upb/collections/array.c +145 -0
  2350. data/third_party/upb/upb/collections/array.h +85 -0
  2351. data/third_party/upb/upb/collections/array_internal.h +135 -0
  2352. data/third_party/upb/upb/collections/map.c +135 -0
  2353. data/third_party/upb/upb/collections/map.h +135 -0
  2354. data/third_party/upb/upb/collections/map_gencode_util.h +78 -0
  2355. data/third_party/upb/upb/collections/map_internal.h +170 -0
  2356. data/third_party/upb/upb/collections/map_sorter.c +166 -0
  2357. data/third_party/upb/upb/collections/map_sorter_internal.h +109 -0
  2358. data/third_party/upb/upb/collections/message_value.h +65 -0
  2359. data/third_party/upb/upb/decode.h +3 -61
  2360. data/third_party/upb/upb/def.h +4 -377
  2361. data/third_party/upb/upb/def.hpp +3 -408
  2362. data/third_party/upb/upb/encode.h +3 -38
  2363. data/third_party/upb/upb/extension_registry.h +35 -0
  2364. data/third_party/upb/upb/{table.c → hash/common.c} +51 -109
  2365. data/third_party/upb/upb/hash/common.h +199 -0
  2366. data/third_party/upb/upb/hash/int_table.h +102 -0
  2367. data/third_party/upb/upb/hash/str_table.h +161 -0
  2368. data/third_party/upb/upb/json/decode.c +1477 -0
  2369. data/third_party/upb/upb/json/decode.h +52 -0
  2370. data/third_party/upb/upb/{json_encode.c → json/encode.c} +74 -46
  2371. data/third_party/upb/upb/json/encode.h +70 -0
  2372. data/third_party/upb/upb/json_decode.h +36 -0
  2373. data/third_party/upb/upb/json_encode.h +4 -30
  2374. data/third_party/upb/upb/lex/atoi.c +68 -0
  2375. data/third_party/upb/upb/lex/atoi.h +53 -0
  2376. data/third_party/upb/upb/lex/round_trip.c +67 -0
  2377. data/third_party/upb/upb/{upb_internal.h → lex/round_trip.h} +17 -30
  2378. data/third_party/upb/upb/lex/strtod.c +97 -0
  2379. data/third_party/upb/upb/lex/strtod.h +46 -0
  2380. data/third_party/upb/upb/lex/unicode.c +57 -0
  2381. data/third_party/upb/upb/lex/unicode.h +77 -0
  2382. data/third_party/upb/upb/map.h +36 -0
  2383. data/third_party/upb/upb/mem/alloc.c +47 -0
  2384. data/third_party/upb/upb/mem/alloc.h +98 -0
  2385. data/third_party/upb/upb/mem/arena.c +367 -0
  2386. data/third_party/upb/upb/mem/arena.h +160 -0
  2387. data/third_party/upb/upb/mem/arena_internal.h +114 -0
  2388. data/third_party/upb/upb/message/accessors.c +68 -0
  2389. data/third_party/upb/upb/message/accessors.h +379 -0
  2390. data/third_party/upb/upb/message/accessors_internal.h +325 -0
  2391. data/third_party/upb/upb/message/extension_internal.h +83 -0
  2392. data/third_party/upb/upb/message/internal.h +135 -0
  2393. data/third_party/upb/upb/message/message.c +180 -0
  2394. data/third_party/upb/upb/message/message.h +69 -0
  2395. data/third_party/upb/upb/mini_table/common.c +128 -0
  2396. data/third_party/upb/upb/mini_table/common.h +170 -0
  2397. data/third_party/upb/upb/mini_table/common_internal.h +111 -0
  2398. data/third_party/upb/upb/mini_table/decode.c +1127 -0
  2399. data/third_party/upb/upb/mini_table/decode.h +179 -0
  2400. data/third_party/upb/upb/mini_table/encode.c +300 -0
  2401. data/third_party/upb/upb/mini_table/encode_internal.h +111 -0
  2402. data/third_party/upb/upb/mini_table/encode_internal.hpp +136 -0
  2403. data/third_party/upb/upb/mini_table/enum_internal.h +88 -0
  2404. data/third_party/upb/upb/mini_table/extension_internal.h +47 -0
  2405. data/third_party/upb/upb/mini_table/extension_registry.c +96 -0
  2406. data/third_party/upb/upb/mini_table/extension_registry.h +104 -0
  2407. data/third_party/upb/upb/mini_table/field_internal.h +192 -0
  2408. data/third_party/upb/upb/mini_table/file_internal.h +47 -0
  2409. data/third_party/upb/upb/mini_table/message_internal.h +136 -0
  2410. data/third_party/upb/upb/mini_table/sub_internal.h +38 -0
  2411. data/third_party/upb/upb/mini_table/types.h +40 -0
  2412. data/third_party/upb/upb/mini_table.h +36 -0
  2413. data/third_party/upb/upb/msg.h +3 -81
  2414. data/third_party/upb/upb/port/atomic.h +101 -0
  2415. data/third_party/upb/upb/{port_def.inc → port/def.inc} +96 -28
  2416. data/third_party/upb/upb/{port_undef.inc → port/undef.inc} +14 -3
  2417. data/third_party/upb/upb/port/vsnprintf_compat.h +50 -0
  2418. data/third_party/upb/upb/reflection/common.h +67 -0
  2419. data/third_party/upb/upb/reflection/def.h +42 -0
  2420. data/third_party/upb/upb/reflection/def.hpp +610 -0
  2421. data/third_party/upb/upb/reflection/def_builder.c +357 -0
  2422. data/third_party/upb/upb/reflection/def_builder_internal.h +157 -0
  2423. data/third_party/upb/upb/reflection/def_pool.c +462 -0
  2424. data/third_party/upb/upb/reflection/def_pool.h +108 -0
  2425. data/third_party/upb/upb/reflection/def_pool_internal.h +77 -0
  2426. data/third_party/upb/upb/reflection/def_type.c +50 -0
  2427. data/third_party/upb/upb/reflection/def_type.h +81 -0
  2428. data/third_party/upb/upb/reflection/desc_state.c +53 -0
  2429. data/third_party/upb/upb/reflection/desc_state_internal.h +64 -0
  2430. data/third_party/upb/upb/reflection/enum_def.c +310 -0
  2431. data/third_party/upb/upb/reflection/enum_def.h +80 -0
  2432. data/third_party/upb/upb/reflection/enum_def_internal.h +56 -0
  2433. data/third_party/upb/upb/reflection/enum_reserved_range.c +84 -0
  2434. data/third_party/upb/upb/reflection/enum_reserved_range.h +51 -0
  2435. data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +55 -0
  2436. data/third_party/upb/upb/reflection/enum_value_def.c +144 -0
  2437. data/third_party/upb/upb/reflection/enum_value_def.h +57 -0
  2438. data/third_party/upb/upb/reflection/enum_value_def_internal.h +57 -0
  2439. data/third_party/upb/upb/reflection/extension_range.c +93 -0
  2440. data/third_party/upb/upb/reflection/extension_range.h +55 -0
  2441. data/third_party/upb/upb/reflection/extension_range_internal.h +54 -0
  2442. data/third_party/upb/upb/reflection/field_def.c +930 -0
  2443. data/third_party/upb/upb/reflection/field_def.h +91 -0
  2444. data/third_party/upb/upb/reflection/field_def_internal.h +76 -0
  2445. data/third_party/upb/upb/reflection/file_def.c +370 -0
  2446. data/third_party/upb/upb/reflection/file_def.h +77 -0
  2447. data/third_party/upb/upb/reflection/file_def_internal.h +57 -0
  2448. data/third_party/upb/upb/reflection/message.c +233 -0
  2449. data/third_party/upb/upb/reflection/message.h +102 -0
  2450. data/third_party/upb/upb/reflection/message.hpp +37 -0
  2451. data/third_party/upb/upb/reflection/message_def.c +718 -0
  2452. data/third_party/upb/upb/reflection/message_def.h +174 -0
  2453. data/third_party/upb/upb/reflection/message_def_internal.h +63 -0
  2454. data/third_party/upb/upb/reflection/message_reserved_range.c +81 -0
  2455. data/third_party/upb/upb/reflection/message_reserved_range.h +51 -0
  2456. data/third_party/upb/upb/reflection/message_reserved_range_internal.h +55 -0
  2457. data/third_party/upb/upb/reflection/method_def.c +124 -0
  2458. data/third_party/upb/upb/reflection/method_def.h +59 -0
  2459. data/third_party/upb/upb/reflection/method_def_internal.h +53 -0
  2460. data/third_party/upb/upb/reflection/oneof_def.c +226 -0
  2461. data/third_party/upb/upb/reflection/oneof_def.h +66 -0
  2462. data/third_party/upb/upb/reflection/oneof_def_internal.h +57 -0
  2463. data/third_party/upb/upb/reflection/service_def.c +128 -0
  2464. data/third_party/upb/upb/reflection/service_def.h +60 -0
  2465. data/third_party/upb/upb/reflection/service_def_internal.h +53 -0
  2466. data/third_party/upb/upb/reflection.h +4 -188
  2467. data/third_party/upb/upb/reflection.hpp +3 -7
  2468. data/third_party/upb/upb/status.h +36 -0
  2469. data/third_party/upb/upb/string_view.h +36 -0
  2470. data/third_party/upb/upb/{text_encode.c → text/encode.c} +75 -70
  2471. data/third_party/upb/upb/text/encode.h +69 -0
  2472. data/third_party/upb/upb/text_encode.h +4 -32
  2473. data/third_party/upb/upb/upb.h +6 -340
  2474. data/third_party/upb/upb/upb.hpp +10 -18
  2475. data/third_party/upb/upb/wire/common.h +44 -0
  2476. data/third_party/upb/upb/wire/common_internal.h +50 -0
  2477. data/third_party/upb/upb/wire/decode.c +1343 -0
  2478. data/third_party/upb/upb/wire/decode.h +108 -0
  2479. data/third_party/upb/upb/{decode_fast.c → wire/decode_fast.c} +184 -225
  2480. data/third_party/upb/upb/{decode_fast.h → wire/decode_fast.h} +21 -7
  2481. data/third_party/upb/upb/{decode_internal.h → wire/decode_internal.h} +44 -92
  2482. data/third_party/upb/upb/{encode.c → wire/encode.c} +130 -102
  2483. data/third_party/upb/upb/wire/encode.h +92 -0
  2484. data/third_party/upb/upb/wire/eps_copy_input_stream.c +39 -0
  2485. data/third_party/upb/upb/wire/eps_copy_input_stream.h +425 -0
  2486. data/third_party/upb/upb/wire/reader.c +67 -0
  2487. data/third_party/upb/upb/wire/reader.h +227 -0
  2488. data/third_party/upb/upb/wire/swap_internal.h +63 -0
  2489. data/third_party/upb/upb/wire/types.h +41 -0
  2490. data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-neon.c +1 -1
  2491. data/third_party/utf8_range/utf8_range.h +21 -0
  2492. data/third_party/zlib/compress.c +3 -3
  2493. data/third_party/zlib/crc32.c +21 -12
  2494. data/third_party/zlib/deflate.c +112 -106
  2495. data/third_party/zlib/deflate.h +2 -2
  2496. data/third_party/zlib/gzlib.c +1 -1
  2497. data/third_party/zlib/gzread.c +3 -5
  2498. data/third_party/zlib/gzwrite.c +1 -1
  2499. data/third_party/zlib/infback.c +10 -7
  2500. data/third_party/zlib/inflate.c +5 -2
  2501. data/third_party/zlib/inftrees.c +2 -2
  2502. data/third_party/zlib/inftrees.h +1 -1
  2503. data/third_party/zlib/trees.c +61 -62
  2504. data/third_party/zlib/uncompr.c +2 -2
  2505. data/third_party/zlib/zconf.h +16 -3
  2506. data/third_party/zlib/zlib.h +10 -10
  2507. data/third_party/zlib/zutil.c +9 -7
  2508. data/third_party/zlib/zutil.h +1 -0
  2509. metadata +597 -174
  2510. data/include/grpc/impl/codegen/gpr_slice.h +0 -71
  2511. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -176
  2512. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  2513. data/src/core/ext/filters/client_channel/lb_policy.cc +0 -134
  2514. data/src/core/ext/filters/client_channel/lb_policy_factory.h +0 -50
  2515. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +0 -190
  2516. data/src/core/ext/filters/client_channel/lb_policy_registry.h +0 -70
  2517. data/src/core/ext/filters/client_channel/proxy_mapper.h +0 -54
  2518. data/src/core/ext/filters/client_channel/proxy_mapper_registry.cc +0 -90
  2519. data/src/core/ext/filters/client_channel/proxy_mapper_registry.h +0 -55
  2520. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -30
  2521. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -180
  2522. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -182
  2523. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +0 -334
  2524. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +0 -52
  2525. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +0 -324
  2526. data/src/core/ext/filters/server_config_selector/server_config_selector.cc +0 -62
  2527. data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
  2528. data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
  2529. data/src/core/ext/xds/certificate_provider_registry.cc +0 -103
  2530. data/src/core/ext/xds/certificate_provider_registry.h +0 -59
  2531. data/src/core/lib/event_engine/iomgr_engine/iomgr_engine.cc +0 -159
  2532. data/src/core/lib/event_engine/iomgr_engine/thread_pool.cc +0 -123
  2533. data/src/core/lib/event_engine/iomgr_engine/thread_pool.h +0 -70
  2534. data/src/core/lib/event_engine/iomgr_engine/time_averaged_stats.h +0 -81
  2535. data/src/core/lib/event_engine/iomgr_engine/timer.h +0 -193
  2536. data/src/core/lib/event_engine/iomgr_engine/timer_heap.h +0 -56
  2537. data/src/core/lib/event_engine/iomgr_engine/timer_manager.cc +0 -254
  2538. data/src/core/lib/event_engine/iomgr_engine/timer_manager.h +0 -111
  2539. data/src/core/lib/event_engine/promise.h +0 -69
  2540. data/src/core/lib/gpr/cpu_iphone.cc +0 -44
  2541. data/src/core/lib/gpr/cpu_windows.cc +0 -33
  2542. data/src/core/lib/gpr/env.h +0 -40
  2543. data/src/core/lib/gpr/env_linux.cc +0 -75
  2544. data/src/core/lib/gpr/env_posix.cc +0 -46
  2545. data/src/core/lib/gpr/env_windows.cc +0 -74
  2546. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  2547. data/src/core/lib/gpr/murmur_hash.h +0 -29
  2548. data/src/core/lib/gpr/string_util_windows.cc +0 -82
  2549. data/src/core/lib/gpr/string_windows.cc +0 -69
  2550. data/src/core/lib/gpr/string_windows.h +0 -32
  2551. data/src/core/lib/gpr/tls.h +0 -156
  2552. data/src/core/lib/gpr/tmpfile_windows.cc +0 -69
  2553. data/src/core/lib/gprpp/global_config.h +0 -93
  2554. data/src/core/lib/gprpp/global_config_custom.h +0 -29
  2555. data/src/core/lib/gprpp/global_config_env.cc +0 -138
  2556. data/src/core/lib/gprpp/global_config_env.h +0 -133
  2557. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  2558. data/src/core/lib/iomgr/error_internal.h +0 -66
  2559. data/src/core/lib/iomgr/executor/mpmcqueue.cc +0 -182
  2560. data/src/core/lib/iomgr/executor/mpmcqueue.h +0 -171
  2561. data/src/core/lib/iomgr/executor/threadpool.cc +0 -136
  2562. data/src/core/lib/iomgr/executor/threadpool.h +0 -150
  2563. data/src/core/lib/iomgr/time_averaged_stats.cc +0 -64
  2564. data/src/core/lib/iomgr/time_averaged_stats.h +0 -72
  2565. data/src/core/lib/profiling/basic_timers.cc +0 -295
  2566. data/src/core/lib/profiling/stap_timers.cc +0 -50
  2567. data/src/core/lib/profiling/timers.h +0 -94
  2568. data/src/core/lib/promise/call_push_pull.h +0 -148
  2569. data/src/core/lib/promise/intra_activity_waiter.h +0 -49
  2570. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  2571. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -30
  2572. data/src/core/lib/slice/slice_api.cc +0 -39
  2573. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  2574. data/src/core/lib/slice/slice_refcount_base.h +0 -60
  2575. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  2576. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  2577. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  2578. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  2579. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  2580. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  2581. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  2582. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  2583. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  2584. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  2585. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  2586. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  2587. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  2588. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
  2589. data/third_party/upb/third_party/utf8_range/utf8_range.h +0 -9
  2590. data/third_party/upb/upb/decode.c +0 -1125
  2591. data/third_party/upb/upb/def.c +0 -3261
  2592. data/third_party/upb/upb/msg.c +0 -428
  2593. data/third_party/upb/upb/msg_internal.h +0 -831
  2594. data/third_party/upb/upb/reflection.c +0 -480
  2595. data/third_party/upb/upb/table_internal.h +0 -385
  2596. data/third_party/upb/upb/upb.c +0 -362
  2597. /data/src/ruby/ext/grpc/{ext-export-truffleruby.clang → ext-export-truffleruby-with-ruby-abi-version.clang} +0 -0
  2598. /data/src/ruby/ext/grpc/{ext-export-truffleruby.gcc → ext-export-truffleruby-with-ruby-abi-version.gcc} +0 -0
  2599. /data/third_party/{upb/third_party/utf8_range → utf8_range}/naive.c +0 -0
  2600. /data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-sse.c +0 -0
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c CHANGED
@@ -67,50 +67,51 @@
67
67
  #include <openssl/x509.h>
68
68
  #include <openssl/x509v3.h>
69
69
 
70
- #include "internal.h"
71
70
  #include "../internal.h"
72
71
  #include "../x509v3/internal.h"
72
+ #include "internal.h"
73
73
 
74
74
  static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75
75
  CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
76
 
77
- /* CRL score values */
77
+ // CRL score values
78
78
 
79
- /* No unhandled critical extensions */
79
+ // No unhandled critical extensions
80
80
 
81
- #define CRL_SCORE_NOCRITICAL 0x100
81
+ #define CRL_SCORE_NOCRITICAL 0x100
82
82
 
83
- /* certificate is within CRL scope */
83
+ // certificate is within CRL scope
84
84
 
85
- #define CRL_SCORE_SCOPE 0x080
85
+ #define CRL_SCORE_SCOPE 0x080
86
86
 
87
- /* CRL times valid */
87
+ // CRL times valid
88
88
 
89
- #define CRL_SCORE_TIME 0x040
89
+ #define CRL_SCORE_TIME 0x040
90
90
 
91
- /* Issuer name matches certificate */
91
+ // Issuer name matches certificate
92
92
 
93
- #define CRL_SCORE_ISSUER_NAME 0x020
93
+ #define CRL_SCORE_ISSUER_NAME 0x020
94
94
 
95
- /* If this score or above CRL is probably valid */
95
+ // If this score or above CRL is probably valid
96
96
 
97
- #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
97
+ #define CRL_SCORE_VALID \
98
+ (CRL_SCORE_NOCRITICAL | CRL_SCORE_TIME | CRL_SCORE_SCOPE)
98
99
 
99
- /* CRL issuer is certificate issuer */
100
+ // CRL issuer is certificate issuer
100
101
 
101
- #define CRL_SCORE_ISSUER_CERT 0x018
102
+ #define CRL_SCORE_ISSUER_CERT 0x018
102
103
 
103
- /* CRL issuer is on certificate path */
104
+ // CRL issuer is on certificate path
104
105
 
105
- #define CRL_SCORE_SAME_PATH 0x008
106
+ #define CRL_SCORE_SAME_PATH 0x008
106
107
 
107
- /* CRL issuer matches CRL AKID */
108
+ // CRL issuer matches CRL AKID
108
109
 
109
- #define CRL_SCORE_AKID 0x004
110
+ #define CRL_SCORE_AKID 0x004
110
111
 
111
- /* Have a delta CRL with valid times */
112
+ // Have a delta CRL with valid times
112
113
 
113
- #define CRL_SCORE_TIME_DELTA 0x002
114
+ #define CRL_SCORE_TIME_DELTA 0x002
114
115
 
115
116
  static int null_callback(int ok, X509_STORE_CTX *e);
116
117
  static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
@@ -125,2332 +126,2145 @@ static int check_policy(X509_STORE_CTX *ctx);
125
126
 
126
127
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
127
128
  unsigned int *preasons, X509_CRL *crl, X509 *x);
128
- static int get_crl_delta(X509_STORE_CTX *ctx,
129
- X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
130
- static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
131
- int *pcrl_score, X509_CRL *base,
132
- STACK_OF(X509_CRL) *crls);
129
+ static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
130
+ X509 *x);
131
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
132
+ X509_CRL *base, STACK_OF(X509_CRL) *crls);
133
133
  static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134
134
  int *pcrl_score);
135
135
  static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136
136
  unsigned int *preasons);
137
137
  static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138
- static int check_crl_chain(X509_STORE_CTX *ctx,
139
- STACK_OF(X509) *cert_path,
138
+ static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
140
139
  STACK_OF(X509) *crl_path);
141
140
 
142
141
  static int internal_verify(X509_STORE_CTX *ctx);
143
142
 
144
- static int null_callback(int ok, X509_STORE_CTX *e)
145
- {
146
- return ok;
147
- }
143
+ static int null_callback(int ok, X509_STORE_CTX *e) { return ok; }
148
144
 
149
- /* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
150
- * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
151
- * returns zero. */
152
- static int cert_self_signed(X509 *x, int *out_is_self_signed)
153
- {
154
- if (!x509v3_cache_extensions(x)) {
155
- return 0;
156
- }
157
- *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
158
- return 1;
145
+ // cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
146
+ // one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
147
+ // returns zero.
148
+ static int cert_self_signed(X509 *x, int *out_is_self_signed) {
149
+ if (!x509v3_cache_extensions(x)) {
150
+ return 0;
151
+ }
152
+ *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
153
+ return 1;
159
154
  }
160
155
 
161
- /* Given a certificate try and find an exact match in the store */
162
-
163
- static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
164
- {
165
- STACK_OF(X509) *certs;
166
- X509 *xtmp = NULL;
167
- size_t i;
168
- /* Lookup all certs with matching subject name */
169
- certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
170
- if (certs == NULL)
171
- return NULL;
172
- /* Look for exact match */
173
- for (i = 0; i < sk_X509_num(certs); i++) {
174
- xtmp = sk_X509_value(certs, i);
175
- if (!X509_cmp(xtmp, x))
176
- break;
177
- }
178
- if (i < sk_X509_num(certs))
179
- X509_up_ref(xtmp);
180
- else
181
- xtmp = NULL;
182
- sk_X509_pop_free(certs, X509_free);
183
- return xtmp;
184
- }
185
-
186
- int X509_verify_cert(X509_STORE_CTX *ctx)
187
- {
188
- X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
189
- int bad_chain = 0;
190
- X509_VERIFY_PARAM *param = ctx->param;
191
- int depth, i, ok = 0;
192
- int num, j, retry, trust;
193
- int (*cb) (int xok, X509_STORE_CTX *xctx);
194
- STACK_OF(X509) *sktmp = NULL;
195
- if (ctx->cert == NULL) {
196
- OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
197
- ctx->error = X509_V_ERR_INVALID_CALL;
198
- return -1;
199
- }
200
- if (ctx->chain != NULL) {
201
- /*
202
- * This X509_STORE_CTX has already been used to verify a cert. We
203
- * cannot do another one.
204
- */
205
- OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
206
- ctx->error = X509_V_ERR_INVALID_CALL;
207
- return -1;
208
- }
209
-
210
- cb = ctx->verify_cb;
211
-
212
- /*
213
- * first we make sure the chain we are going to build is present and that
214
- * the first entry is in place
215
- */
216
- ctx->chain = sk_X509_new_null();
217
- if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
218
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
219
- ctx->error = X509_V_ERR_OUT_OF_MEM;
220
- goto end;
221
- }
222
- X509_up_ref(ctx->cert);
223
- ctx->last_untrusted = 1;
156
+ // Given a certificate try and find an exact match in the store
224
157
 
225
- /* We use a temporary STACK so we can chop and hack at it. */
226
- if (ctx->untrusted != NULL
227
- && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
228
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
229
- ctx->error = X509_V_ERR_OUT_OF_MEM;
158
+ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) {
159
+ STACK_OF(X509) *certs;
160
+ X509 *xtmp = NULL;
161
+ size_t i;
162
+ // Lookup all certs with matching subject name
163
+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
164
+ if (certs == NULL) {
165
+ return NULL;
166
+ }
167
+ // Look for exact match
168
+ for (i = 0; i < sk_X509_num(certs); i++) {
169
+ xtmp = sk_X509_value(certs, i);
170
+ if (!X509_cmp(xtmp, x)) {
171
+ break;
172
+ }
173
+ }
174
+ if (i < sk_X509_num(certs)) {
175
+ X509_up_ref(xtmp);
176
+ } else {
177
+ xtmp = NULL;
178
+ }
179
+ sk_X509_pop_free(certs, X509_free);
180
+ return xtmp;
181
+ }
182
+
183
+ int X509_verify_cert(X509_STORE_CTX *ctx) {
184
+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
185
+ int bad_chain = 0;
186
+ X509_VERIFY_PARAM *param = ctx->param;
187
+ int depth, i, ok = 0;
188
+ int num, j, retry, trust;
189
+ STACK_OF(X509) *sktmp = NULL;
190
+
191
+ if (ctx->cert == NULL) {
192
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
193
+ ctx->error = X509_V_ERR_INVALID_CALL;
194
+ return -1;
195
+ }
196
+ if (ctx->chain != NULL) {
197
+ // This X509_STORE_CTX has already been used to verify a cert. We
198
+ // cannot do another one.
199
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
200
+ ctx->error = X509_V_ERR_INVALID_CALL;
201
+ return -1;
202
+ }
203
+
204
+ // first we make sure the chain we are going to build is present and that
205
+ // the first entry is in place
206
+ ctx->chain = sk_X509_new_null();
207
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
208
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
209
+ goto end;
210
+ }
211
+ X509_up_ref(ctx->cert);
212
+ ctx->last_untrusted = 1;
213
+
214
+ // We use a temporary STACK so we can chop and hack at it.
215
+ if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
216
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
217
+ goto end;
218
+ }
219
+
220
+ num = sk_X509_num(ctx->chain);
221
+ x = sk_X509_value(ctx->chain, num - 1);
222
+ depth = param->depth;
223
+
224
+ for (;;) {
225
+ // If we have enough, we break
226
+ if (depth < num) {
227
+ break; // FIXME: If this happens, we should take
228
+ // note of it and, if appropriate, use the
229
+ // X509_V_ERR_CERT_CHAIN_TOO_LONG error code
230
+ // later.
231
+ }
232
+
233
+ int is_self_signed;
234
+ if (!cert_self_signed(x, &is_self_signed)) {
235
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
236
+ goto end;
237
+ }
238
+
239
+ // If we are self signed, we break
240
+ if (is_self_signed) {
241
+ break;
242
+ }
243
+ // If asked see if we can find issuer in trusted store first
244
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
245
+ ok = ctx->get_issuer(&xtmp, ctx, x);
246
+ if (ok < 0) {
247
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
230
248
  goto end;
231
- }
232
-
233
- num = sk_X509_num(ctx->chain);
234
- x = sk_X509_value(ctx->chain, num - 1);
235
- depth = param->depth;
236
-
237
- for (;;) {
238
- /* If we have enough, we break */
239
- if (depth < num)
240
- break; /* FIXME: If this happens, we should take
241
- * note of it and, if appropriate, use the
242
- * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
243
- * later. */
244
-
245
- int is_self_signed;
246
- if (!cert_self_signed(x, &is_self_signed)) {
247
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
248
- goto end;
249
- }
250
-
251
- /* If we are self signed, we break */
252
- if (is_self_signed)
253
- break;
254
- /*
255
- * If asked see if we can find issuer in trusted store first
256
- */
257
- if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
258
- ok = ctx->get_issuer(&xtmp, ctx, x);
259
- if (ok < 0) {
260
- ctx->error = X509_V_ERR_STORE_LOOKUP;
261
- goto end;
262
- }
263
- /*
264
- * If successful for now free up cert so it will be picked up
265
- * again later.
266
- */
267
- if (ok > 0) {
268
- X509_free(xtmp);
269
- break;
270
- }
271
- }
272
-
273
- /* If we were passed a cert chain, use it first */
274
- if (sktmp != NULL) {
275
- xtmp = find_issuer(ctx, sktmp, x);
276
- if (xtmp != NULL) {
277
- if (!sk_X509_push(ctx->chain, xtmp)) {
278
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
279
- ctx->error = X509_V_ERR_OUT_OF_MEM;
280
- ok = 0;
281
- goto end;
282
- }
283
- X509_up_ref(xtmp);
284
- (void)sk_X509_delete_ptr(sktmp, xtmp);
285
- ctx->last_untrusted++;
286
- x = xtmp;
287
- num++;
288
- /*
289
- * reparse the full chain for the next one
290
- */
291
- continue;
292
- }
293
- }
249
+ }
250
+ // If successful for now free up cert so it will be picked up
251
+ // again later.
252
+ if (ok > 0) {
253
+ X509_free(xtmp);
294
254
  break;
255
+ }
295
256
  }
296
257
 
297
- /* Remember how many untrusted certs we have */
298
- j = num;
299
- /*
300
- * at this point, chain should contain a list of untrusted certificates.
301
- * We now need to add at least one trusted one, if possible, otherwise we
302
- * complain.
303
- */
304
-
305
- do {
306
- /*
307
- * Examine last certificate in chain and see if it is self signed.
308
- */
309
- i = sk_X509_num(ctx->chain);
310
- x = sk_X509_value(ctx->chain, i - 1);
311
-
312
- int is_self_signed;
313
- if (!cert_self_signed(x, &is_self_signed)) {
314
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
315
- goto end;
258
+ // If we were passed a cert chain, use it first
259
+ if (sktmp != NULL) {
260
+ xtmp = find_issuer(ctx, sktmp, x);
261
+ if (xtmp != NULL) {
262
+ if (!sk_X509_push(ctx->chain, xtmp)) {
263
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
264
+ ok = 0;
265
+ goto end;
316
266
  }
317
-
318
- if (is_self_signed) {
319
- /* we have a self signed certificate */
320
- if (sk_X509_num(ctx->chain) == 1) {
321
- /*
322
- * We have a single self signed certificate: see if we can
323
- * find it in the store. We must have an exact match to avoid
324
- * possible impersonation.
325
- */
326
- ok = ctx->get_issuer(&xtmp, ctx, x);
327
- if ((ok <= 0) || X509_cmp(x, xtmp)) {
328
- ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
329
- ctx->current_cert = x;
330
- ctx->error_depth = i - 1;
331
- if (ok == 1)
332
- X509_free(xtmp);
333
- bad_chain = 1;
334
- ok = cb(0, ctx);
335
- if (!ok)
336
- goto end;
337
- } else {
338
- /*
339
- * We have a match: replace certificate with store
340
- * version so we get any trust settings.
341
- */
342
- X509_free(x);
343
- x = xtmp;
344
- (void)sk_X509_set(ctx->chain, i - 1, x);
345
- ctx->last_untrusted = 0;
346
- }
347
- } else {
348
- /*
349
- * extract and save self signed certificate for later use
350
- */
351
- chain_ss = sk_X509_pop(ctx->chain);
352
- ctx->last_untrusted--;
353
- num--;
354
- j--;
355
- x = sk_X509_value(ctx->chain, num - 1);
356
- }
357
- }
358
- /* We now lookup certs from the certificate store */
359
- for (;;) {
360
- /* If we have enough, we break */
361
- if (depth < num)
362
- break;
363
- if (!cert_self_signed(x, &is_self_signed)) {
364
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
365
- goto end;
366
- }
367
- /* If we are self signed, we break */
368
- if (is_self_signed)
369
- break;
370
- ok = ctx->get_issuer(&xtmp, ctx, x);
371
-
372
- if (ok < 0) {
373
- ctx->error = X509_V_ERR_STORE_LOOKUP;
374
- goto end;
375
- }
376
- if (ok == 0)
377
- break;
378
- x = xtmp;
379
- if (!sk_X509_push(ctx->chain, x)) {
380
- X509_free(xtmp);
381
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
382
- ctx->error = X509_V_ERR_OUT_OF_MEM;
383
- ok = 0;
384
- goto end;
385
- }
386
- num++;
387
- }
388
-
389
- /* we now have our chain, lets check it... */
390
- trust = check_trust(ctx);
391
-
392
- /* If explicitly rejected error */
393
- if (trust == X509_TRUST_REJECTED) {
394
- ok = 0;
267
+ X509_up_ref(xtmp);
268
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
269
+ ctx->last_untrusted++;
270
+ x = xtmp;
271
+ num++;
272
+ // reparse the full chain for the next one
273
+ continue;
274
+ }
275
+ }
276
+ break;
277
+ }
278
+
279
+ // Remember how many untrusted certs we have
280
+ j = num;
281
+ // at this point, chain should contain a list of untrusted certificates.
282
+ // We now need to add at least one trusted one, if possible, otherwise we
283
+ // complain.
284
+
285
+ do {
286
+ // Examine last certificate in chain and see if it is self signed.
287
+ i = sk_X509_num(ctx->chain);
288
+ x = sk_X509_value(ctx->chain, i - 1);
289
+
290
+ int is_self_signed;
291
+ if (!cert_self_signed(x, &is_self_signed)) {
292
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
293
+ goto end;
294
+ }
295
+
296
+ if (is_self_signed) {
297
+ // we have a self signed certificate
298
+ if (sk_X509_num(ctx->chain) == 1) {
299
+ // We have a single self signed certificate: see if we can
300
+ // find it in the store. We must have an exact match to avoid
301
+ // possible impersonation.
302
+ ok = ctx->get_issuer(&xtmp, ctx, x);
303
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
304
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
305
+ ctx->current_cert = x;
306
+ ctx->error_depth = i - 1;
307
+ if (ok == 1) {
308
+ X509_free(xtmp);
309
+ }
310
+ bad_chain = 1;
311
+ ok = ctx->verify_cb(0, ctx);
312
+ if (!ok) {
395
313
  goto end;
396
- }
397
- /*
398
- * If it's not explicitly trusted then check if there is an alternative
399
- * chain that could be used. We only do this if we haven't already
400
- * checked via TRUSTED_FIRST and the user hasn't switched off alternate
401
- * chain checking
402
- */
403
- retry = 0;
404
- if (trust != X509_TRUST_TRUSTED
405
- && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
406
- && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
407
- while (j-- > 1) {
408
- xtmp2 = sk_X509_value(ctx->chain, j - 1);
409
- ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
410
- if (ok < 0)
411
- goto end;
412
- /* Check if we found an alternate chain */
413
- if (ok > 0) {
414
- /*
415
- * Free up the found cert we'll add it again later
416
- */
417
- X509_free(xtmp);
418
-
419
- /*
420
- * Dump all the certs above this point - we've found an
421
- * alternate chain
422
- */
423
- while (num > j) {
424
- xtmp = sk_X509_pop(ctx->chain);
425
- X509_free(xtmp);
426
- num--;
427
- }
428
- ctx->last_untrusted = sk_X509_num(ctx->chain);
429
- retry = 1;
430
- break;
431
- }
432
- }
433
- }
434
- } while (retry);
435
-
436
- /*
437
- * If not explicitly trusted then indicate error unless it's a single
438
- * self signed certificate in which case we've indicated an error already
439
- * and set bad_chain == 1
440
- */
441
- if (trust != X509_TRUST_TRUSTED && !bad_chain) {
442
- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
443
- if (ctx->last_untrusted >= num)
444
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
445
- else
446
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
447
- ctx->current_cert = x;
314
+ }
448
315
  } else {
449
-
450
- sk_X509_push(ctx->chain, chain_ss);
451
- num++;
452
- ctx->last_untrusted = num;
453
- ctx->current_cert = chain_ss;
454
- ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
455
- chain_ss = NULL;
316
+ // We have a match: replace certificate with store
317
+ // version so we get any trust settings.
318
+ X509_free(x);
319
+ x = xtmp;
320
+ (void)sk_X509_set(ctx->chain, i - 1, x);
321
+ ctx->last_untrusted = 0;
456
322
  }
457
-
458
- ctx->error_depth = num - 1;
459
- bad_chain = 1;
460
- ok = cb(0, ctx);
461
- if (!ok)
462
- goto end;
463
- }
464
-
465
- /* We have the chain complete: now we need to check its purpose */
466
- ok = check_chain_extensions(ctx);
467
-
468
- if (!ok)
469
- goto end;
470
-
471
- ok = check_id(ctx);
472
-
473
- if (!ok)
474
- goto end;
475
-
476
- /*
477
- * Check revocation status: we do this after copying parameters because
478
- * they may be needed for CRL signature verification.
479
- */
480
-
481
- ok = ctx->check_revocation(ctx);
482
- if (!ok)
323
+ } else {
324
+ // extract and save self signed certificate for later use
325
+ chain_ss = sk_X509_pop(ctx->chain);
326
+ ctx->last_untrusted--;
327
+ num--;
328
+ j--;
329
+ x = sk_X509_value(ctx->chain, num - 1);
330
+ }
331
+ }
332
+ // We now lookup certs from the certificate store
333
+ for (;;) {
334
+ // If we have enough, we break
335
+ if (depth < num) {
336
+ break;
337
+ }
338
+ if (!cert_self_signed(x, &is_self_signed)) {
339
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
483
340
  goto end;
341
+ }
342
+ // If we are self signed, we break
343
+ if (is_self_signed) {
344
+ break;
345
+ }
346
+ ok = ctx->get_issuer(&xtmp, ctx, x);
484
347
 
485
- int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
486
- ctx->param->flags);
487
- if (err != X509_V_OK) {
488
- ctx->error = err;
489
- ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
490
- ok = cb(0, ctx);
491
- if (!ok)
492
- goto end;
493
- }
494
-
495
- /* At this point, we have a chain and need to verify it */
496
- if (ctx->verify != NULL)
497
- ok = ctx->verify(ctx);
498
- else
499
- ok = internal_verify(ctx);
500
- if (!ok)
348
+ if (ok < 0) {
349
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
501
350
  goto end;
502
-
503
- /* Check name constraints */
504
-
505
- ok = check_name_constraints(ctx);
506
- if (!ok)
351
+ }
352
+ if (ok == 0) {
353
+ break;
354
+ }
355
+ x = xtmp;
356
+ if (!sk_X509_push(ctx->chain, x)) {
357
+ X509_free(xtmp);
358
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
359
+ ok = 0;
507
360
  goto end;
361
+ }
362
+ num++;
363
+ }
364
+
365
+ // we now have our chain, lets check it...
366
+ trust = check_trust(ctx);
367
+
368
+ // If explicitly rejected error
369
+ if (trust == X509_TRUST_REJECTED) {
370
+ ok = 0;
371
+ goto end;
372
+ }
373
+ // If it's not explicitly trusted then check if there is an alternative
374
+ // chain that could be used. We only do this if we haven't already
375
+ // checked via TRUSTED_FIRST and the user hasn't switched off alternate
376
+ // chain checking
377
+ retry = 0;
378
+ if (trust != X509_TRUST_TRUSTED &&
379
+ !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
380
+ !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
381
+ while (j-- > 1) {
382
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
383
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
384
+ if (ok < 0) {
385
+ goto end;
386
+ }
387
+ // Check if we found an alternate chain
388
+ if (ok > 0) {
389
+ // Free up the found cert we'll add it again later
390
+ X509_free(xtmp);
391
+
392
+ // Dump all the certs above this point - we've found an
393
+ // alternate chain
394
+ while (num > j) {
395
+ xtmp = sk_X509_pop(ctx->chain);
396
+ X509_free(xtmp);
397
+ num--;
398
+ }
399
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
400
+ retry = 1;
401
+ break;
402
+ }
403
+ }
404
+ }
405
+ } while (retry);
406
+
407
+ // If not explicitly trusted then indicate error unless it's a single
408
+ // self signed certificate in which case we've indicated an error already
409
+ // and set bad_chain == 1
410
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
411
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
412
+ if (ctx->last_untrusted >= num) {
413
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
414
+ } else {
415
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
416
+ }
417
+ ctx->current_cert = x;
418
+ } else {
419
+ sk_X509_push(ctx->chain, chain_ss);
420
+ num++;
421
+ ctx->last_untrusted = num;
422
+ ctx->current_cert = chain_ss;
423
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
424
+ chain_ss = NULL;
425
+ }
426
+
427
+ ctx->error_depth = num - 1;
428
+ bad_chain = 1;
429
+ ok = ctx->verify_cb(0, ctx);
430
+ if (!ok) {
431
+ goto end;
432
+ }
433
+ }
434
+
435
+ // We have the chain complete: now we need to check its purpose
436
+ ok = check_chain_extensions(ctx);
437
+
438
+ if (!ok) {
439
+ goto end;
440
+ }
441
+
442
+ ok = check_id(ctx);
443
+
444
+ if (!ok) {
445
+ goto end;
446
+ }
447
+
448
+ // Check revocation status: we do this after copying parameters because
449
+ // they may be needed for CRL signature verification.
450
+ ok = ctx->check_revocation(ctx);
451
+ if (!ok) {
452
+ goto end;
453
+ }
454
+
455
+ // At this point, we have a chain and need to verify it
456
+ if (ctx->verify != NULL) {
457
+ ok = ctx->verify(ctx);
458
+ } else {
459
+ ok = internal_verify(ctx);
460
+ }
461
+ if (!ok) {
462
+ goto end;
463
+ }
464
+
465
+ // Check name constraints
466
+ ok = check_name_constraints(ctx);
467
+ if (!ok) {
468
+ goto end;
469
+ }
470
+
471
+ // If we get this far, evaluate policies.
472
+ if (!bad_chain) {
473
+ ok = ctx->check_policy(ctx);
474
+ }
475
+
476
+ end:
477
+ if (sktmp != NULL) {
478
+ sk_X509_free(sktmp);
479
+ }
480
+ if (chain_ss != NULL) {
481
+ X509_free(chain_ss);
482
+ }
483
+
484
+ // Safety net, error returns must set ctx->error
485
+ if (ok <= 0 && ctx->error == X509_V_OK) {
486
+ ctx->error = X509_V_ERR_UNSPECIFIED;
487
+ }
488
+ return ok;
489
+ }
490
+
491
+ // Given a STACK_OF(X509) find the issuer of cert (if any)
492
+
493
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) {
494
+ size_t i;
495
+ X509 *issuer;
496
+ for (i = 0; i < sk_X509_num(sk); i++) {
497
+ issuer = sk_X509_value(sk, i);
498
+ if (ctx->check_issued(ctx, x, issuer)) {
499
+ return issuer;
500
+ }
501
+ }
502
+ return NULL;
503
+ }
504
+
505
+ // Given a possible certificate and issuer check them
506
+
507
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) {
508
+ int ret;
509
+ ret = X509_check_issued(issuer, x);
510
+ if (ret == X509_V_OK) {
511
+ return 1;
512
+ }
513
+ // If we haven't asked for issuer errors don't set ctx
514
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) {
515
+ return 0;
516
+ }
508
517
 
509
- /* If we get this far evaluate policies */
510
- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
511
- ok = ctx->check_policy(ctx);
512
-
513
- end:
514
- if (sktmp != NULL)
515
- sk_X509_free(sktmp);
516
- if (chain_ss != NULL)
517
- X509_free(chain_ss);
518
-
519
- /* Safety net, error returns must set ctx->error */
520
- if (ok <= 0 && ctx->error == X509_V_OK)
521
- ctx->error = X509_V_ERR_UNSPECIFIED;
522
- return ok;
523
- }
524
-
525
- /*
526
- * Given a STACK_OF(X509) find the issuer of cert (if any)
527
- */
528
-
529
- static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
530
- {
531
- size_t i;
532
- X509 *issuer;
533
- for (i = 0; i < sk_X509_num(sk); i++) {
534
- issuer = sk_X509_value(sk, i);
535
- if (ctx->check_issued(ctx, x, issuer))
536
- return issuer;
537
- }
538
- return NULL;
539
- }
540
-
541
- /* Given a possible certificate and issuer check them */
542
-
543
- static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
544
- {
545
- int ret;
546
- ret = X509_check_issued(issuer, x);
547
- if (ret == X509_V_OK)
548
- return 1;
549
- /* If we haven't asked for issuer errors don't set ctx */
550
- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
551
- return 0;
552
-
553
- ctx->error = ret;
554
- ctx->current_cert = x;
555
- ctx->current_issuer = issuer;
556
- return ctx->verify_cb(0, ctx);
518
+ ctx->error = ret;
519
+ ctx->current_cert = x;
520
+ ctx->current_issuer = issuer;
521
+ return ctx->verify_cb(0, ctx);
557
522
  }
558
523
 
559
- /* Alternative lookup method: look from a STACK stored in other_ctx */
524
+ // Alternative lookup method: look from a STACK stored in other_ctx
560
525
 
561
- static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
562
- {
563
- *issuer = find_issuer(ctx, ctx->other_ctx, x);
564
- if (*issuer) {
565
- X509_up_ref(*issuer);
566
- return 1;
567
- } else
568
- return 0;
526
+ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) {
527
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
528
+ if (*issuer) {
529
+ X509_up_ref(*issuer);
530
+ return 1;
531
+ } else {
532
+ return 0;
533
+ }
569
534
  }
570
535
 
571
- /*
572
- * Check a certificate chains extensions for consistency with the supplied
573
- * purpose
574
- */
575
-
576
- static int check_chain_extensions(X509_STORE_CTX *ctx)
577
- {
578
- int i, ok = 0, plen = 0;
579
- X509 *x;
580
- int (*cb) (int xok, X509_STORE_CTX *xctx);
581
- int proxy_path_length = 0;
582
- int purpose;
583
- int allow_proxy_certs;
584
- cb = ctx->verify_cb;
585
-
586
- enum {
587
- // ca_or_leaf allows either type of certificate so that direct use of
588
- // self-signed certificates works.
589
- ca_or_leaf,
590
- must_be_ca,
591
- must_not_be_ca,
592
- } ca_requirement;
593
-
594
- /* CRL path validation */
595
- if (ctx->parent) {
596
- allow_proxy_certs = 0;
597
- purpose = X509_PURPOSE_CRL_SIGN;
598
- } else {
599
- allow_proxy_certs =
600
- ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
601
- purpose = ctx->param->purpose;
602
- }
603
-
604
- ca_requirement = ca_or_leaf;
536
+ // Check a certificate chains extensions for consistency with the supplied
537
+ // purpose
605
538
 
606
- /* Check all untrusted certificates */
607
- for (i = 0; i < ctx->last_untrusted; i++) {
608
- int ret;
609
- x = sk_X509_value(ctx->chain, i);
610
- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
611
- && (x->ex_flags & EXFLAG_CRITICAL)) {
612
- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
613
- ctx->error_depth = i;
614
- ctx->current_cert = x;
615
- ok = cb(0, ctx);
616
- if (!ok)
617
- goto end;
618
- }
619
- if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
620
- ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
621
- ctx->error_depth = i;
622
- ctx->current_cert = x;
623
- ok = cb(0, ctx);
624
- if (!ok)
625
- goto end;
626
- }
627
-
628
- switch (ca_requirement) {
629
- case ca_or_leaf:
630
- ret = 1;
631
- break;
632
- case must_not_be_ca:
633
- if (X509_check_ca(x)) {
634
- ret = 0;
635
- ctx->error = X509_V_ERR_INVALID_NON_CA;
636
- } else
637
- ret = 1;
638
- break;
639
- case must_be_ca:
640
- if (!X509_check_ca(x)) {
641
- ret = 0;
642
- ctx->error = X509_V_ERR_INVALID_CA;
643
- } else
644
- ret = 1;
645
- break;
646
- default:
647
- // impossible.
648
- ret = 0;
649
- }
539
+ static int check_chain_extensions(X509_STORE_CTX *ctx) {
540
+ int ok = 0, plen = 0;
650
541
 
651
- if (ret == 0) {
652
- ctx->error_depth = i;
653
- ctx->current_cert = x;
654
- ok = cb(0, ctx);
655
- if (!ok)
656
- goto end;
657
- }
658
- if (ctx->param->purpose > 0) {
659
- ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
660
- if (ret != 1) {
661
- ret = 0;
662
- ctx->error = X509_V_ERR_INVALID_PURPOSE;
663
- ctx->error_depth = i;
664
- ctx->current_cert = x;
665
- ok = cb(0, ctx);
666
- if (!ok)
667
- goto end;
668
- }
669
- }
670
- /* Check pathlen if not self issued */
671
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
672
- && (x->ex_pathlen != -1)
673
- && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
674
- ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
675
- ctx->error_depth = i;
676
- ctx->current_cert = x;
677
- ok = cb(0, ctx);
678
- if (!ok)
679
- goto end;
680
- }
681
- /* Increment path length if not self issued */
682
- if (!(x->ex_flags & EXFLAG_SI))
683
- plen++;
684
- /*
685
- * If this certificate is a proxy certificate, the next certificate
686
- * must be another proxy certificate or a EE certificate. If not,
687
- * the next certificate must be a CA certificate.
688
- */
689
- if (x->ex_flags & EXFLAG_PROXY) {
690
- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
691
- ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
692
- ctx->error_depth = i;
693
- ctx->current_cert = x;
694
- ok = cb(0, ctx);
695
- if (!ok)
696
- goto end;
697
- }
698
- proxy_path_length++;
699
- ca_requirement = must_not_be_ca;
700
- } else {
701
- ca_requirement = must_be_ca;
702
- }
703
- }
704
- ok = 1;
705
- end:
706
- return ok;
707
- }
542
+ // If |ctx->parent| is set, this is CRL path validation.
543
+ int purpose =
544
+ ctx->parent == NULL ? ctx->param->purpose : X509_PURPOSE_CRL_SIGN;
708
545
 
709
- static int reject_dns_name_in_common_name(X509 *x509)
710
- {
711
- X509_NAME *name = X509_get_subject_name(x509);
712
- int i = -1;
713
- for (;;) {
714
- i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
715
- if (i == -1) {
716
- return X509_V_OK;
717
- }
718
-
719
- X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
720
- ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
721
- unsigned char *idval;
722
- int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
723
- if (idlen < 0) {
724
- return X509_V_ERR_OUT_OF_MEM;
725
- }
726
- /* Only process attributes that look like host names. Note it is
727
- * important that this check be mirrored in |X509_check_host|. */
728
- int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
729
- OPENSSL_free(idval);
730
- if (looks_like_dns) {
731
- return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
732
- }
733
- }
734
- }
735
-
736
- static int check_name_constraints(X509_STORE_CTX *ctx)
737
- {
738
- int i, j, rv;
739
- int has_name_constraints = 0;
740
- /* Check name constraints for all certificates */
741
- for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
742
- X509 *x = sk_X509_value(ctx->chain, i);
743
- /* Ignore self issued certs unless last in chain */
744
- if (i && (x->ex_flags & EXFLAG_SI))
745
- continue;
746
- /*
747
- * Check against constraints for all certificates higher in chain
748
- * including trust anchor. Trust anchor not strictly speaking needed
749
- * but if it includes constraints it is to be assumed it expects them
750
- * to be obeyed.
751
- */
752
- for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
753
- NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
754
- if (nc) {
755
- has_name_constraints = 1;
756
- rv = NAME_CONSTRAINTS_check(x, nc);
757
- switch (rv) {
758
- case X509_V_OK:
759
- continue;
760
- case X509_V_ERR_OUT_OF_MEM:
761
- ctx->error = rv;
762
- return 0;
763
- default:
764
- ctx->error = rv;
765
- ctx->error_depth = i;
766
- ctx->current_cert = x;
767
- if (!ctx->verify_cb(0, ctx))
768
- return 0;
769
- break;
770
- }
771
- }
772
- }
546
+ // Check all untrusted certificates
547
+ for (int i = 0; i < ctx->last_untrusted; i++) {
548
+ X509 *x = sk_X509_value(ctx->chain, i);
549
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
550
+ (x->ex_flags & EXFLAG_CRITICAL)) {
551
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
552
+ ctx->error_depth = i;
553
+ ctx->current_cert = x;
554
+ ok = ctx->verify_cb(0, ctx);
555
+ if (!ok) {
556
+ goto end;
557
+ }
773
558
  }
774
559
 
775
- /* Name constraints do not match against the common name, but
776
- * |X509_check_host| still implements the legacy behavior where, on
777
- * certificates lacking a SAN list, DNS-like names in the common name are
778
- * checked instead.
779
- *
780
- * While we could apply the name constraints to the common name, name
781
- * constraints are rare enough that can hold such certificates to a higher
782
- * standard. Note this does not make "DNS-like" heuristic failures any
783
- * worse. A decorative common-name misidentified as a DNS name would fail
784
- * the name constraint anyway. */
785
- X509 *leaf = sk_X509_value(ctx->chain, 0);
786
- if (has_name_constraints && leaf->altname == NULL) {
787
- rv = reject_dns_name_in_common_name(leaf);
560
+ int must_be_ca = i > 0;
561
+ if (must_be_ca && !X509_check_ca(x)) {
562
+ ctx->error = X509_V_ERR_INVALID_CA;
563
+ ctx->error_depth = i;
564
+ ctx->current_cert = x;
565
+ ok = ctx->verify_cb(0, ctx);
566
+ if (!ok) {
567
+ goto end;
568
+ }
569
+ }
570
+ if (ctx->param->purpose > 0 &&
571
+ X509_check_purpose(x, purpose, must_be_ca) != 1) {
572
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
573
+ ctx->error_depth = i;
574
+ ctx->current_cert = x;
575
+ ok = ctx->verify_cb(0, ctx);
576
+ if (!ok) {
577
+ goto end;
578
+ }
579
+ }
580
+ // Check pathlen if not self issued
581
+ if (i > 1 && !(x->ex_flags & EXFLAG_SI) && x->ex_pathlen != -1 &&
582
+ plen > x->ex_pathlen + 1) {
583
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
584
+ ctx->error_depth = i;
585
+ ctx->current_cert = x;
586
+ ok = ctx->verify_cb(0, ctx);
587
+ if (!ok) {
588
+ goto end;
589
+ }
590
+ }
591
+ // Increment path length if not self issued
592
+ if (!(x->ex_flags & EXFLAG_SI)) {
593
+ plen++;
594
+ }
595
+ }
596
+ ok = 1;
597
+ end:
598
+ return ok;
599
+ }
600
+
601
+ static int reject_dns_name_in_common_name(X509 *x509) {
602
+ const X509_NAME *name = X509_get_subject_name(x509);
603
+ int i = -1;
604
+ for (;;) {
605
+ i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
606
+ if (i == -1) {
607
+ return X509_V_OK;
608
+ }
609
+
610
+ const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
611
+ const ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
612
+ unsigned char *idval;
613
+ int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
614
+ if (idlen < 0) {
615
+ return X509_V_ERR_OUT_OF_MEM;
616
+ }
617
+ // Only process attributes that look like host names. Note it is
618
+ // important that this check be mirrored in |X509_check_host|.
619
+ int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
620
+ OPENSSL_free(idval);
621
+ if (looks_like_dns) {
622
+ return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
623
+ }
624
+ }
625
+ }
626
+
627
+ static int check_name_constraints(X509_STORE_CTX *ctx) {
628
+ int i, j, rv;
629
+ int has_name_constraints = 0;
630
+ // Check name constraints for all certificates
631
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
632
+ X509 *x = sk_X509_value(ctx->chain, i);
633
+ // Ignore self issued certs unless last in chain
634
+ if (i && (x->ex_flags & EXFLAG_SI)) {
635
+ continue;
636
+ }
637
+ // Check against constraints for all certificates higher in chain
638
+ // including trust anchor. Trust anchor not strictly speaking needed
639
+ // but if it includes constraints it is to be assumed it expects them
640
+ // to be obeyed.
641
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
642
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
643
+ if (nc) {
644
+ has_name_constraints = 1;
645
+ rv = NAME_CONSTRAINTS_check(x, nc);
788
646
  switch (rv) {
789
- case X509_V_OK:
790
- break;
791
- case X509_V_ERR_OUT_OF_MEM:
647
+ case X509_V_OK:
648
+ continue;
649
+ case X509_V_ERR_OUT_OF_MEM:
792
650
  ctx->error = rv;
793
651
  return 0;
794
- default:
652
+ default:
795
653
  ctx->error = rv;
796
654
  ctx->error_depth = i;
797
- ctx->current_cert = leaf;
798
- if (!ctx->verify_cb(0, ctx))
799
- return 0;
655
+ ctx->current_cert = x;
656
+ if (!ctx->verify_cb(0, ctx)) {
657
+ return 0;
658
+ }
800
659
  break;
801
660
  }
661
+ }
662
+ }
663
+ }
664
+
665
+ // Name constraints do not match against the common name, but
666
+ // |X509_check_host| still implements the legacy behavior where, on
667
+ // certificates lacking a SAN list, DNS-like names in the common name are
668
+ // checked instead.
669
+ //
670
+ // While we could apply the name constraints to the common name, name
671
+ // constraints are rare enough that can hold such certificates to a higher
672
+ // standard. Note this does not make "DNS-like" heuristic failures any
673
+ // worse. A decorative common-name misidentified as a DNS name would fail
674
+ // the name constraint anyway.
675
+ X509 *leaf = sk_X509_value(ctx->chain, 0);
676
+ if (has_name_constraints && leaf->altname == NULL) {
677
+ rv = reject_dns_name_in_common_name(leaf);
678
+ switch (rv) {
679
+ case X509_V_OK:
680
+ break;
681
+ case X509_V_ERR_OUT_OF_MEM:
682
+ ctx->error = rv;
683
+ return 0;
684
+ default:
685
+ ctx->error = rv;
686
+ ctx->error_depth = i;
687
+ ctx->current_cert = leaf;
688
+ if (!ctx->verify_cb(0, ctx)) {
689
+ return 0;
690
+ }
691
+ break;
802
692
  }
803
-
693
+ }
694
+
695
+ return 1;
696
+ }
697
+
698
+ static int check_id_error(X509_STORE_CTX *ctx, int errcode) {
699
+ ctx->error = errcode;
700
+ ctx->current_cert = ctx->cert;
701
+ ctx->error_depth = 0;
702
+ return ctx->verify_cb(0, ctx);
703
+ }
704
+
705
+ static int check_hosts(X509 *x, X509_VERIFY_PARAM *param) {
706
+ size_t i;
707
+ size_t n = sk_OPENSSL_STRING_num(param->hosts);
708
+ char *name;
709
+
710
+ if (param->peername != NULL) {
711
+ OPENSSL_free(param->peername);
712
+ param->peername = NULL;
713
+ }
714
+ for (i = 0; i < n; ++i) {
715
+ name = sk_OPENSSL_STRING_value(param->hosts, i);
716
+ if (X509_check_host(x, name, strlen(name), param->hostflags,
717
+ &param->peername) > 0) {
718
+ return 1;
719
+ }
720
+ }
721
+ return n == 0;
722
+ }
723
+
724
+ static int check_id(X509_STORE_CTX *ctx) {
725
+ X509_VERIFY_PARAM *vpm = ctx->param;
726
+ X509 *x = ctx->cert;
727
+ if (vpm->poison) {
728
+ if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) {
729
+ return 0;
730
+ }
731
+ }
732
+ if (vpm->hosts && check_hosts(x, vpm) <= 0) {
733
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) {
734
+ return 0;
735
+ }
736
+ }
737
+ if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
738
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) {
739
+ return 0;
740
+ }
741
+ }
742
+ if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
743
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) {
744
+ return 0;
745
+ }
746
+ }
747
+ return 1;
748
+ }
749
+
750
+ static int check_trust(X509_STORE_CTX *ctx) {
751
+ size_t i;
752
+ int ok;
753
+ X509 *x = NULL;
754
+ // Check all trusted certificates in chain
755
+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
756
+ x = sk_X509_value(ctx->chain, i);
757
+ ok = X509_check_trust(x, ctx->param->trust, 0);
758
+ // If explicitly trusted return trusted
759
+ if (ok == X509_TRUST_TRUSTED) {
760
+ return X509_TRUST_TRUSTED;
761
+ }
762
+ // If explicitly rejected notify callback and reject if not
763
+ // overridden.
764
+ if (ok == X509_TRUST_REJECTED) {
765
+ ctx->error_depth = i;
766
+ ctx->current_cert = x;
767
+ ctx->error = X509_V_ERR_CERT_REJECTED;
768
+ ok = ctx->verify_cb(0, ctx);
769
+ if (!ok) {
770
+ return X509_TRUST_REJECTED;
771
+ }
772
+ }
773
+ }
774
+ // If we accept partial chains and have at least one trusted certificate
775
+ // return success.
776
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
777
+ X509 *mx;
778
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) {
779
+ return X509_TRUST_TRUSTED;
780
+ }
781
+ x = sk_X509_value(ctx->chain, 0);
782
+ mx = lookup_cert_match(ctx, x);
783
+ if (mx) {
784
+ (void)sk_X509_set(ctx->chain, 0, mx);
785
+ X509_free(x);
786
+ ctx->last_untrusted = 0;
787
+ return X509_TRUST_TRUSTED;
788
+ }
789
+ }
790
+
791
+ // If no trusted certs in chain at all return untrusted and allow
792
+ // standard (no issuer cert) etc errors to be indicated.
793
+ return X509_TRUST_UNTRUSTED;
794
+ }
795
+
796
+ static int check_revocation(X509_STORE_CTX *ctx) {
797
+ int i, last, ok;
798
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) {
804
799
  return 1;
805
- }
806
-
807
- static int check_id_error(X509_STORE_CTX *ctx, int errcode)
808
- {
809
- ctx->error = errcode;
810
- ctx->current_cert = ctx->cert;
811
- ctx->error_depth = 0;
812
- return ctx->verify_cb(0, ctx);
813
- }
814
-
815
- static int check_hosts(X509 *x, X509_VERIFY_PARAM *param)
816
- {
817
- size_t i;
818
- size_t n = sk_OPENSSL_STRING_num(param->hosts);
819
- char *name;
820
-
821
- if (param->peername != NULL) {
822
- OPENSSL_free(param->peername);
823
- param->peername = NULL;
824
- }
825
- for (i = 0; i < n; ++i) {
826
- name = sk_OPENSSL_STRING_value(param->hosts, i);
827
- if (X509_check_host(x, name, strlen(name), param->hostflags,
828
- &param->peername) > 0)
829
- return 1;
830
- }
831
- return n == 0;
832
- }
833
-
834
- static int check_id(X509_STORE_CTX *ctx)
835
- {
836
- X509_VERIFY_PARAM *vpm = ctx->param;
837
- X509 *x = ctx->cert;
838
- if (vpm->poison) {
839
- if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
840
- return 0;
841
- }
842
- if (vpm->hosts && check_hosts(x, vpm) <= 0) {
843
- if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
844
- return 0;
800
+ }
801
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) {
802
+ last = sk_X509_num(ctx->chain) - 1;
803
+ } else {
804
+ // If checking CRL paths this isn't the EE certificate
805
+ if (ctx->parent) {
806
+ return 1;
807
+ }
808
+ last = 0;
809
+ }
810
+ for (i = 0; i <= last; i++) {
811
+ ctx->error_depth = i;
812
+ ok = check_cert(ctx);
813
+ if (!ok) {
814
+ return ok;
815
+ }
816
+ }
817
+ return 1;
818
+ }
819
+
820
+ static int check_cert(X509_STORE_CTX *ctx) {
821
+ X509_CRL *crl = NULL, *dcrl = NULL;
822
+ X509 *x;
823
+ int ok = 0, cnum;
824
+ unsigned int last_reasons;
825
+ cnum = ctx->error_depth;
826
+ x = sk_X509_value(ctx->chain, cnum);
827
+ ctx->current_cert = x;
828
+ ctx->current_issuer = NULL;
829
+ ctx->current_crl_score = 0;
830
+ ctx->current_reasons = 0;
831
+ while (ctx->current_reasons != CRLDP_ALL_REASONS) {
832
+ last_reasons = ctx->current_reasons;
833
+ // Try to retrieve relevant CRL
834
+ if (ctx->get_crl) {
835
+ ok = ctx->get_crl(ctx, &crl, x);
836
+ } else {
837
+ ok = get_crl_delta(ctx, &crl, &dcrl, x);
845
838
  }
846
- if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
847
- if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
848
- return 0;
839
+ // If error looking up CRL, nothing we can do except notify callback
840
+ if (!ok) {
841
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
842
+ ok = ctx->verify_cb(0, ctx);
843
+ goto err;
849
844
  }
850
- if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
851
- if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
852
- return 0;
845
+ ctx->current_crl = crl;
846
+ ok = ctx->check_crl(ctx, crl);
847
+ if (!ok) {
848
+ goto err;
853
849
  }
854
- return 1;
855
- }
856
850
 
857
- static int check_trust(X509_STORE_CTX *ctx)
858
- {
859
- size_t i;
860
- int ok;
861
- X509 *x = NULL;
862
- int (*cb) (int xok, X509_STORE_CTX *xctx);
863
- cb = ctx->verify_cb;
864
- /* Check all trusted certificates in chain */
865
- for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
866
- x = sk_X509_value(ctx->chain, i);
867
- ok = X509_check_trust(x, ctx->param->trust, 0);
868
- /* If explicitly trusted return trusted */
869
- if (ok == X509_TRUST_TRUSTED)
870
- return X509_TRUST_TRUSTED;
871
- /*
872
- * If explicitly rejected notify callback and reject if not
873
- * overridden.
874
- */
875
- if (ok == X509_TRUST_REJECTED) {
876
- ctx->error_depth = i;
877
- ctx->current_cert = x;
878
- ctx->error = X509_V_ERR_CERT_REJECTED;
879
- ok = cb(0, ctx);
880
- if (!ok)
881
- return X509_TRUST_REJECTED;
882
- }
883
- }
884
- /*
885
- * If we accept partial chains and have at least one trusted certificate
886
- * return success.
887
- */
888
- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
889
- X509 *mx;
890
- if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
891
- return X509_TRUST_TRUSTED;
892
- x = sk_X509_value(ctx->chain, 0);
893
- mx = lookup_cert_match(ctx, x);
894
- if (mx) {
895
- (void)sk_X509_set(ctx->chain, 0, mx);
896
- X509_free(x);
897
- ctx->last_untrusted = 0;
898
- return X509_TRUST_TRUSTED;
899
- }
851
+ if (dcrl) {
852
+ ok = ctx->check_crl(ctx, dcrl);
853
+ if (!ok) {
854
+ goto err;
855
+ }
856
+ ok = ctx->cert_crl(ctx, dcrl, x);
857
+ if (!ok) {
858
+ goto err;
859
+ }
860
+ } else {
861
+ ok = 1;
900
862
  }
901
863
 
902
- /*
903
- * If no trusted certs in chain at all return untrusted and allow
904
- * standard (no issuer cert) etc errors to be indicated.
905
- */
906
- return X509_TRUST_UNTRUSTED;
907
- }
908
-
909
- static int check_revocation(X509_STORE_CTX *ctx)
910
- {
911
- int i, last, ok;
912
- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
913
- return 1;
914
- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
915
- last = sk_X509_num(ctx->chain) - 1;
916
- else {
917
- /* If checking CRL paths this isn't the EE certificate */
918
- if (ctx->parent)
919
- return 1;
920
- last = 0;
921
- }
922
- for (i = 0; i <= last; i++) {
923
- ctx->error_depth = i;
924
- ok = check_cert(ctx);
925
- if (!ok)
926
- return ok;
864
+ // Don't look in full CRL if delta reason is removefromCRL
865
+ if (ok != 2) {
866
+ ok = ctx->cert_crl(ctx, crl, x);
867
+ if (!ok) {
868
+ goto err;
869
+ }
927
870
  }
928
- return 1;
929
- }
930
-
931
- static int check_cert(X509_STORE_CTX *ctx)
932
- {
933
- X509_CRL *crl = NULL, *dcrl = NULL;
934
- X509 *x;
935
- int ok = 0, cnum;
936
- unsigned int last_reasons;
937
- cnum = ctx->error_depth;
938
- x = sk_X509_value(ctx->chain, cnum);
939
- ctx->current_cert = x;
940
- ctx->current_issuer = NULL;
941
- ctx->current_crl_score = 0;
942
- ctx->current_reasons = 0;
943
- while (ctx->current_reasons != CRLDP_ALL_REASONS) {
944
- last_reasons = ctx->current_reasons;
945
- /* Try to retrieve relevant CRL */
946
- if (ctx->get_crl)
947
- ok = ctx->get_crl(ctx, &crl, x);
948
- else
949
- ok = get_crl_delta(ctx, &crl, &dcrl, x);
950
- /*
951
- * If error looking up CRL, nothing we can do except notify callback
952
- */
953
- if (!ok) {
954
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
955
- ok = ctx->verify_cb(0, ctx);
956
- goto err;
957
- }
958
- ctx->current_crl = crl;
959
- ok = ctx->check_crl(ctx, crl);
960
- if (!ok)
961
- goto err;
962
-
963
- if (dcrl) {
964
- ok = ctx->check_crl(ctx, dcrl);
965
- if (!ok)
966
- goto err;
967
- ok = ctx->cert_crl(ctx, dcrl, x);
968
- if (!ok)
969
- goto err;
970
- } else
971
- ok = 1;
972
-
973
- /* Don't look in full CRL if delta reason is removefromCRL */
974
- if (ok != 2) {
975
- ok = ctx->cert_crl(ctx, crl, x);
976
- if (!ok)
977
- goto err;
978
- }
979
871
 
980
- X509_CRL_free(crl);
981
- X509_CRL_free(dcrl);
982
- crl = NULL;
983
- dcrl = NULL;
984
- /*
985
- * If reasons not updated we wont get anywhere by another iteration,
986
- * so exit loop.
987
- */
988
- if (last_reasons == ctx->current_reasons) {
989
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
990
- ok = ctx->verify_cb(0, ctx);
991
- goto err;
992
- }
993
- }
994
- err:
995
872
  X509_CRL_free(crl);
996
873
  X509_CRL_free(dcrl);
874
+ crl = NULL;
875
+ dcrl = NULL;
876
+ // If reasons not updated we wont get anywhere by another iteration,
877
+ // so exit loop.
878
+ if (last_reasons == ctx->current_reasons) {
879
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
880
+ ok = ctx->verify_cb(0, ctx);
881
+ goto err;
882
+ }
883
+ }
884
+ err:
885
+ X509_CRL_free(crl);
886
+ X509_CRL_free(dcrl);
997
887
 
998
- ctx->current_crl = NULL;
999
- return ok;
1000
-
888
+ ctx->current_crl = NULL;
889
+ return ok;
1001
890
  }
1002
891
 
1003
- /* Check CRL times against values in X509_STORE_CTX */
892
+ // Check CRL times against values in X509_STORE_CTX
1004
893
 
1005
- static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1006
- {
1007
- time_t *ptime;
1008
- int i;
1009
- if (notify)
1010
- ctx->current_crl = crl;
1011
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1012
- ptime = &ctx->param->check_time;
1013
- else
1014
- ptime = NULL;
894
+ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) {
895
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
896
+ return 1;
897
+ }
1015
898
 
1016
- i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
1017
- if (i == 0) {
1018
- if (!notify)
1019
- return 0;
1020
- ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
1021
- if (!ctx->verify_cb(0, ctx))
1022
- return 0;
899
+ if (notify) {
900
+ ctx->current_crl = crl;
901
+ }
902
+ int64_t ptime;
903
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
904
+ ptime = ctx->param->check_time;
905
+ } else {
906
+ ptime = time(NULL);
907
+ }
908
+
909
+ int i = X509_cmp_time_posix(X509_CRL_get0_lastUpdate(crl), ptime);
910
+ if (i == 0) {
911
+ if (!notify) {
912
+ return 0;
913
+ }
914
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
915
+ if (!ctx->verify_cb(0, ctx)) {
916
+ return 0;
1023
917
  }
918
+ }
1024
919
 
1025
- if (i > 0) {
1026
- if (!notify)
1027
- return 0;
1028
- ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
1029
- if (!ctx->verify_cb(0, ctx))
1030
- return 0;
920
+ if (i > 0) {
921
+ if (!notify) {
922
+ return 0;
1031
923
  }
924
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
925
+ if (!ctx->verify_cb(0, ctx)) {
926
+ return 0;
927
+ }
928
+ }
1032
929
 
1033
- if (X509_CRL_get0_nextUpdate(crl)) {
1034
- i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
930
+ if (X509_CRL_get0_nextUpdate(crl)) {
931
+ i = X509_cmp_time_posix(X509_CRL_get0_nextUpdate(crl), ptime);
1035
932
 
1036
- if (i == 0) {
1037
- if (!notify)
1038
- return 0;
1039
- ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1040
- if (!ctx->verify_cb(0, ctx))
1041
- return 0;
1042
- }
1043
- /* Ignore expiry of base CRL is delta is valid */
1044
- if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1045
- if (!notify)
1046
- return 0;
1047
- ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1048
- if (!ctx->verify_cb(0, ctx))
1049
- return 0;
1050
- }
933
+ if (i == 0) {
934
+ if (!notify) {
935
+ return 0;
936
+ }
937
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
938
+ if (!ctx->verify_cb(0, ctx)) {
939
+ return 0;
940
+ }
941
+ }
942
+ // Ignore expiry of base CRL is delta is valid
943
+ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
944
+ if (!notify) {
945
+ return 0;
946
+ }
947
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
948
+ if (!ctx->verify_cb(0, ctx)) {
949
+ return 0;
950
+ }
1051
951
  }
952
+ }
1052
953
 
1053
- if (notify)
1054
- ctx->current_crl = NULL;
954
+ if (notify) {
955
+ ctx->current_crl = NULL;
956
+ }
1055
957
 
1056
- return 1;
958
+ return 1;
1057
959
  }
1058
960
 
1059
961
  static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1060
962
  X509 **pissuer, int *pscore, unsigned int *preasons,
1061
- STACK_OF(X509_CRL) *crls)
1062
- {
1063
- int crl_score, best_score = *pscore;
1064
- size_t i;
1065
- unsigned int reasons, best_reasons = 0;
1066
- X509 *x = ctx->current_cert;
1067
- X509_CRL *crl, *best_crl = NULL;
1068
- X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1069
-
1070
- for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1071
- crl = sk_X509_CRL_value(crls, i);
1072
- reasons = *preasons;
1073
- crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1074
- if (crl_score < best_score || crl_score == 0)
1075
- continue;
1076
- /* If current CRL is equivalent use it if it is newer */
1077
- if (crl_score == best_score && best_crl != NULL) {
1078
- int day, sec;
1079
- if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
1080
- X509_CRL_get0_lastUpdate(crl)) == 0)
1081
- continue;
1082
- /*
1083
- * ASN1_TIME_diff never returns inconsistent signs for |day|
1084
- * and |sec|.
1085
- */
1086
- if (day <= 0 && sec <= 0)
1087
- continue;
1088
- }
1089
- best_crl = crl;
1090
- best_crl_issuer = crl_issuer;
1091
- best_score = crl_score;
1092
- best_reasons = reasons;
1093
- }
1094
-
1095
- if (best_crl) {
1096
- if (*pcrl)
1097
- X509_CRL_free(*pcrl);
1098
- *pcrl = best_crl;
1099
- *pissuer = best_crl_issuer;
1100
- *pscore = best_score;
1101
- *preasons = best_reasons;
1102
- X509_CRL_up_ref(best_crl);
1103
- if (*pdcrl) {
1104
- X509_CRL_free(*pdcrl);
1105
- *pdcrl = NULL;
1106
- }
1107
- get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1108
- }
1109
-
1110
- if (best_score >= CRL_SCORE_VALID)
1111
- return 1;
963
+ STACK_OF(X509_CRL) *crls) {
964
+ int crl_score, best_score = *pscore;
965
+ size_t i;
966
+ unsigned int reasons, best_reasons = 0;
967
+ X509 *x = ctx->current_cert;
968
+ X509_CRL *crl, *best_crl = NULL;
969
+ X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
970
+
971
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
972
+ crl = sk_X509_CRL_value(crls, i);
973
+ reasons = *preasons;
974
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
975
+ if (crl_score < best_score || crl_score == 0) {
976
+ continue;
977
+ }
978
+ // If current CRL is equivalent use it if it is newer
979
+ if (crl_score == best_score && best_crl != NULL) {
980
+ int day, sec;
981
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
982
+ X509_CRL_get0_lastUpdate(crl)) == 0) {
983
+ continue;
984
+ }
985
+ // ASN1_TIME_diff never returns inconsistent signs for |day|
986
+ // and |sec|.
987
+ if (day <= 0 && sec <= 0) {
988
+ continue;
989
+ }
990
+ }
991
+ best_crl = crl;
992
+ best_crl_issuer = crl_issuer;
993
+ best_score = crl_score;
994
+ best_reasons = reasons;
995
+ }
996
+
997
+ if (best_crl) {
998
+ if (*pcrl) {
999
+ X509_CRL_free(*pcrl);
1000
+ }
1001
+ *pcrl = best_crl;
1002
+ *pissuer = best_crl_issuer;
1003
+ *pscore = best_score;
1004
+ *preasons = best_reasons;
1005
+ X509_CRL_up_ref(best_crl);
1006
+ if (*pdcrl) {
1007
+ X509_CRL_free(*pdcrl);
1008
+ *pdcrl = NULL;
1009
+ }
1010
+ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1011
+ }
1012
+
1013
+ if (best_score >= CRL_SCORE_VALID) {
1014
+ return 1;
1015
+ }
1112
1016
 
1113
- return 0;
1017
+ return 0;
1114
1018
  }
1115
1019
 
1116
- /*
1117
- * Compare two CRL extensions for delta checking purposes. They should be
1118
- * both present or both absent. If both present all fields must be identical.
1119
- */
1120
-
1121
- static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1122
- {
1123
- ASN1_OCTET_STRING *exta, *extb;
1124
- int i;
1125
- i = X509_CRL_get_ext_by_NID(a, nid, -1);
1126
- if (i >= 0) {
1127
- /* Can't have multiple occurrences */
1128
- if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1129
- return 0;
1130
- exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1131
- } else
1132
- exta = NULL;
1020
+ // Compare two CRL extensions for delta checking purposes. They should be
1021
+ // both present or both absent. If both present all fields must be identical.
1133
1022
 
1134
- i = X509_CRL_get_ext_by_NID(b, nid, -1);
1023
+ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) {
1024
+ const ASN1_OCTET_STRING *exta, *extb;
1025
+ int i;
1026
+ i = X509_CRL_get_ext_by_NID(a, nid, -1);
1027
+ if (i >= 0) {
1028
+ // Can't have multiple occurrences
1029
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) {
1030
+ return 0;
1031
+ }
1032
+ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1033
+ } else {
1034
+ exta = NULL;
1035
+ }
1135
1036
 
1136
- if (i >= 0) {
1037
+ i = X509_CRL_get_ext_by_NID(b, nid, -1);
1137
1038
 
1138
- if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1139
- return 0;
1140
- extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1141
- } else
1142
- extb = NULL;
1039
+ if (i >= 0) {
1040
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) {
1041
+ return 0;
1042
+ }
1043
+ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1044
+ } else {
1045
+ extb = NULL;
1046
+ }
1143
1047
 
1144
- if (!exta && !extb)
1145
- return 1;
1048
+ if (!exta && !extb) {
1049
+ return 1;
1050
+ }
1146
1051
 
1147
- if (!exta || !extb)
1148
- return 0;
1052
+ if (!exta || !extb) {
1053
+ return 0;
1054
+ }
1149
1055
 
1150
- if (ASN1_OCTET_STRING_cmp(exta, extb))
1151
- return 0;
1056
+ if (ASN1_OCTET_STRING_cmp(exta, extb)) {
1057
+ return 0;
1058
+ }
1152
1059
 
1153
- return 1;
1060
+ return 1;
1154
1061
  }
1155
1062
 
1156
- /* See if a base and delta are compatible */
1063
+ // See if a base and delta are compatible
1157
1064
 
1158
- static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1159
- {
1160
- /* Delta CRL must be a delta */
1161
- if (!delta->base_crl_number)
1162
- return 0;
1163
- /* Base must have a CRL number */
1164
- if (!base->crl_number)
1165
- return 0;
1166
- /* Issuer names must match */
1167
- if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1168
- return 0;
1169
- /* AKID and IDP must match */
1170
- if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1171
- return 0;
1172
- if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1173
- return 0;
1174
- /* Delta CRL base number must not exceed Full CRL number. */
1175
- if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1176
- return 0;
1177
- /* Delta CRL number must exceed full CRL number */
1178
- if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1179
- return 1;
1065
+ static int check_delta_base(X509_CRL *delta, X509_CRL *base) {
1066
+ // Delta CRL must be a delta
1067
+ if (!delta->base_crl_number) {
1068
+ return 0;
1069
+ }
1070
+ // Base must have a CRL number
1071
+ if (!base->crl_number) {
1180
1072
  return 0;
1073
+ }
1074
+ // Issuer names must match
1075
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) {
1076
+ return 0;
1077
+ }
1078
+ // AKID and IDP must match
1079
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier)) {
1080
+ return 0;
1081
+ }
1082
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) {
1083
+ return 0;
1084
+ }
1085
+ // Delta CRL base number must not exceed Full CRL number.
1086
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) {
1087
+ return 0;
1088
+ }
1089
+ // Delta CRL number must exceed full CRL number
1090
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) {
1091
+ return 1;
1092
+ }
1093
+ return 0;
1181
1094
  }
1182
1095
 
1183
- /*
1184
- * For a given base CRL find a delta... maybe extend to delta scoring or
1185
- * retrieve a chain of deltas...
1186
- */
1096
+ // For a given base CRL find a delta... maybe extend to delta scoring or
1097
+ // retrieve a chain of deltas...
1187
1098
 
1188
1099
  static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1189
- X509_CRL *base, STACK_OF(X509_CRL) *crls)
1190
- {
1191
- X509_CRL *delta;
1192
- size_t i;
1193
- if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1194
- return;
1195
- if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1196
- return;
1197
- for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1198
- delta = sk_X509_CRL_value(crls, i);
1199
- if (check_delta_base(delta, base)) {
1200
- if (check_crl_time(ctx, delta, 0))
1201
- *pscore |= CRL_SCORE_TIME_DELTA;
1202
- X509_CRL_up_ref(delta);
1203
- *dcrl = delta;
1204
- return;
1205
- }
1206
- }
1207
- *dcrl = NULL;
1208
- }
1209
-
1210
- /*
1211
- * For a given CRL return how suitable it is for the supplied certificate
1212
- * 'x'. The return value is a mask of several criteria. If the issuer is not
1213
- * the certificate issuer this is returned in *pissuer. The reasons mask is
1214
- * also used to determine if the CRL is suitable: if no new reasons the CRL
1215
- * is rejected, otherwise reasons is updated.
1216
- */
1100
+ X509_CRL *base, STACK_OF(X509_CRL) *crls) {
1101
+ X509_CRL *delta;
1102
+ size_t i;
1103
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) {
1104
+ return;
1105
+ }
1106
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) {
1107
+ return;
1108
+ }
1109
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1110
+ delta = sk_X509_CRL_value(crls, i);
1111
+ if (check_delta_base(delta, base)) {
1112
+ if (check_crl_time(ctx, delta, 0)) {
1113
+ *pscore |= CRL_SCORE_TIME_DELTA;
1114
+ }
1115
+ X509_CRL_up_ref(delta);
1116
+ *dcrl = delta;
1117
+ return;
1118
+ }
1119
+ }
1120
+ *dcrl = NULL;
1121
+ }
1122
+
1123
+ // For a given CRL return how suitable it is for the supplied certificate
1124
+ // 'x'. The return value is a mask of several criteria. If the issuer is not
1125
+ // the certificate issuer this is returned in *pissuer. The reasons mask is
1126
+ // also used to determine if the CRL is suitable: if no new reasons the CRL
1127
+ // is rejected, otherwise reasons is updated.
1217
1128
 
1218
1129
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1219
- unsigned int *preasons, X509_CRL *crl, X509 *x)
1220
- {
1221
-
1222
- int crl_score = 0;
1223
- unsigned int tmp_reasons = *preasons, crl_reasons;
1130
+ unsigned int *preasons, X509_CRL *crl, X509 *x) {
1131
+ int crl_score = 0;
1132
+ unsigned int tmp_reasons = *preasons, crl_reasons;
1224
1133
 
1225
- /* First see if we can reject CRL straight away */
1134
+ // First see if we can reject CRL straight away
1226
1135
 
1227
- /* Invalid IDP cannot be processed */
1228
- if (crl->idp_flags & IDP_INVALID)
1229
- return 0;
1230
- /* Reason codes or indirect CRLs need extended CRL support */
1231
- if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1232
- if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1233
- return 0;
1234
- } else if (crl->idp_flags & IDP_REASONS) {
1235
- /* If no new reasons reject */
1236
- if (!(crl->idp_reasons & ~tmp_reasons))
1237
- return 0;
1136
+ // Invalid IDP cannot be processed
1137
+ if (crl->idp_flags & IDP_INVALID) {
1138
+ return 0;
1139
+ }
1140
+ // Reason codes or indirect CRLs need extended CRL support
1141
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1142
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) {
1143
+ return 0;
1144
+ }
1145
+ } else if (crl->idp_flags & IDP_REASONS) {
1146
+ // If no new reasons reject
1147
+ if (!(crl->idp_reasons & ~tmp_reasons)) {
1148
+ return 0;
1149
+ }
1150
+ }
1151
+ // Don't process deltas at this stage
1152
+ else if (crl->base_crl_number) {
1153
+ return 0;
1154
+ }
1155
+ // If issuer name doesn't match certificate need indirect CRL
1156
+ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1157
+ if (!(crl->idp_flags & IDP_INDIRECT)) {
1158
+ return 0;
1238
1159
  }
1239
- /* Don't process deltas at this stage */
1240
- else if (crl->base_crl_number)
1241
- return 0;
1242
- /* If issuer name doesn't match certificate need indirect CRL */
1243
- if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1244
- if (!(crl->idp_flags & IDP_INDIRECT))
1245
- return 0;
1246
- } else
1247
- crl_score |= CRL_SCORE_ISSUER_NAME;
1160
+ } else {
1161
+ crl_score |= CRL_SCORE_ISSUER_NAME;
1162
+ }
1248
1163
 
1249
- if (!(crl->flags & EXFLAG_CRITICAL))
1250
- crl_score |= CRL_SCORE_NOCRITICAL;
1164
+ if (!(crl->flags & EXFLAG_CRITICAL)) {
1165
+ crl_score |= CRL_SCORE_NOCRITICAL;
1166
+ }
1251
1167
 
1252
- /* Check expiry */
1253
- if (check_crl_time(ctx, crl, 0))
1254
- crl_score |= CRL_SCORE_TIME;
1168
+ // Check expiry
1169
+ if (check_crl_time(ctx, crl, 0)) {
1170
+ crl_score |= CRL_SCORE_TIME;
1171
+ }
1255
1172
 
1256
- /* Check authority key ID and locate certificate issuer */
1257
- crl_akid_check(ctx, crl, pissuer, &crl_score);
1173
+ // Check authority key ID and locate certificate issuer
1174
+ crl_akid_check(ctx, crl, pissuer, &crl_score);
1258
1175
 
1259
- /* If we can't locate certificate issuer at this point forget it */
1176
+ // If we can't locate certificate issuer at this point forget it
1260
1177
 
1261
- if (!(crl_score & CRL_SCORE_AKID))
1262
- return 0;
1178
+ if (!(crl_score & CRL_SCORE_AKID)) {
1179
+ return 0;
1180
+ }
1263
1181
 
1264
- /* Check cert for matching CRL distribution points */
1182
+ // Check cert for matching CRL distribution points
1265
1183
 
1266
- if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1267
- /* If no new reasons reject */
1268
- if (!(crl_reasons & ~tmp_reasons))
1269
- return 0;
1270
- tmp_reasons |= crl_reasons;
1271
- crl_score |= CRL_SCORE_SCOPE;
1184
+ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1185
+ // If no new reasons reject
1186
+ if (!(crl_reasons & ~tmp_reasons)) {
1187
+ return 0;
1272
1188
  }
1189
+ tmp_reasons |= crl_reasons;
1190
+ crl_score |= CRL_SCORE_SCOPE;
1191
+ }
1273
1192
 
1274
- *preasons = tmp_reasons;
1275
-
1276
- return crl_score;
1193
+ *preasons = tmp_reasons;
1277
1194
 
1195
+ return crl_score;
1278
1196
  }
1279
1197
 
1280
- static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1281
- X509 **pissuer, int *pcrl_score)
1282
- {
1283
- X509 *crl_issuer = NULL;
1284
- X509_NAME *cnm = X509_CRL_get_issuer(crl);
1285
- int cidx = ctx->error_depth;
1286
- size_t i;
1198
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
1199
+ int *pcrl_score) {
1200
+ X509 *crl_issuer = NULL;
1201
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
1202
+ int cidx = ctx->error_depth;
1203
+ size_t i;
1287
1204
 
1288
- if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
1289
- cidx++;
1205
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) {
1206
+ cidx++;
1207
+ }
1290
1208
 
1291
- crl_issuer = sk_X509_value(ctx->chain, cidx);
1209
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1292
1210
 
1293
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1294
- if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1295
- *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1296
- *pissuer = crl_issuer;
1297
- return;
1298
- }
1211
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1212
+ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1213
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1214
+ *pissuer = crl_issuer;
1215
+ return;
1299
1216
  }
1217
+ }
1300
1218
 
1301
- for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1302
- crl_issuer = sk_X509_value(ctx->chain, cidx);
1303
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1304
- continue;
1305
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1306
- *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1307
- *pissuer = crl_issuer;
1308
- return;
1309
- }
1219
+ for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1220
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1221
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1222
+ continue;
1310
1223
  }
1224
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1225
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1226
+ *pissuer = crl_issuer;
1227
+ return;
1228
+ }
1229
+ }
1311
1230
 
1312
- /* Anything else needs extended CRL support */
1231
+ // Anything else needs extended CRL support
1313
1232
 
1314
- if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1315
- return;
1233
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1234
+ return;
1235
+ }
1316
1236
 
1317
- /*
1318
- * Otherwise the CRL issuer is not on the path. Look for it in the set of
1319
- * untrusted certificates.
1320
- */
1321
- for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1322
- crl_issuer = sk_X509_value(ctx->untrusted, i);
1323
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1324
- continue;
1325
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1326
- *pissuer = crl_issuer;
1327
- *pcrl_score |= CRL_SCORE_AKID;
1328
- return;
1329
- }
1237
+ // Otherwise the CRL issuer is not on the path. Look for it in the set of
1238
+ // untrusted certificates.
1239
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1240
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
1241
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1242
+ continue;
1243
+ }
1244
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1245
+ *pissuer = crl_issuer;
1246
+ *pcrl_score |= CRL_SCORE_AKID;
1247
+ return;
1330
1248
  }
1249
+ }
1331
1250
  }
1332
1251
 
1333
- /*
1334
- * Check the path of a CRL issuer certificate. This creates a new
1335
- * X509_STORE_CTX and populates it with most of the parameters from the
1336
- * parent. This could be optimised somewhat since a lot of path checking will
1337
- * be duplicated by the parent, but this will rarely be used in practice.
1338
- */
1339
-
1340
- static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1341
- {
1342
- X509_STORE_CTX crl_ctx;
1343
- int ret;
1344
- /* Don't allow recursive CRL path validation */
1345
- if (ctx->parent)
1346
- return 0;
1347
- if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1348
- return -1;
1349
-
1350
- crl_ctx.crls = ctx->crls;
1351
- /* Copy verify params across */
1352
- X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1353
-
1354
- crl_ctx.parent = ctx;
1355
- crl_ctx.verify_cb = ctx->verify_cb;
1356
-
1357
- /* Verify CRL issuer */
1358
- ret = X509_verify_cert(&crl_ctx);
1252
+ // Check the path of a CRL issuer certificate. This creates a new
1253
+ // X509_STORE_CTX and populates it with most of the parameters from the
1254
+ // parent. This could be optimised somewhat since a lot of path checking will
1255
+ // be duplicated by the parent, but this will rarely be used in practice.
1359
1256
 
1360
- if (ret <= 0)
1361
- goto err;
1362
-
1363
- /* Check chain is acceptable */
1364
-
1365
- ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1366
- err:
1367
- X509_STORE_CTX_cleanup(&crl_ctx);
1368
- return ret;
1369
- }
1370
-
1371
- /*
1372
- * RFC 3280 says nothing about the relationship between CRL path and
1373
- * certificate path, which could lead to situations where a certificate could
1374
- * be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1375
- * strict and states that the two paths must end in the same trust anchor,
1376
- * though some discussions remain... until this is resolved we use the
1377
- * RFC 5280 version
1378
- */
1379
-
1380
- static int check_crl_chain(X509_STORE_CTX *ctx,
1381
- STACK_OF(X509) *cert_path,
1382
- STACK_OF(X509) *crl_path)
1383
- {
1384
- X509 *cert_ta, *crl_ta;
1385
- cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1386
- crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1387
- if (!X509_cmp(cert_ta, crl_ta))
1388
- return 1;
1257
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) {
1258
+ X509_STORE_CTX crl_ctx;
1259
+ int ret;
1260
+ // Don't allow recursive CRL path validation
1261
+ if (ctx->parent) {
1389
1262
  return 0;
1263
+ }
1264
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
1265
+ return -1;
1266
+ }
1267
+
1268
+ crl_ctx.crls = ctx->crls;
1269
+ // Copy verify params across
1270
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1271
+
1272
+ crl_ctx.parent = ctx;
1273
+ crl_ctx.verify_cb = ctx->verify_cb;
1274
+
1275
+ // Verify CRL issuer
1276
+ ret = X509_verify_cert(&crl_ctx);
1277
+
1278
+ if (ret <= 0) {
1279
+ goto err;
1280
+ }
1281
+
1282
+ // Check chain is acceptable
1283
+
1284
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1285
+ err:
1286
+ X509_STORE_CTX_cleanup(&crl_ctx);
1287
+ return ret;
1288
+ }
1289
+
1290
+ // RFC 3280 says nothing about the relationship between CRL path and
1291
+ // certificate path, which could lead to situations where a certificate could
1292
+ // be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1293
+ // strict and states that the two paths must end in the same trust anchor,
1294
+ // though some discussions remain... until this is resolved we use the
1295
+ // RFC 5280 version
1296
+
1297
+ static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
1298
+ STACK_OF(X509) *crl_path) {
1299
+ X509 *cert_ta, *crl_ta;
1300
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1301
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1302
+ if (!X509_cmp(cert_ta, crl_ta)) {
1303
+ return 1;
1304
+ }
1305
+ return 0;
1390
1306
  }
1391
1307
 
1392
- /*
1393
- * Check for match between two dist point names: three separate cases. 1.
1394
- * Both are relative names and compare X509_NAME types. 2. One full, one
1395
- * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1396
- * compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1397
- */
1398
-
1399
- static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1400
- {
1401
- X509_NAME *nm = NULL;
1402
- GENERAL_NAMES *gens = NULL;
1403
- GENERAL_NAME *gena, *genb;
1404
- size_t i, j;
1405
- if (!a || !b)
1308
+ // Check for match between two dist point names: three separate cases. 1.
1309
+ // Both are relative names and compare X509_NAME types. 2. One full, one
1310
+ // relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1311
+ // compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1312
+
1313
+ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) {
1314
+ X509_NAME *nm = NULL;
1315
+ GENERAL_NAMES *gens = NULL;
1316
+ GENERAL_NAME *gena, *genb;
1317
+ size_t i, j;
1318
+ if (!a || !b) {
1319
+ return 1;
1320
+ }
1321
+ if (a->type == 1) {
1322
+ if (!a->dpname) {
1323
+ return 0;
1324
+ }
1325
+ // Case 1: two X509_NAME
1326
+ if (b->type == 1) {
1327
+ if (!b->dpname) {
1328
+ return 0;
1329
+ }
1330
+ if (!X509_NAME_cmp(a->dpname, b->dpname)) {
1406
1331
  return 1;
1407
- if (a->type == 1) {
1408
- if (!a->dpname)
1409
- return 0;
1410
- /* Case 1: two X509_NAME */
1411
- if (b->type == 1) {
1412
- if (!b->dpname)
1413
- return 0;
1414
- if (!X509_NAME_cmp(a->dpname, b->dpname))
1415
- return 1;
1416
- else
1417
- return 0;
1418
- }
1419
- /* Case 2: set name and GENERAL_NAMES appropriately */
1420
- nm = a->dpname;
1421
- gens = b->name.fullname;
1422
- } else if (b->type == 1) {
1423
- if (!b->dpname)
1424
- return 0;
1425
- /* Case 2: set name and GENERAL_NAMES appropriately */
1426
- gens = a->name.fullname;
1427
- nm = b->dpname;
1428
- }
1429
-
1430
- /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1431
- if (nm) {
1432
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1433
- gena = sk_GENERAL_NAME_value(gens, i);
1434
- if (gena->type != GEN_DIRNAME)
1435
- continue;
1436
- if (!X509_NAME_cmp(nm, gena->d.directoryName))
1437
- return 1;
1438
- }
1332
+ } else {
1439
1333
  return 0;
1334
+ }
1335
+ }
1336
+ // Case 2: set name and GENERAL_NAMES appropriately
1337
+ nm = a->dpname;
1338
+ gens = b->name.fullname;
1339
+ } else if (b->type == 1) {
1340
+ if (!b->dpname) {
1341
+ return 0;
1342
+ }
1343
+ // Case 2: set name and GENERAL_NAMES appropriately
1344
+ gens = a->name.fullname;
1345
+ nm = b->dpname;
1346
+ }
1347
+
1348
+ // Handle case 2 with one GENERAL_NAMES and one X509_NAME
1349
+ if (nm) {
1350
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1351
+ gena = sk_GENERAL_NAME_value(gens, i);
1352
+ if (gena->type != GEN_DIRNAME) {
1353
+ continue;
1354
+ }
1355
+ if (!X509_NAME_cmp(nm, gena->d.directoryName)) {
1356
+ return 1;
1357
+ }
1440
1358
  }
1359
+ return 0;
1360
+ }
1441
1361
 
1442
- /* Else case 3: two GENERAL_NAMES */
1362
+ // Else case 3: two GENERAL_NAMES
1443
1363
 
1444
- for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1445
- gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1446
- for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1447
- genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1448
- if (!GENERAL_NAME_cmp(gena, genb))
1449
- return 1;
1450
- }
1364
+ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1365
+ gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1366
+ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1367
+ genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1368
+ if (!GENERAL_NAME_cmp(gena, genb)) {
1369
+ return 1;
1370
+ }
1451
1371
  }
1372
+ }
1452
1373
 
1453
- return 0;
1454
-
1374
+ return 0;
1455
1375
  }
1456
1376
 
1457
- static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1458
- {
1459
- size_t i;
1460
- X509_NAME *nm = X509_CRL_get_issuer(crl);
1461
- /* If no CRLissuer return is successful iff don't need a match */
1462
- if (!dp->CRLissuer)
1463
- return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1464
- for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1465
- GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1466
- if (gen->type != GEN_DIRNAME)
1467
- continue;
1468
- if (!X509_NAME_cmp(gen->d.directoryName, nm))
1469
- return 1;
1377
+ static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) {
1378
+ size_t i;
1379
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
1380
+ // If no CRLissuer return is successful iff don't need a match
1381
+ if (!dp->CRLissuer) {
1382
+ return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1383
+ }
1384
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1385
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1386
+ if (gen->type != GEN_DIRNAME) {
1387
+ continue;
1470
1388
  }
1471
- return 0;
1389
+ if (!X509_NAME_cmp(gen->d.directoryName, nm)) {
1390
+ return 1;
1391
+ }
1392
+ }
1393
+ return 0;
1472
1394
  }
1473
1395
 
1474
- /* Check CRLDP and IDP */
1396
+ // Check CRLDP and IDP
1475
1397
 
1476
1398
  static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1477
- unsigned int *preasons)
1478
- {
1479
- size_t i;
1480
- if (crl->idp_flags & IDP_ONLYATTR)
1481
- return 0;
1482
- if (x->ex_flags & EXFLAG_CA) {
1483
- if (crl->idp_flags & IDP_ONLYUSER)
1484
- return 0;
1485
- } else {
1486
- if (crl->idp_flags & IDP_ONLYCA)
1487
- return 0;
1488
- }
1489
- *preasons = crl->idp_reasons;
1490
- for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1491
- DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1492
- if (crldp_check_crlissuer(dp, crl, crl_score)) {
1493
- if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1494
- *preasons &= dp->dp_reasons;
1495
- return 1;
1496
- }
1497
- }
1498
- }
1499
- if ((!crl->idp || !crl->idp->distpoint)
1500
- && (crl_score & CRL_SCORE_ISSUER_NAME))
1501
- return 1;
1399
+ unsigned int *preasons) {
1400
+ size_t i;
1401
+ if (crl->idp_flags & IDP_ONLYATTR) {
1502
1402
  return 0;
1403
+ }
1404
+ if (x->ex_flags & EXFLAG_CA) {
1405
+ if (crl->idp_flags & IDP_ONLYUSER) {
1406
+ return 0;
1407
+ }
1408
+ } else {
1409
+ if (crl->idp_flags & IDP_ONLYCA) {
1410
+ return 0;
1411
+ }
1412
+ }
1413
+ *preasons = crl->idp_reasons;
1414
+ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1415
+ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1416
+ if (crldp_check_crlissuer(dp, crl, crl_score)) {
1417
+ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1418
+ *preasons &= dp->dp_reasons;
1419
+ return 1;
1420
+ }
1421
+ }
1422
+ }
1423
+ if ((!crl->idp || !crl->idp->distpoint) &&
1424
+ (crl_score & CRL_SCORE_ISSUER_NAME)) {
1425
+ return 1;
1426
+ }
1427
+ return 0;
1503
1428
  }
1504
1429
 
1505
- /*
1506
- * Retrieve CRL corresponding to current certificate. If deltas enabled try
1507
- * to find a delta CRL too
1508
- */
1430
+ // Retrieve CRL corresponding to current certificate. If deltas enabled try
1431
+ // to find a delta CRL too
1509
1432
 
1510
- static int get_crl_delta(X509_STORE_CTX *ctx,
1511
- X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1512
- {
1513
- int ok;
1514
- X509 *issuer = NULL;
1515
- int crl_score = 0;
1516
- unsigned int reasons;
1517
- X509_CRL *crl = NULL, *dcrl = NULL;
1518
- STACK_OF(X509_CRL) *skcrl;
1519
- X509_NAME *nm = X509_get_issuer_name(x);
1520
- reasons = ctx->current_reasons;
1521
- ok = get_crl_sk(ctx, &crl, &dcrl,
1522
- &issuer, &crl_score, &reasons, ctx->crls);
1433
+ static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1434
+ X509 *x) {
1435
+ int ok;
1436
+ X509 *issuer = NULL;
1437
+ int crl_score = 0;
1438
+ unsigned int reasons;
1439
+ X509_CRL *crl = NULL, *dcrl = NULL;
1440
+ STACK_OF(X509_CRL) *skcrl;
1441
+ X509_NAME *nm = X509_get_issuer_name(x);
1442
+ reasons = ctx->current_reasons;
1443
+ ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, ctx->crls);
1523
1444
 
1524
- if (ok)
1525
- goto done;
1445
+ if (ok) {
1446
+ goto done;
1447
+ }
1526
1448
 
1527
- /* Lookup CRLs from store */
1449
+ // Lookup CRLs from store
1528
1450
 
1529
- skcrl = ctx->lookup_crls(ctx, nm);
1451
+ skcrl = ctx->lookup_crls(ctx, nm);
1530
1452
 
1531
- /* If no CRLs found and a near match from get_crl_sk use that */
1532
- if (!skcrl && crl)
1533
- goto done;
1453
+ // If no CRLs found and a near match from get_crl_sk use that
1454
+ if (!skcrl && crl) {
1455
+ goto done;
1456
+ }
1534
1457
 
1535
- get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1458
+ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1536
1459
 
1537
- sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1460
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1538
1461
 
1539
- done:
1462
+ done:
1540
1463
 
1541
- /* If we got any kind of CRL use it and return success */
1542
- if (crl) {
1543
- ctx->current_issuer = issuer;
1544
- ctx->current_crl_score = crl_score;
1545
- ctx->current_reasons = reasons;
1546
- *pcrl = crl;
1547
- *pdcrl = dcrl;
1548
- return 1;
1464
+ // If we got any kind of CRL use it and return success
1465
+ if (crl) {
1466
+ ctx->current_issuer = issuer;
1467
+ ctx->current_crl_score = crl_score;
1468
+ ctx->current_reasons = reasons;
1469
+ *pcrl = crl;
1470
+ *pdcrl = dcrl;
1471
+ return 1;
1472
+ }
1473
+
1474
+ return 0;
1475
+ }
1476
+
1477
+ // Check CRL validity
1478
+ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) {
1479
+ X509 *issuer = NULL;
1480
+ EVP_PKEY *ikey = NULL;
1481
+ int ok = 0, chnum, cnum;
1482
+ cnum = ctx->error_depth;
1483
+ chnum = sk_X509_num(ctx->chain) - 1;
1484
+ // if we have an alternative CRL issuer cert use that
1485
+ if (ctx->current_issuer) {
1486
+ issuer = ctx->current_issuer;
1487
+ }
1488
+
1489
+ // Else find CRL issuer: if not last certificate then issuer is next
1490
+ // certificate in chain.
1491
+ else if (cnum < chnum) {
1492
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
1493
+ } else {
1494
+ issuer = sk_X509_value(ctx->chain, chnum);
1495
+ // If not self signed, can't check signature
1496
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
1497
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1498
+ ok = ctx->verify_cb(0, ctx);
1499
+ if (!ok) {
1500
+ goto err;
1501
+ }
1549
1502
  }
1503
+ }
1550
1504
 
1551
- return 0;
1552
- }
1553
-
1554
- /* Check CRL validity */
1555
- static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1556
- {
1557
- X509 *issuer = NULL;
1558
- EVP_PKEY *ikey = NULL;
1559
- int ok = 0, chnum, cnum;
1560
- cnum = ctx->error_depth;
1561
- chnum = sk_X509_num(ctx->chain) - 1;
1562
- /* if we have an alternative CRL issuer cert use that */
1563
- if (ctx->current_issuer)
1564
- issuer = ctx->current_issuer;
1565
-
1566
- /*
1567
- * Else find CRL issuer: if not last certificate then issuer is next
1568
- * certificate in chain.
1569
- */
1570
- else if (cnum < chnum)
1571
- issuer = sk_X509_value(ctx->chain, cnum + 1);
1572
- else {
1573
- issuer = sk_X509_value(ctx->chain, chnum);
1574
- /* If not self signed, can't check signature */
1575
- if (!ctx->check_issued(ctx, issuer, issuer)) {
1576
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1577
- ok = ctx->verify_cb(0, ctx);
1578
- if (!ok)
1579
- goto err;
1505
+ if (issuer) {
1506
+ // Skip most tests for deltas because they have already been done
1507
+ if (!crl->base_crl_number) {
1508
+ // Check for cRLSign bit if keyUsage present
1509
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1510
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
1511
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1512
+ ok = ctx->verify_cb(0, ctx);
1513
+ if (!ok) {
1514
+ goto err;
1580
1515
  }
1581
- }
1582
-
1583
- if (issuer) {
1584
- /*
1585
- * Skip most tests for deltas because they have already been done
1586
- */
1587
- if (!crl->base_crl_number) {
1588
- /* Check for cRLSign bit if keyUsage present */
1589
- if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1590
- !(issuer->ex_kusage & KU_CRL_SIGN)) {
1591
- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1592
- ok = ctx->verify_cb(0, ctx);
1593
- if (!ok)
1594
- goto err;
1595
- }
1596
-
1597
- if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1598
- ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1599
- ok = ctx->verify_cb(0, ctx);
1600
- if (!ok)
1601
- goto err;
1602
- }
1603
-
1604
- if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1605
- if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1606
- ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1607
- ok = ctx->verify_cb(0, ctx);
1608
- if (!ok)
1609
- goto err;
1610
- }
1611
- }
1612
-
1613
- if (crl->idp_flags & IDP_INVALID) {
1614
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
1615
- ok = ctx->verify_cb(0, ctx);
1616
- if (!ok)
1617
- goto err;
1618
- }
1516
+ }
1619
1517
 
1518
+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1519
+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1520
+ ok = ctx->verify_cb(0, ctx);
1521
+ if (!ok) {
1522
+ goto err;
1620
1523
  }
1524
+ }
1621
1525
 
1622
- if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1623
- ok = check_crl_time(ctx, crl, 1);
1624
- if (!ok)
1625
- goto err;
1526
+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1527
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1528
+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1529
+ ok = ctx->verify_cb(0, ctx);
1530
+ if (!ok) {
1531
+ goto err;
1532
+ }
1626
1533
  }
1534
+ }
1627
1535
 
1628
- /* Attempt to get issuer certificate public key */
1629
- ikey = X509_get_pubkey(issuer);
1630
-
1631
- if (!ikey) {
1632
- ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1633
- ok = ctx->verify_cb(0, ctx);
1634
- if (!ok)
1635
- goto err;
1636
- } else {
1637
- int rv;
1638
- rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1639
- if (rv != X509_V_OK) {
1640
- ctx->error = rv;
1641
- ok = ctx->verify_cb(0, ctx);
1642
- if (!ok)
1643
- goto err;
1644
- }
1645
- /* Verify CRL signature */
1646
- if (X509_CRL_verify(crl, ikey) <= 0) {
1647
- ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1648
- ok = ctx->verify_cb(0, ctx);
1649
- if (!ok)
1650
- goto err;
1651
- }
1536
+ if (crl->idp_flags & IDP_INVALID) {
1537
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
1538
+ ok = ctx->verify_cb(0, ctx);
1539
+ if (!ok) {
1540
+ goto err;
1652
1541
  }
1542
+ }
1653
1543
  }
1654
1544
 
1655
- ok = 1;
1545
+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1546
+ ok = check_crl_time(ctx, crl, 1);
1547
+ if (!ok) {
1548
+ goto err;
1549
+ }
1550
+ }
1656
1551
 
1657
- err:
1658
- EVP_PKEY_free(ikey);
1659
- return ok;
1660
- }
1552
+ // Attempt to get issuer certificate public key
1553
+ ikey = X509_get_pubkey(issuer);
1661
1554
 
1662
- /* Check certificate against CRL */
1663
- static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1664
- {
1665
- int ok;
1666
- X509_REVOKED *rev;
1667
- /*
1668
- * The rules changed for this... previously if a CRL contained unhandled
1669
- * critical extensions it could still be used to indicate a certificate
1670
- * was revoked. This has since been changed since critical extension can
1671
- * change the meaning of CRL entries.
1672
- */
1673
- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1674
- && (crl->flags & EXFLAG_CRITICAL)) {
1675
- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1676
- ok = ctx->verify_cb(0, ctx);
1677
- if (!ok)
1678
- return 0;
1679
- }
1680
- /*
1681
- * Look for serial number of certificate in CRL If found make sure reason
1682
- * is not removeFromCRL.
1683
- */
1684
- if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1685
- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1686
- return 2;
1687
- ctx->error = X509_V_ERR_CERT_REVOKED;
1555
+ if (!ikey) {
1556
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1557
+ ok = ctx->verify_cb(0, ctx);
1558
+ if (!ok) {
1559
+ goto err;
1560
+ }
1561
+ } else {
1562
+ // Verify CRL signature
1563
+ if (X509_CRL_verify(crl, ikey) <= 0) {
1564
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1688
1565
  ok = ctx->verify_cb(0, ctx);
1689
- if (!ok)
1690
- return 0;
1566
+ if (!ok) {
1567
+ goto err;
1568
+ }
1569
+ }
1691
1570
  }
1571
+ }
1692
1572
 
1693
- return 1;
1573
+ ok = 1;
1574
+
1575
+ err:
1576
+ EVP_PKEY_free(ikey);
1577
+ return ok;
1694
1578
  }
1695
1579
 
1696
- static int check_policy(X509_STORE_CTX *ctx)
1697
- {
1698
- int ret;
1699
- if (ctx->parent)
1700
- return 1;
1701
- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1702
- ctx->param->policies, ctx->param->flags);
1703
- if (ret == 0) {
1704
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1705
- ctx->error = X509_V_ERR_OUT_OF_MEM;
1706
- return 0;
1580
+ // Check certificate against CRL
1581
+ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) {
1582
+ int ok;
1583
+ X509_REVOKED *rev;
1584
+ // The rules changed for this... previously if a CRL contained unhandled
1585
+ // critical extensions it could still be used to indicate a certificate
1586
+ // was revoked. This has since been changed since critical extension can
1587
+ // change the meaning of CRL entries.
1588
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
1589
+ (crl->flags & EXFLAG_CRITICAL)) {
1590
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1591
+ ok = ctx->verify_cb(0, ctx);
1592
+ if (!ok) {
1593
+ return 0;
1707
1594
  }
1708
- /* Invalid or inconsistent extensions */
1709
- if (ret == -1) {
1710
- /*
1711
- * Locate certificates with bad extensions and notify callback.
1712
- */
1713
- X509 *x;
1714
- size_t i;
1715
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1716
- x = sk_X509_value(ctx->chain, i);
1717
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1718
- continue;
1719
- ctx->current_cert = x;
1720
- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1721
- if (!ctx->verify_cb(0, ctx))
1722
- return 0;
1723
- }
1724
- return 1;
1595
+ }
1596
+ // Look for serial number of certificate in CRL If found make sure reason
1597
+ // is not removeFromCRL.
1598
+ if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1599
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
1600
+ return 2;
1725
1601
  }
1726
- if (ret == -2) {
1727
- ctx->current_cert = NULL;
1728
- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1729
- return ctx->verify_cb(0, ctx);
1730
- }
1731
-
1732
- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1733
- ctx->current_cert = NULL;
1734
- /*
1735
- * Verification errors need to be "sticky", a callback may have allowed
1736
- * an SSL handshake to continue despite an error, and we must then
1737
- * remain in an error state. Therefore, we MUST NOT clear earlier
1738
- * verification errors by setting the error to X509_V_OK.
1739
- */
1740
- if (!ctx->verify_cb(2, ctx))
1741
- return 0;
1602
+ ctx->error = X509_V_ERR_CERT_REVOKED;
1603
+ ok = ctx->verify_cb(0, ctx);
1604
+ if (!ok) {
1605
+ return 0;
1742
1606
  }
1607
+ }
1743
1608
 
1744
- return 1;
1609
+ return 1;
1745
1610
  }
1746
1611
 
1747
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1748
- {
1749
- time_t *ptime;
1750
- int i;
1612
+ static int check_policy(X509_STORE_CTX *ctx) {
1613
+ // TODO(davidben): Why do we disable policy validation for CRL paths?
1614
+ if (ctx->parent) {
1615
+ return 1;
1616
+ }
1751
1617
 
1752
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1753
- ptime = &ctx->param->check_time;
1754
- else
1755
- ptime = NULL;
1618
+ X509 *current_cert = NULL;
1619
+ int ret = X509_policy_check(ctx->chain, ctx->param->policies,
1620
+ ctx->param->flags, &current_cert);
1621
+ if (ret != X509_V_OK) {
1622
+ ctx->current_cert = current_cert;
1623
+ ctx->error = ret;
1624
+ if (ret == X509_V_ERR_OUT_OF_MEM) {
1625
+ return 0;
1626
+ }
1627
+ return ctx->verify_cb(0, ctx);
1628
+ }
1756
1629
 
1757
- i = X509_cmp_time(X509_get_notBefore(x), ptime);
1758
- if (i == 0) {
1759
- ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1760
- ctx->current_cert = x;
1761
- if (!ctx->verify_cb(0, ctx))
1762
- return 0;
1630
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1631
+ ctx->current_cert = NULL;
1632
+ // Verification errors need to be "sticky", a callback may have allowed
1633
+ // an SSL handshake to continue despite an error, and we must then
1634
+ // remain in an error state. Therefore, we MUST NOT clear earlier
1635
+ // verification errors by setting the error to X509_V_OK.
1636
+ if (!ctx->verify_cb(2, ctx)) {
1637
+ return 0;
1763
1638
  }
1639
+ }
1764
1640
 
1765
- if (i > 0) {
1766
- ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1767
- ctx->current_cert = x;
1768
- if (!ctx->verify_cb(0, ctx))
1769
- return 0;
1641
+ return 1;
1642
+ }
1643
+
1644
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
1645
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
1646
+ return 1;
1647
+ }
1648
+
1649
+ int64_t ptime;
1650
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
1651
+ ptime = ctx->param->check_time;
1652
+ } else {
1653
+ ptime = time(NULL);
1654
+ }
1655
+
1656
+ int i = X509_cmp_time_posix(X509_get_notBefore(x), ptime);
1657
+ if (i == 0) {
1658
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1659
+ ctx->current_cert = x;
1660
+ if (!ctx->verify_cb(0, ctx)) {
1661
+ return 0;
1770
1662
  }
1663
+ }
1771
1664
 
1772
- i = X509_cmp_time(X509_get_notAfter(x), ptime);
1773
- if (i == 0) {
1774
- ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1775
- ctx->current_cert = x;
1776
- if (!ctx->verify_cb(0, ctx))
1777
- return 0;
1665
+ if (i > 0) {
1666
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1667
+ ctx->current_cert = x;
1668
+ if (!ctx->verify_cb(0, ctx)) {
1669
+ return 0;
1778
1670
  }
1671
+ }
1779
1672
 
1780
- if (i < 0) {
1781
- ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1782
- ctx->current_cert = x;
1783
- if (!ctx->verify_cb(0, ctx))
1784
- return 0;
1673
+ i = X509_cmp_time_posix(X509_get_notAfter(x), ptime);
1674
+ if (i == 0) {
1675
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1676
+ ctx->current_cert = x;
1677
+ if (!ctx->verify_cb(0, ctx)) {
1678
+ return 0;
1785
1679
  }
1680
+ }
1786
1681
 
1787
- return 1;
1682
+ if (i < 0) {
1683
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1684
+ ctx->current_cert = x;
1685
+ if (!ctx->verify_cb(0, ctx)) {
1686
+ return 0;
1687
+ }
1688
+ }
1689
+
1690
+ return 1;
1788
1691
  }
1789
1692
 
1790
- static int internal_verify(X509_STORE_CTX *ctx)
1791
- {
1792
- int ok = 0, n;
1793
- X509 *xs, *xi;
1794
- EVP_PKEY *pkey = NULL;
1795
- int (*cb) (int xok, X509_STORE_CTX *xctx);
1693
+ static int internal_verify(X509_STORE_CTX *ctx) {
1694
+ int ok = 0, n;
1695
+ X509 *xs, *xi;
1696
+ EVP_PKEY *pkey = NULL;
1796
1697
 
1797
- cb = ctx->verify_cb;
1698
+ n = sk_X509_num(ctx->chain);
1699
+ ctx->error_depth = n - 1;
1700
+ n--;
1701
+ xi = sk_X509_value(ctx->chain, n);
1798
1702
 
1799
- n = sk_X509_num(ctx->chain);
1800
- ctx->error_depth = n - 1;
1801
- n--;
1802
- xi = sk_X509_value(ctx->chain, n);
1803
-
1804
- if (ctx->check_issued(ctx, xi, xi))
1805
- xs = xi;
1806
- else {
1807
- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1808
- xs = xi;
1809
- goto check_cert;
1703
+ if (ctx->check_issued(ctx, xi, xi)) {
1704
+ xs = xi;
1705
+ } else {
1706
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1707
+ xs = xi;
1708
+ goto check_cert;
1709
+ }
1710
+ if (n <= 0) {
1711
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1712
+ ctx->current_cert = xi;
1713
+ ok = ctx->verify_cb(0, ctx);
1714
+ goto end;
1715
+ } else {
1716
+ n--;
1717
+ ctx->error_depth = n;
1718
+ xs = sk_X509_value(ctx->chain, n);
1719
+ }
1720
+ }
1721
+
1722
+ // ctx->error=0; not needed
1723
+ while (n >= 0) {
1724
+ ctx->error_depth = n;
1725
+
1726
+ // Skip signature check for self signed certificates unless
1727
+ // explicitly asked for. It doesn't add any security and just wastes
1728
+ // time.
1729
+ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1730
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
1731
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1732
+ ctx->current_cert = xi;
1733
+ ok = ctx->verify_cb(0, ctx);
1734
+ if (!ok) {
1735
+ goto end;
1810
1736
  }
1811
- if (n <= 0) {
1812
- ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1813
- ctx->current_cert = xi;
1814
- ok = cb(0, ctx);
1815
- goto end;
1816
- } else {
1817
- n--;
1818
- ctx->error_depth = n;
1819
- xs = sk_X509_value(ctx->chain, n);
1737
+ } else if (X509_verify(xs, pkey) <= 0) {
1738
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1739
+ ctx->current_cert = xs;
1740
+ ok = ctx->verify_cb(0, ctx);
1741
+ if (!ok) {
1742
+ EVP_PKEY_free(pkey);
1743
+ goto end;
1820
1744
  }
1745
+ }
1746
+ EVP_PKEY_free(pkey);
1747
+ pkey = NULL;
1821
1748
  }
1822
1749
 
1823
- /* ctx->error=0; not needed */
1824
- while (n >= 0) {
1825
- ctx->error_depth = n;
1826
-
1827
- /*
1828
- * Skip signature check for self signed certificates unless
1829
- * explicitly asked for. It doesn't add any security and just wastes
1830
- * time.
1831
- */
1832
- if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1833
- if ((pkey = X509_get_pubkey(xi)) == NULL) {
1834
- ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1835
- ctx->current_cert = xi;
1836
- ok = (*cb) (0, ctx);
1837
- if (!ok)
1838
- goto end;
1839
- } else if (X509_verify(xs, pkey) <= 0) {
1840
- ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1841
- ctx->current_cert = xs;
1842
- ok = (*cb) (0, ctx);
1843
- if (!ok) {
1844
- EVP_PKEY_free(pkey);
1845
- goto end;
1846
- }
1847
- }
1848
- EVP_PKEY_free(pkey);
1849
- pkey = NULL;
1850
- }
1851
-
1852
- check_cert:
1853
- ok = check_cert_time(ctx, xs);
1854
- if (!ok)
1855
- goto end;
1856
-
1857
- /* The last error (if any) is still in the error value */
1858
- ctx->current_issuer = xi;
1859
- ctx->current_cert = xs;
1860
- ok = (*cb) (1, ctx);
1861
- if (!ok)
1862
- goto end;
1863
-
1864
- n--;
1865
- if (n >= 0) {
1866
- xi = xs;
1867
- xs = sk_X509_value(ctx->chain, n);
1868
- }
1750
+ check_cert:
1751
+ ok = check_cert_time(ctx, xs);
1752
+ if (!ok) {
1753
+ goto end;
1869
1754
  }
1870
- ok = 1;
1871
- end:
1872
- return ok;
1873
- }
1874
-
1875
- int X509_cmp_current_time(const ASN1_TIME *ctm)
1876
- {
1877
- return X509_cmp_time(ctm, NULL);
1878
- }
1879
-
1880
- int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1881
- {
1882
- static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
1883
- static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
1884
- ASN1_TIME *asn1_cmp_time = NULL;
1885
- int i, day, sec, ret = 0;
1886
-
1887
- /*
1888
- * Note that ASN.1 allows much more slack in the time format than RFC 5280.
1889
- * In RFC 5280, the representation is fixed:
1890
- * UTCTime: YYMMDDHHMMSSZ
1891
- * GeneralizedTime: YYYYMMDDHHMMSSZ
1892
- *
1893
- * We do NOT currently enforce the following RFC 5280 requirement:
1894
- * "CAs conforming to this profile MUST always encode certificate
1895
- * validity dates through the year 2049 as UTCTime; certificate validity
1896
- * dates in 2050 or later MUST be encoded as GeneralizedTime."
1897
- */
1898
- switch (ctm->type) {
1899
- case V_ASN1_UTCTIME:
1900
- if (ctm->length != (int)(utctime_length))
1901
- return 0;
1902
- break;
1903
- case V_ASN1_GENERALIZEDTIME:
1904
- if (ctm->length != (int)(generalizedtime_length))
1905
- return 0;
1906
- break;
1907
- default:
1908
- return 0;
1755
+
1756
+ // The last error (if any) is still in the error value
1757
+ ctx->current_issuer = xi;
1758
+ ctx->current_cert = xs;
1759
+ ok = ctx->verify_cb(1, ctx);
1760
+ if (!ok) {
1761
+ goto end;
1909
1762
  }
1910
1763
 
1911
- /**
1912
- * Verify the format: the ASN.1 functions we use below allow a more
1913
- * flexible format than what's mandated by RFC 5280.
1914
- * Digit and date ranges will be verified in the conversion methods.
1915
- */
1916
- for (i = 0; i < ctm->length - 1; i++) {
1917
- if (!isdigit(ctm->data[i]))
1918
- return 0;
1764
+ n--;
1765
+ if (n >= 0) {
1766
+ xi = xs;
1767
+ xs = sk_X509_value(ctx->chain, n);
1919
1768
  }
1920
- if (ctm->data[ctm->length - 1] != 'Z')
1921
- return 0;
1769
+ }
1770
+ ok = 1;
1771
+ end:
1772
+ return ok;
1773
+ }
1922
1774
 
1923
- /*
1924
- * There is ASN1_UTCTIME_cmp_time_t but no
1925
- * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
1926
- * so we go through ASN.1
1927
- */
1928
- asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
1929
- if (asn1_cmp_time == NULL)
1930
- goto err;
1931
- if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
1932
- goto err;
1775
+ int X509_cmp_current_time(const ASN1_TIME *ctm) {
1776
+ return X509_cmp_time_posix(ctm, time(NULL));
1777
+ }
1933
1778
 
1934
- /*
1935
- * X509_cmp_time comparison is <=.
1936
- * The return value 0 is reserved for errors.
1937
- */
1938
- ret = (day >= 0 && sec >= 0) ? -1 : 1;
1779
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) {
1780
+ int64_t compare_time = (cmp_time == NULL) ? time(NULL) : *cmp_time;
1781
+ return X509_cmp_time_posix(ctm, compare_time);
1782
+ }
1939
1783
 
1940
- err:
1941
- ASN1_TIME_free(asn1_cmp_time);
1942
- return ret;
1784
+ int X509_cmp_time_posix(const ASN1_TIME *ctm, int64_t cmp_time) {
1785
+ int64_t ctm_time;
1786
+ if (!ASN1_TIME_to_posix(ctm, &ctm_time)) {
1787
+ return 0;
1788
+ }
1789
+ // The return value 0 is reserved for errors.
1790
+ return (ctm_time - cmp_time <= 0) ? -1 : 1;
1943
1791
  }
1944
1792
 
1945
- ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec)
1946
- {
1947
- return X509_time_adj(s, offset_sec, NULL);
1793
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec) {
1794
+ return X509_time_adj(s, offset_sec, NULL);
1948
1795
  }
1949
1796
 
1950
- ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1951
- {
1952
- return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1797
+ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) {
1798
+ return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1953
1799
  }
1954
1800
 
1955
- ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1956
- int offset_day, long offset_sec, time_t *in_tm)
1957
- {
1958
- time_t t = 0;
1801
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec,
1802
+ time_t *in_tm) {
1803
+ int64_t t = 0;
1959
1804
 
1960
- if (in_tm) {
1961
- t = *in_tm;
1962
- } else {
1963
- time(&t);
1964
- }
1965
-
1966
- return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1967
- }
1968
-
1969
- /* Make a delta CRL as the diff between two full CRLs */
1970
-
1971
- X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
1972
- EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
1973
- {
1974
- X509_CRL *crl = NULL;
1975
- int i;
1976
- size_t j;
1977
- STACK_OF(X509_REVOKED) *revs = NULL;
1978
- /* CRLs can't be delta already */
1979
- if (base->base_crl_number || newer->base_crl_number) {
1980
- OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1981
- return NULL;
1982
- }
1983
- /* Base and new CRL must have a CRL number */
1984
- if (!base->crl_number || !newer->crl_number) {
1985
- OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
1986
- return NULL;
1987
- }
1988
- /* Issuer names must match */
1989
- if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
1990
- OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
1991
- return NULL;
1992
- }
1993
- /* AKID and IDP must match */
1994
- if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
1995
- OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
1996
- return NULL;
1997
- }
1998
- if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
1999
- OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2000
- return NULL;
2001
- }
2002
- /* Newer CRL number must exceed full CRL number */
2003
- if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
2004
- OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2005
- return NULL;
2006
- }
2007
- /* CRLs must verify */
2008
- if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2009
- X509_CRL_verify(newer, skey) <= 0)) {
2010
- OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2011
- return NULL;
2012
- }
2013
- /* Create new CRL */
2014
- crl = X509_CRL_new();
2015
- if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
2016
- goto memerr;
2017
- /* Set issuer name */
2018
- if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2019
- goto memerr;
1805
+ if (in_tm) {
1806
+ t = *in_tm;
1807
+ } else {
1808
+ t = time(NULL);
1809
+ }
2020
1810
 
2021
- if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
2022
- goto memerr;
2023
- if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
2024
- goto memerr;
1811
+ return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1812
+ }
2025
1813
 
2026
- /* Set base CRL number: must be critical */
1814
+ // Make a delta CRL as the diff between two full CRLs
2027
1815
 
2028
- if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
1816
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey,
1817
+ const EVP_MD *md, unsigned int flags) {
1818
+ X509_CRL *crl = NULL;
1819
+ int i;
1820
+ size_t j;
1821
+ STACK_OF(X509_REVOKED) *revs = NULL;
1822
+ // CRLs can't be delta already
1823
+ if (base->base_crl_number || newer->base_crl_number) {
1824
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1825
+ return NULL;
1826
+ }
1827
+ // Base and new CRL must have a CRL number
1828
+ if (!base->crl_number || !newer->crl_number) {
1829
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
1830
+ return NULL;
1831
+ }
1832
+ // Issuer names must match
1833
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
1834
+ OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
1835
+ return NULL;
1836
+ }
1837
+ // AKID and IDP must match
1838
+ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
1839
+ OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
1840
+ return NULL;
1841
+ }
1842
+ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
1843
+ OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
1844
+ return NULL;
1845
+ }
1846
+ // Newer CRL number must exceed full CRL number
1847
+ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
1848
+ OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
1849
+ return NULL;
1850
+ }
1851
+ // CRLs must verify
1852
+ if (skey &&
1853
+ (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) {
1854
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
1855
+ return NULL;
1856
+ }
1857
+ // Create new CRL
1858
+ crl = X509_CRL_new();
1859
+ if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2)) {
1860
+ goto memerr;
1861
+ }
1862
+ // Set issuer name
1863
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) {
1864
+ goto memerr;
1865
+ }
1866
+
1867
+ if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) {
1868
+ goto memerr;
1869
+ }
1870
+ if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) {
1871
+ goto memerr;
1872
+ }
1873
+
1874
+ // Set base CRL number: must be critical
1875
+
1876
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) {
1877
+ goto memerr;
1878
+ }
1879
+
1880
+ // Copy extensions across from newest CRL to delta: this will set CRL
1881
+ // number to correct value too.
1882
+
1883
+ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
1884
+ const X509_EXTENSION *ext = X509_CRL_get_ext(newer, i);
1885
+ if (!X509_CRL_add_ext(crl, ext, -1)) {
1886
+ goto memerr;
1887
+ }
1888
+ }
1889
+
1890
+ // Go through revoked entries, copying as needed
1891
+
1892
+ revs = X509_CRL_get_REVOKED(newer);
1893
+
1894
+ for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
1895
+ X509_REVOKED *rvn, *rvtmp;
1896
+ rvn = sk_X509_REVOKED_value(revs, j);
1897
+ // Add only if not also in base. TODO: need something cleverer here
1898
+ // for some more complex CRLs covering multiple CAs.
1899
+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
1900
+ rvtmp = X509_REVOKED_dup(rvn);
1901
+ if (!rvtmp) {
2029
1902
  goto memerr;
2030
-
2031
- /*
2032
- * Copy extensions across from newest CRL to delta: this will set CRL
2033
- * number to correct value too.
2034
- */
2035
-
2036
- for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
2037
- X509_EXTENSION *ext;
2038
- ext = X509_CRL_get_ext(newer, i);
2039
- if (!X509_CRL_add_ext(crl, ext, -1))
2040
- goto memerr;
2041
- }
2042
-
2043
- /* Go through revoked entries, copying as needed */
2044
-
2045
- revs = X509_CRL_get_REVOKED(newer);
2046
-
2047
- for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
2048
- X509_REVOKED *rvn, *rvtmp;
2049
- rvn = sk_X509_REVOKED_value(revs, j);
2050
- /*
2051
- * Add only if not also in base. TODO: need something cleverer here
2052
- * for some more complex CRLs covering multiple CAs.
2053
- */
2054
- if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2055
- rvtmp = X509_REVOKED_dup(rvn);
2056
- if (!rvtmp)
2057
- goto memerr;
2058
- if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2059
- X509_REVOKED_free(rvtmp);
2060
- goto memerr;
2061
- }
2062
- }
1903
+ }
1904
+ if (!X509_CRL_add0_revoked(crl, rvtmp)) {
1905
+ X509_REVOKED_free(rvtmp);
1906
+ goto memerr;
1907
+ }
2063
1908
  }
2064
- /* TODO: optionally prune deleted entries */
1909
+ }
1910
+ // TODO: optionally prune deleted entries
2065
1911
 
2066
- if (skey && md && !X509_CRL_sign(crl, skey, md))
2067
- goto memerr;
1912
+ if (skey && md && !X509_CRL_sign(crl, skey, md)) {
1913
+ goto memerr;
1914
+ }
2068
1915
 
2069
- return crl;
1916
+ return crl;
2070
1917
 
2071
- memerr:
2072
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2073
- if (crl)
2074
- X509_CRL_free(crl);
2075
- return NULL;
1918
+ memerr:
1919
+ if (crl) {
1920
+ X509_CRL_free(crl);
1921
+ }
1922
+ return NULL;
2076
1923
  }
2077
1924
 
2078
1925
  int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2079
- CRYPTO_EX_unused * unused,
1926
+ CRYPTO_EX_unused *unused,
2080
1927
  CRYPTO_EX_dup *dup_unused,
2081
- CRYPTO_EX_free *free_func)
2082
- {
2083
- /*
2084
- * This function is (usually) called only once, by
2085
- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2086
- */
2087
- int index;
2088
- if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2089
- free_func)) {
2090
- return -1;
2091
- }
2092
- return index;
1928
+ CRYPTO_EX_free *free_func) {
1929
+ // This function is (usually) called only once, by
1930
+ // SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1931
+ int index;
1932
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
1933
+ free_func)) {
1934
+ return -1;
1935
+ }
1936
+ return index;
2093
1937
  }
2094
1938
 
2095
- int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2096
- {
2097
- return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1939
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) {
1940
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2098
1941
  }
2099
1942
 
2100
- void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2101
- {
2102
- return CRYPTO_get_ex_data(&ctx->ex_data, idx);
1943
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) {
1944
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2103
1945
  }
2104
1946
 
2105
- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2106
- {
2107
- return ctx->error;
2108
- }
1947
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { return ctx->error; }
2109
1948
 
2110
- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2111
- {
2112
- ctx->error = err;
1949
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) {
1950
+ ctx->error = err;
2113
1951
  }
2114
1952
 
2115
- int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2116
- {
2117
- return ctx->error_depth;
1953
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) {
1954
+ return ctx->error_depth;
2118
1955
  }
2119
1956
 
2120
- X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2121
- {
2122
- return ctx->current_cert;
1957
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) {
1958
+ return ctx->current_cert;
2123
1959
  }
2124
1960
 
2125
- STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2126
- {
2127
- return ctx->chain;
1961
+ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) {
1962
+ return ctx->chain;
2128
1963
  }
2129
1964
 
2130
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
2131
- {
2132
- return ctx->chain;
1965
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) {
1966
+ return ctx->chain;
2133
1967
  }
2134
1968
 
2135
- STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2136
- {
2137
- if (!ctx->chain)
2138
- return NULL;
2139
- return X509_chain_up_ref(ctx->chain);
1969
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
1970
+ if (!ctx->chain) {
1971
+ return NULL;
1972
+ }
1973
+ return X509_chain_up_ref(ctx->chain);
2140
1974
  }
2141
1975
 
2142
- X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2143
- {
2144
- return ctx->current_issuer;
1976
+ X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) {
1977
+ return ctx->current_issuer;
2145
1978
  }
2146
1979
 
2147
- X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2148
- {
2149
- return ctx->current_crl;
1980
+ X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) {
1981
+ return ctx->current_crl;
2150
1982
  }
2151
1983
 
2152
- X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2153
- {
2154
- return ctx->parent;
1984
+ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) {
1985
+ return ctx->parent;
2155
1986
  }
2156
1987
 
2157
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2158
- {
2159
- ctx->cert = x;
2160
- }
1988
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert = x; }
2161
1989
 
2162
- void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2163
- {
2164
- ctx->untrusted = sk;
1990
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
1991
+ ctx->untrusted = sk;
2165
1992
  }
2166
1993
 
2167
- STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
2168
- {
2169
- return ctx->untrusted;
1994
+ STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) {
1995
+ return ctx->untrusted;
2170
1996
  }
2171
1997
 
2172
- void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2173
- {
2174
- ctx->crls = sk;
1998
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) {
1999
+ ctx->crls = sk;
2175
2000
  }
2176
2001
 
2177
- int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2178
- {
2179
- return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2002
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) {
2003
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2180
2004
  }
2181
2005
 
2182
- int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2183
- {
2184
- return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2006
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) {
2007
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2185
2008
  }
2186
2009
 
2187
- /*
2188
- * This function is used to set the X509_STORE_CTX purpose and trust values.
2189
- * This is intended to be used when another structure has its own trust and
2190
- * purpose values which (if set) will be inherited by the ctx. If they aren't
2191
- * set then we will usually have a default purpose in mind which should then
2192
- * be used to set the trust value. An example of this is SSL use: an SSL
2193
- * structure will have its own purpose and trust settings which the
2194
- * application can set: if they aren't set then we use the default of SSL
2195
- * client/server.
2196
- */
2010
+ // This function is used to set the X509_STORE_CTX purpose and trust values.
2011
+ // This is intended to be used when another structure has its own trust and
2012
+ // purpose values which (if set) will be inherited by the ctx. If they aren't
2013
+ // set then we will usually have a default purpose in mind which should then
2014
+ // be used to set the trust value. An example of this is SSL use: an SSL
2015
+ // structure will have its own purpose and trust settings which the
2016
+ // application can set: if they aren't set then we use the default of SSL
2017
+ // client/server.
2197
2018
 
2198
2019
  int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2199
- int purpose, int trust)
2200
- {
2201
- int idx;
2202
- /* If purpose not set use default */
2203
- if (!purpose)
2204
- purpose = def_purpose;
2205
- /* If we have a purpose then check it is valid */
2206
- if (purpose) {
2207
- X509_PURPOSE *ptmp;
2208
- idx = X509_PURPOSE_get_by_id(purpose);
2209
- if (idx == -1) {
2210
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2211
- return 0;
2212
- }
2213
- ptmp = X509_PURPOSE_get0(idx);
2214
- if (ptmp->trust == X509_TRUST_DEFAULT) {
2215
- idx = X509_PURPOSE_get_by_id(def_purpose);
2216
- if (idx == -1) {
2217
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2218
- return 0;
2219
- }
2220
- ptmp = X509_PURPOSE_get0(idx);
2221
- }
2222
- /* If trust not set then get from purpose default */
2223
- if (!trust)
2224
- trust = ptmp->trust;
2225
- }
2226
- if (trust) {
2227
- idx = X509_TRUST_get_by_id(trust);
2228
- if (idx == -1) {
2229
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2230
- return 0;
2231
- }
2232
- }
2233
-
2234
- if (purpose && !ctx->param->purpose)
2235
- ctx->param->purpose = purpose;
2236
- if (trust && !ctx->param->trust)
2237
- ctx->param->trust = trust;
2238
- return 1;
2239
- }
2240
-
2241
- X509_STORE_CTX *X509_STORE_CTX_new(void)
2242
- {
2243
- X509_STORE_CTX *ctx;
2244
- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2245
- if (!ctx) {
2246
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2247
- return NULL;
2248
- }
2249
- X509_STORE_CTX_zero(ctx);
2250
- return ctx;
2020
+ int purpose, int trust) {
2021
+ int idx;
2022
+ // If purpose not set use default
2023
+ if (!purpose) {
2024
+ purpose = def_purpose;
2025
+ }
2026
+ // If we have a purpose then check it is valid
2027
+ if (purpose) {
2028
+ X509_PURPOSE *ptmp;
2029
+ idx = X509_PURPOSE_get_by_id(purpose);
2030
+ if (idx == -1) {
2031
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2032
+ return 0;
2033
+ }
2034
+ ptmp = X509_PURPOSE_get0(idx);
2035
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
2036
+ idx = X509_PURPOSE_get_by_id(def_purpose);
2037
+ if (idx == -1) {
2038
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2039
+ return 0;
2040
+ }
2041
+ ptmp = X509_PURPOSE_get0(idx);
2042
+ }
2043
+ // If trust not set then get from purpose default
2044
+ if (!trust) {
2045
+ trust = ptmp->trust;
2046
+ }
2047
+ }
2048
+ if (trust) {
2049
+ idx = X509_TRUST_get_by_id(trust);
2050
+ if (idx == -1) {
2051
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2052
+ return 0;
2053
+ }
2054
+ }
2055
+
2056
+ if (purpose && !ctx->param->purpose) {
2057
+ ctx->param->purpose = purpose;
2058
+ }
2059
+ if (trust && !ctx->param->trust) {
2060
+ ctx->param->trust = trust;
2061
+ }
2062
+ return 1;
2063
+ }
2064
+
2065
+ X509_STORE_CTX *X509_STORE_CTX_new(void) {
2066
+ X509_STORE_CTX *ctx;
2067
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2068
+ if (!ctx) {
2069
+ return NULL;
2070
+ }
2071
+ X509_STORE_CTX_zero(ctx);
2072
+ return ctx;
2251
2073
  }
2252
2074
 
2253
- void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2254
- {
2255
- OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2075
+ void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
2076
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2256
2077
  }
2257
2078
 
2258
- void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2259
- {
2260
- if (ctx == NULL) {
2261
- return;
2262
- }
2263
- X509_STORE_CTX_cleanup(ctx);
2264
- OPENSSL_free(ctx);
2079
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
2080
+ if (ctx == NULL) {
2081
+ return;
2082
+ }
2083
+ X509_STORE_CTX_cleanup(ctx);
2084
+ OPENSSL_free(ctx);
2265
2085
  }
2266
2086
 
2267
2087
  int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2268
- STACK_OF(X509) *chain)
2269
- {
2270
- X509_STORE_CTX_zero(ctx);
2271
- ctx->ctx = store;
2272
- ctx->cert = x509;
2273
- ctx->untrusted = chain;
2274
-
2275
- CRYPTO_new_ex_data(&ctx->ex_data);
2276
-
2277
- if (store == NULL) {
2278
- OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
2279
- goto err;
2280
- }
2281
-
2282
- ctx->param = X509_VERIFY_PARAM_new();
2283
- if (!ctx->param)
2284
- goto err;
2285
-
2286
- /*
2287
- * Inherit callbacks and flags from X509_STORE.
2288
- */
2289
-
2088
+ STACK_OF(X509) *chain) {
2089
+ X509_STORE_CTX_zero(ctx);
2090
+ ctx->ctx = store;
2091
+ ctx->cert = x509;
2092
+ ctx->untrusted = chain;
2093
+
2094
+ CRYPTO_new_ex_data(&ctx->ex_data);
2095
+
2096
+ if (store == NULL) {
2097
+ OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
2098
+ goto err;
2099
+ }
2100
+
2101
+ ctx->param = X509_VERIFY_PARAM_new();
2102
+ if (!ctx->param) {
2103
+ goto err;
2104
+ }
2105
+
2106
+ // Inherit callbacks and flags from X509_STORE.
2107
+
2108
+ ctx->verify_cb = store->verify_cb;
2109
+ ctx->cleanup = store->cleanup;
2110
+
2111
+ if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2112
+ !X509_VERIFY_PARAM_inherit(ctx->param,
2113
+ X509_VERIFY_PARAM_lookup("default"))) {
2114
+ goto err;
2115
+ }
2116
+
2117
+ if (store->check_issued) {
2118
+ ctx->check_issued = store->check_issued;
2119
+ } else {
2120
+ ctx->check_issued = check_issued;
2121
+ }
2122
+
2123
+ if (store->get_issuer) {
2124
+ ctx->get_issuer = store->get_issuer;
2125
+ } else {
2126
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2127
+ }
2128
+
2129
+ if (store->verify_cb) {
2290
2130
  ctx->verify_cb = store->verify_cb;
2291
- ctx->cleanup = store->cleanup;
2292
-
2293
- if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2294
- !X509_VERIFY_PARAM_inherit(ctx->param,
2295
- X509_VERIFY_PARAM_lookup("default"))) {
2296
- goto err;
2297
- }
2298
-
2299
- if (store->check_issued)
2300
- ctx->check_issued = store->check_issued;
2301
- else
2302
- ctx->check_issued = check_issued;
2303
-
2304
- if (store->get_issuer)
2305
- ctx->get_issuer = store->get_issuer;
2306
- else
2307
- ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2308
-
2309
- if (store->verify_cb)
2310
- ctx->verify_cb = store->verify_cb;
2311
- else
2312
- ctx->verify_cb = null_callback;
2131
+ } else {
2132
+ ctx->verify_cb = null_callback;
2133
+ }
2134
+
2135
+ if (store->verify) {
2136
+ ctx->verify = store->verify;
2137
+ } else {
2138
+ ctx->verify = internal_verify;
2139
+ }
2313
2140
 
2314
- if (store->verify)
2315
- ctx->verify = store->verify;
2316
- else
2317
- ctx->verify = internal_verify;
2141
+ if (store->check_revocation) {
2142
+ ctx->check_revocation = store->check_revocation;
2143
+ } else {
2144
+ ctx->check_revocation = check_revocation;
2145
+ }
2318
2146
 
2319
- if (store->check_revocation)
2320
- ctx->check_revocation = store->check_revocation;
2321
- else
2322
- ctx->check_revocation = check_revocation;
2147
+ if (store->get_crl) {
2148
+ ctx->get_crl = store->get_crl;
2149
+ } else {
2150
+ ctx->get_crl = NULL;
2151
+ }
2323
2152
 
2324
- if (store->get_crl)
2325
- ctx->get_crl = store->get_crl;
2326
- else
2327
- ctx->get_crl = NULL;
2153
+ if (store->check_crl) {
2154
+ ctx->check_crl = store->check_crl;
2155
+ } else {
2156
+ ctx->check_crl = check_crl;
2157
+ }
2328
2158
 
2329
- if (store->check_crl)
2330
- ctx->check_crl = store->check_crl;
2331
- else
2332
- ctx->check_crl = check_crl;
2159
+ if (store->cert_crl) {
2160
+ ctx->cert_crl = store->cert_crl;
2161
+ } else {
2162
+ ctx->cert_crl = cert_crl;
2163
+ }
2333
2164
 
2334
- if (store->cert_crl)
2335
- ctx->cert_crl = store->cert_crl;
2336
- else
2337
- ctx->cert_crl = cert_crl;
2165
+ if (store->lookup_certs) {
2166
+ ctx->lookup_certs = store->lookup_certs;
2167
+ } else {
2168
+ ctx->lookup_certs = X509_STORE_get1_certs;
2169
+ }
2338
2170
 
2339
- if (store->lookup_certs)
2340
- ctx->lookup_certs = store->lookup_certs;
2341
- else
2342
- ctx->lookup_certs = X509_STORE_get1_certs;
2171
+ if (store->lookup_crls) {
2172
+ ctx->lookup_crls = store->lookup_crls;
2173
+ } else {
2174
+ ctx->lookup_crls = X509_STORE_get1_crls;
2175
+ }
2343
2176
 
2344
- if (store->lookup_crls)
2345
- ctx->lookup_crls = store->lookup_crls;
2346
- else
2347
- ctx->lookup_crls = X509_STORE_get1_crls;
2177
+ ctx->check_policy = check_policy;
2348
2178
 
2349
- ctx->check_policy = check_policy;
2179
+ return 1;
2350
2180
 
2351
- return 1;
2352
-
2353
- err:
2354
- CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2355
- if (ctx->param != NULL) {
2356
- X509_VERIFY_PARAM_free(ctx->param);
2357
- }
2181
+ err:
2182
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2183
+ if (ctx->param != NULL) {
2184
+ X509_VERIFY_PARAM_free(ctx->param);
2185
+ }
2358
2186
 
2359
- OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2360
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2361
- return 0;
2187
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2188
+ return 0;
2362
2189
  }
2363
2190
 
2364
- /*
2365
- * Set alternative lookup method: just a STACK of trusted certificates. This
2366
- * avoids X509_STORE nastiness where it isn't needed.
2367
- */
2191
+ // Set alternative lookup method: just a STACK of trusted certificates. This
2192
+ // avoids X509_STORE nastiness where it isn't needed.
2368
2193
 
2369
- void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2370
- {
2371
- ctx->other_ctx = sk;
2372
- ctx->get_issuer = get_issuer_sk;
2194
+ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2195
+ STACK_OF(X509) *sk) {
2196
+ ctx->other_ctx = sk;
2197
+ ctx->get_issuer = get_issuer_sk;
2373
2198
  }
2374
2199
 
2375
- void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2376
- {
2377
- /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2378
- * also calls this function. */
2379
- if (ctx->cleanup != NULL) {
2380
- ctx->cleanup(ctx);
2381
- ctx->cleanup = NULL;
2382
- }
2383
- if (ctx->param != NULL) {
2384
- if (ctx->parent == NULL)
2385
- X509_VERIFY_PARAM_free(ctx->param);
2386
- ctx->param = NULL;
2387
- }
2388
- if (ctx->tree != NULL) {
2389
- X509_policy_tree_free(ctx->tree);
2390
- ctx->tree = NULL;
2391
- }
2392
- if (ctx->chain != NULL) {
2393
- sk_X509_pop_free(ctx->chain, X509_free);
2394
- ctx->chain = NULL;
2395
- }
2396
- CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2397
- OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2200
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
2201
+ X509_STORE_CTX_set0_trusted_stack(ctx, sk);
2398
2202
  }
2399
2203
 
2400
- void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2401
- {
2402
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2204
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) {
2205
+ // We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2206
+ // also calls this function.
2207
+ if (ctx->cleanup != NULL) {
2208
+ ctx->cleanup(ctx);
2209
+ ctx->cleanup = NULL;
2210
+ }
2211
+ if (ctx->param != NULL) {
2212
+ if (ctx->parent == NULL) {
2213
+ X509_VERIFY_PARAM_free(ctx->param);
2214
+ }
2215
+ ctx->param = NULL;
2216
+ }
2217
+ if (ctx->chain != NULL) {
2218
+ sk_X509_pop_free(ctx->chain, X509_free);
2219
+ ctx->chain = NULL;
2220
+ }
2221
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2222
+ OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2403
2223
  }
2404
2224
 
2405
- void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2406
- {
2407
- X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2225
+ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) {
2226
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2408
2227
  }
2409
2228
 
2410
- void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2411
- time_t t)
2412
- {
2413
- X509_VERIFY_PARAM_set_time(ctx->param, t);
2229
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) {
2230
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2414
2231
  }
2415
2232
 
2416
- X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2417
- {
2418
- return ctx->cert;
2233
+ void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx, unsigned long flags,
2234
+ int64_t t) {
2235
+ X509_VERIFY_PARAM_set_time_posix(ctx->param, t);
2419
2236
  }
2420
2237
 
2421
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2422
- int (*verify_cb) (int, X509_STORE_CTX *))
2423
- {
2424
- ctx->verify_cb = verify_cb;
2238
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2239
+ time_t t) {
2240
+ X509_STORE_CTX_set_time_posix(ctx, flags, t);
2425
2241
  }
2426
2242
 
2427
- X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2428
- {
2429
- return ctx->tree;
2243
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) {
2244
+ return ctx->cert;
2430
2245
  }
2431
2246
 
2432
- int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2433
- {
2434
- return ctx->explicit_policy;
2247
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2248
+ int (*verify_cb)(int, X509_STORE_CTX *)) {
2249
+ ctx->verify_cb = verify_cb;
2435
2250
  }
2436
2251
 
2437
- int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2438
- {
2439
- const X509_VERIFY_PARAM *param;
2440
- param = X509_VERIFY_PARAM_lookup(name);
2441
- if (!param)
2442
- return 0;
2443
- return X509_VERIFY_PARAM_inherit(ctx->param, param);
2252
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) {
2253
+ const X509_VERIFY_PARAM *param;
2254
+ param = X509_VERIFY_PARAM_lookup(name);
2255
+ if (!param) {
2256
+ return 0;
2257
+ }
2258
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
2444
2259
  }
2445
2260
 
2446
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2447
- {
2448
- return ctx->param;
2261
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) {
2262
+ return ctx->param;
2449
2263
  }
2450
2264
 
2451
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2452
- {
2453
- if (ctx->param)
2454
- X509_VERIFY_PARAM_free(ctx->param);
2455
- ctx->param = param;
2265
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) {
2266
+ if (ctx->param) {
2267
+ X509_VERIFY_PARAM_free(ctx->param);
2268
+ }
2269
+ ctx->param = param;
2456
2270
  }