grpc 1.50.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (2554) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +453 -176
  3. data/include/grpc/byte_buffer.h +76 -1
  4. data/include/grpc/byte_buffer_reader.h +19 -1
  5. data/include/grpc/compression.h +2 -2
  6. data/include/grpc/event_engine/event_engine.h +83 -23
  7. data/include/grpc/event_engine/internal/memory_allocator_impl.h +1 -1
  8. data/include/grpc/event_engine/internal/slice_cast.h +67 -0
  9. data/include/grpc/event_engine/memory_allocator.h +1 -1
  10. data/include/grpc/event_engine/slice.h +24 -4
  11. data/include/grpc/event_engine/slice_buffer.h +44 -3
  12. data/include/grpc/fork.h +25 -1
  13. data/include/grpc/grpc.h +3 -13
  14. data/include/grpc/grpc_audit_logging.h +96 -0
  15. data/include/grpc/grpc_posix.h +1 -1
  16. data/include/grpc/grpc_security.h +4 -0
  17. data/include/grpc/impl/codegen/atm.h +3 -71
  18. data/include/grpc/impl/codegen/atm_gcc_atomic.h +3 -58
  19. data/include/grpc/impl/codegen/atm_gcc_sync.h +3 -59
  20. data/include/grpc/impl/codegen/atm_windows.h +3 -106
  21. data/include/grpc/impl/codegen/byte_buffer.h +4 -78
  22. data/include/grpc/impl/codegen/byte_buffer_reader.h +4 -19
  23. data/include/grpc/impl/codegen/compression_types.h +3 -82
  24. data/include/grpc/impl/codegen/connectivity_state.h +3 -20
  25. data/include/grpc/impl/codegen/fork.h +4 -25
  26. data/include/grpc/impl/codegen/gpr_types.h +2 -34
  27. data/include/grpc/impl/codegen/grpc_types.h +3 -791
  28. data/include/grpc/impl/codegen/log.h +3 -86
  29. data/include/grpc/impl/codegen/port_platform.h +3 -758
  30. data/include/grpc/impl/codegen/propagation_bits.h +3 -28
  31. data/include/grpc/impl/codegen/slice.h +3 -106
  32. data/include/grpc/impl/codegen/status.h +4 -131
  33. data/include/grpc/impl/codegen/sync.h +3 -42
  34. data/include/grpc/impl/codegen/sync_abseil.h +3 -12
  35. data/include/grpc/impl/codegen/sync_custom.h +3 -14
  36. data/include/grpc/impl/codegen/sync_generic.h +3 -25
  37. data/include/grpc/impl/codegen/sync_posix.h +3 -28
  38. data/include/grpc/impl/codegen/sync_windows.h +3 -16
  39. data/include/grpc/impl/compression_types.h +109 -0
  40. data/include/grpc/impl/connectivity_state.h +47 -0
  41. data/include/grpc/impl/grpc_types.h +838 -0
  42. data/include/grpc/impl/propagation_bits.h +54 -0
  43. data/include/grpc/impl/slice_type.h +112 -0
  44. data/include/grpc/load_reporting.h +1 -1
  45. data/include/grpc/module.modulemap +7 -1
  46. data/include/grpc/slice.h +1 -1
  47. data/include/grpc/status.h +131 -1
  48. data/include/grpc/support/atm.h +70 -1
  49. data/include/grpc/support/atm_gcc_atomic.h +59 -1
  50. data/include/grpc/support/atm_gcc_sync.h +58 -1
  51. data/include/grpc/support/atm_windows.h +105 -1
  52. data/include/grpc/support/json.h +218 -0
  53. data/include/grpc/support/log.h +87 -1
  54. data/include/grpc/support/log_windows.h +1 -1
  55. data/include/grpc/support/port_platform.h +767 -1
  56. data/include/grpc/support/string_util.h +1 -1
  57. data/include/grpc/support/sync.h +35 -2
  58. data/include/grpc/support/sync_abseil.h +11 -1
  59. data/include/grpc/support/sync_custom.h +13 -1
  60. data/include/grpc/support/sync_generic.h +24 -1
  61. data/include/grpc/support/sync_posix.h +27 -1
  62. data/include/grpc/support/sync_windows.h +15 -1
  63. data/include/grpc/support/time.h +31 -6
  64. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +164 -0
  65. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +52 -0
  66. data/src/core/ext/filters/backend_metrics/backend_metric_provider.h +29 -0
  67. data/src/core/ext/filters/census/grpc_context.cc +17 -18
  68. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +28 -22
  69. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +5 -4
  70. data/src/core/ext/filters/channel_idle/idle_filter_state.h +4 -4
  71. data/src/core/ext/filters/client_channel/backend_metric.cc +12 -1
  72. data/src/core/ext/filters/client_channel/backend_metric.h +3 -3
  73. data/src/core/ext/filters/client_channel/backup_poller.cc +26 -35
  74. data/src/core/ext/filters/client_channel/backup_poller.h +24 -27
  75. data/src/core/ext/filters/client_channel/channel_connectivity.cc +51 -28
  76. data/src/core/ext/filters/client_channel/client_channel.cc +1014 -1016
  77. data/src/core/ext/filters/client_channel/client_channel.h +155 -187
  78. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +36 -37
  79. data/src/core/ext/filters/client_channel/client_channel_channelz.h +22 -22
  80. data/src/core/ext/filters/client_channel/client_channel_factory.cc +17 -17
  81. data/src/core/ext/filters/client_channel/client_channel_factory.h +3 -3
  82. data/src/core/ext/filters/client_channel/client_channel_internal.h +77 -0
  83. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -18
  84. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
  85. data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
  86. data/src/core/ext/filters/client_channel/config_selector.h +25 -55
  87. data/src/core/ext/filters/client_channel/connector.h +9 -5
  88. data/src/core/ext/filters/client_channel/dynamic_filters.cc +28 -55
  89. data/src/core/ext/filters/client_channel/dynamic_filters.h +10 -11
  90. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +21 -21
  91. data/src/core/ext/filters/client_channel/http_proxy.cc +74 -42
  92. data/src/core/ext/filters/client_channel/http_proxy.h +21 -21
  93. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
  94. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -3
  95. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +29 -21
  96. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +7 -2
  97. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +3 -4
  98. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +66 -130
  99. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +40 -24
  100. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +156 -178
  101. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +26 -27
  102. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
  103. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +4 -6
  104. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +18 -20
  105. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +21 -22
  106. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +19 -20
  107. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +22 -23
  108. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  109. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  110. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  111. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +11 -94
  112. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +4 -4
  113. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +117 -0
  114. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +263 -242
  115. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +28 -7
  116. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +28 -26
  117. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +76 -112
  118. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +159 -168
  119. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +22 -5
  120. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +173 -171
  121. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +31 -25
  122. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +68 -31
  123. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +198 -0
  124. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.h +71 -0
  125. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +1002 -0
  126. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +76 -70
  127. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +103 -105
  128. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
  129. data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
  130. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +3 -3
  131. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +34 -41
  132. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +76 -113
  133. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +111 -185
  134. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +814 -0
  135. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +67 -0
  136. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +363 -0
  137. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +21 -21
  138. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -10
  139. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +59 -175
  140. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
  141. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +42 -43
  142. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +22 -23
  143. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +92 -87
  144. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +153 -153
  145. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +54 -55
  146. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +18 -18
  147. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +18 -18
  148. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +60 -0
  149. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.h +27 -0
  150. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +549 -0
  151. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
  152. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +97 -0
  153. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +32 -0
  154. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -39
  155. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +24 -0
  156. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
  157. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +4 -4
  158. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +85 -223
  159. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +45 -36
  160. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +12 -15
  161. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
  162. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +280 -189
  163. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +19 -4
  164. data/src/core/ext/filters/client_channel/retry_filter.cc +200 -264
  165. data/src/core/ext/filters/client_channel/retry_filter.h +3 -3
  166. data/src/core/ext/filters/client_channel/retry_service_config.cc +195 -236
  167. data/src/core/ext/filters/client_channel/retry_service_config.h +23 -26
  168. data/src/core/ext/filters/client_channel/retry_throttle.cc +27 -29
  169. data/src/core/ext/filters/client_channel/retry_throttle.h +29 -28
  170. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +17 -47
  171. data/src/core/ext/filters/client_channel/subchannel.cc +133 -337
  172. data/src/core/ext/filters/client_channel/subchannel.h +23 -86
  173. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +3 -3
  174. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +21 -21
  175. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +36 -38
  176. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +11 -8
  177. data/src/core/ext/filters/deadline/deadline_filter.cc +73 -64
  178. data/src/core/ext/filters/deadline/deadline_filter.h +6 -10
  179. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -2
  180. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +3 -7
  181. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
  182. data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
  183. data/src/core/ext/filters/http/client/http_client_filter.cc +47 -43
  184. data/src/core/ext/filters/http/client/http_client_filter.h +20 -20
  185. data/src/core/ext/filters/http/client_authority_filter.cc +19 -19
  186. data/src/core/ext/filters/http/client_authority_filter.h +21 -21
  187. data/src/core/ext/filters/http/http_filters_plugin.cc +30 -57
  188. data/src/core/ext/filters/http/message_compress/compression_filter.cc +323 -0
  189. data/src/core/ext/filters/http/message_compress/compression_filter.h +139 -0
  190. data/src/core/ext/filters/http/server/http_server_filter.cc +54 -52
  191. data/src/core/ext/filters/http/server/http_server_filter.h +21 -21
  192. data/src/core/ext/filters/message_size/message_size_filter.cc +184 -297
  193. data/src/core/ext/filters/message_size/message_size_filter.h +72 -20
  194. data/src/core/ext/filters/rbac/rbac_filter.cc +16 -15
  195. data/src/core/ext/filters/rbac/rbac_filter.h +3 -3
  196. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +829 -538
  197. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +7 -6
  198. data/src/core/ext/filters/server_config_selector/server_config_selector.h +9 -11
  199. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +12 -16
  200. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +3 -3
  201. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +220 -0
  202. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +81 -0
  203. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.cc +82 -0
  204. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +93 -0
  205. data/src/core/ext/gcp/metadata_query.cc +137 -0
  206. data/src/core/ext/gcp/metadata_query.h +87 -0
  207. data/src/core/ext/transport/chttp2/alpn/alpn.cc +18 -18
  208. data/src/core/ext/transport/chttp2/alpn/alpn.h +24 -24
  209. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +68 -67
  210. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +30 -24
  211. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +149 -149
  212. data/src/core/ext/transport/chttp2/server/chttp2_server.h +21 -21
  213. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +22 -22
  214. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +33 -33
  215. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +41 -37
  216. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +35 -31
  217. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +673 -455
  218. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +42 -22
  219. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +70 -0
  220. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +0 -36
  221. data/src/core/ext/transport/chttp2/transport/decode_huff.h +38 -85
  222. data/src/core/ext/transport/chttp2/transport/flow_control.cc +130 -107
  223. data/src/core/ext/transport/chttp2/transport/flow_control.h +66 -39
  224. data/src/core/ext/transport/chttp2/transport/frame.h +21 -21
  225. data/src/core/ext/transport/chttp2/transport/frame_data.cc +35 -32
  226. data/src/core/ext/transport/chttp2/transport/frame_data.h +27 -27
  227. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +38 -36
  228. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +20 -20
  229. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +27 -31
  230. data/src/core/ext/transport/chttp2/transport/frame_ping.h +21 -24
  231. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +30 -25
  232. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +21 -21
  233. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +39 -37
  234. data/src/core/ext/transport/chttp2/transport/frame_settings.h +22 -22
  235. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +24 -21
  236. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +21 -21
  237. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +3 -3
  238. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +201 -353
  239. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +328 -164
  240. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +4 -1
  241. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +5 -3
  242. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +498 -744
  243. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +30 -26
  244. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +41 -37
  245. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +30 -22
  246. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +21 -19
  247. data/src/core/ext/transport/chttp2/transport/http2_settings.h +39 -37
  248. data/src/core/ext/transport/chttp2/transport/http_trace.cc +19 -0
  249. data/src/core/ext/transport/chttp2/transport/http_trace.h +24 -0
  250. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +20 -20
  251. data/src/core/ext/transport/chttp2/transport/huffsyms.h +21 -21
  252. data/src/core/ext/transport/chttp2/transport/internal.h +220 -192
  253. data/src/core/ext/transport/chttp2/transport/parsing.cc +263 -109
  254. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +19 -19
  255. data/src/core/ext/transport/chttp2/transport/stream_map.cc +23 -23
  256. data/src/core/ext/transport/chttp2/transport/stream_map.h +33 -33
  257. data/src/core/ext/transport/chttp2/transport/varint.cc +19 -20
  258. data/src/core/ext/transport/chttp2/transport/varint.h +37 -34
  259. data/src/core/ext/transport/chttp2/transport/writing.cc +93 -72
  260. data/src/core/ext/transport/inproc/inproc_plugin.cc +17 -17
  261. data/src/core/ext/transport/inproc/inproc_transport.cc +143 -155
  262. data/src/core/ext/transport/inproc/inproc_transport.h +21 -21
  263. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +87 -52
  264. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +414 -181
  265. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -59
  266. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +485 -219
  267. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +90 -55
  268. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +415 -188
  269. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +377 -194
  270. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +1694 -666
  271. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +30 -17
  272. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +144 -47
  273. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +34 -21
  274. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +160 -62
  275. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +27 -14
  276. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +78 -38
  277. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +20 -11
  278. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +48 -26
  279. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +20 -11
  280. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +48 -26
  281. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +109 -62
  282. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +566 -244
  283. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +21 -12
  284. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +45 -30
  285. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +22 -19
  286. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +82 -29
  287. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +23 -16
  288. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +45 -30
  289. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +230 -143
  290. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +733 -404
  291. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +417 -258
  292. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1873 -867
  293. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -41
  294. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +286 -148
  295. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +537 -349
  296. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2038 -1178
  297. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -12
  298. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +45 -30
  299. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -52
  300. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +347 -232
  301. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +264 -165
  302. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +888 -476
  303. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +154 -72
  304. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +603 -213
  305. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +22 -13
  306. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +50 -36
  307. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +380 -221
  308. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1168 -611
  309. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +166 -94
  310. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +666 -292
  311. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +18 -11
  312. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +37 -26
  313. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +21 -12
  314. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +45 -30
  315. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +30 -17
  316. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +144 -47
  317. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +274 -167
  318. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +789 -440
  319. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +222 -128
  320. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1116 -485
  321. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -13
  322. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +60 -37
  323. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +350 -208
  324. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1088 -625
  325. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +44 -11
  326. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +175 -18
  327. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +34 -19
  328. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +118 -56
  329. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +48 -16
  330. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +189 -44
  331. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +31 -18
  332. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +143 -65
  333. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +22 -13
  334. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +51 -37
  335. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +78 -43
  336. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +265 -127
  337. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +147 -84
  338. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +454 -226
  339. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +115 -62
  340. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +559 -227
  341. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +18 -11
  342. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +35 -26
  343. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +187 -107
  344. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +969 -410
  345. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +172 -95
  346. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +864 -374
  347. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +49 -23
  348. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +182 -89
  349. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +39 -18
  350. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +74 -56
  351. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +28 -15
  352. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +71 -45
  353. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +131 -74
  354. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +489 -249
  355. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +135 -80
  356. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +505 -245
  357. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +257 -127
  358. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +1010 -387
  359. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +91 -41
  360. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +648 -183
  361. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1301 -751
  362. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5583 -2425
  363. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +49 -28
  364. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +164 -84
  365. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +228 -141
  366. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +738 -399
  367. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +20 -10
  368. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +53 -22
  369. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +21 -12
  370. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +45 -30
  371. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +32 -19
  372. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +70 -49
  373. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +27 -14
  374. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +110 -43
  375. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +46 -25
  376. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +259 -100
  377. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +21 -12
  378. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +49 -25
  379. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +18 -11
  380. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +35 -26
  381. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +42 -23
  382. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +108 -70
  383. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +7 -4
  384. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +21 -16
  385. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +43 -24
  386. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +110 -75
  387. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +30 -16
  388. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +100 -46
  389. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +16 -9
  390. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -23
  391. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +60 -37
  392. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +150 -108
  393. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +74 -43
  394. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +357 -167
  395. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +44 -25
  396. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +114 -80
  397. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -18
  398. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +253 -67
  399. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +75 -0
  400. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +201 -0
  401. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +474 -289
  402. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2156 -1037
  403. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +53 -0
  404. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +107 -0
  405. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +69 -0
  406. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +246 -0
  407. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +138 -0
  408. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +499 -0
  409. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +36 -17
  410. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +144 -55
  411. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +18 -11
  412. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +35 -26
  413. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -4
  414. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +15 -10
  415. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +184 -96
  416. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +907 -360
  417. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +56 -33
  418. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +150 -101
  419. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +188 -109
  420. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +827 -408
  421. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +32 -19
  422. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +109 -53
  423. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +10 -7
  424. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +18 -14
  425. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +300 -175
  426. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +1297 -511
  427. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +42 -23
  428. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +188 -75
  429. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +130 -83
  430. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +510 -238
  431. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +22 -13
  432. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +55 -34
  433. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +39 -26
  434. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +124 -68
  435. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +56 -0
  436. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +130 -0
  437. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +60 -26
  438. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +130 -51
  439. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +37 -20
  440. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +133 -63
  441. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -13
  442. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +91 -40
  443. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -12
  444. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +50 -32
  445. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +18 -11
  446. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +37 -26
  447. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +46 -27
  448. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +101 -70
  449. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +46 -0
  450. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +117 -0
  451. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +40 -23
  452. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +161 -75
  453. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +31 -18
  454. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +114 -56
  455. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +46 -29
  456. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +139 -91
  457. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +65 -42
  458. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +200 -121
  459. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +80 -45
  460. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +208 -131
  461. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +34 -21
  462. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +74 -53
  463. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -4
  464. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +13 -8
  465. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +16 -9
  466. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +28 -18
  467. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +28 -15
  468. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +55 -34
  469. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +43 -22
  470. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +91 -53
  471. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +35 -20
  472. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +92 -57
  473. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +7 -4
  474. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +16 -9
  475. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -11
  476. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +48 -26
  477. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +23 -14
  478. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +61 -41
  479. data/src/core/ext/upb-generated/google/api/annotations.upb.c +14 -11
  480. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -20
  481. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +255 -154
  482. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +934 -450
  483. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +299 -180
  484. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +946 -483
  485. data/src/core/ext/upb-generated/google/api/http.upb.c +68 -35
  486. data/src/core/ext/upb-generated/google/api/http.upb.h +284 -120
  487. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +22 -13
  488. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +95 -37
  489. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -10
  490. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +38 -22
  491. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +1018 -424
  492. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +3851 -1412
  493. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -10
  494. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +38 -22
  495. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +10 -7
  496. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +18 -14
  497. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +62 -39
  498. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +207 -102
  499. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -10
  500. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +38 -22
  501. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +90 -51
  502. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +157 -107
  503. data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -13
  504. data/src/core/ext/upb-generated/google/rpc/status.upb.h +95 -37
  505. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +59 -34
  506. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +154 -92
  507. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +43 -24
  508. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +118 -60
  509. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +250 -145
  510. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +919 -415
  511. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +34 -19
  512. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +76 -51
  513. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +25 -14
  514. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +45 -30
  515. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +144 -81
  516. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +405 -217
  517. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +51 -26
  518. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +153 -61
  519. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +173 -102
  520. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +855 -298
  521. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +68 -49
  522. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +155 -104
  523. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +26 -17
  524. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +55 -34
  525. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +12 -9
  526. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +31 -14
  527. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +26 -17
  528. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +55 -34
  529. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +23 -16
  530. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +45 -30
  531. data/src/core/ext/upb-generated/validate/validate.upb.c +845 -455
  532. data/src/core/ext/upb-generated/validate/validate.upb.h +4347 -1908
  533. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +68 -49
  534. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +155 -104
  535. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +26 -17
  536. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +55 -34
  537. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +12 -9
  538. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +31 -14
  539. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +65 -44
  540. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +137 -91
  541. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +23 -16
  542. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +45 -30
  543. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +16 -9
  544. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +28 -18
  545. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +56 -0
  546. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +122 -0
  547. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +37 -22
  548. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +96 -63
  549. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +26 -17
  550. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +52 -29
  551. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +21 -12
  552. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +45 -30
  553. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +23 -14
  554. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +62 -42
  555. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +44 -25
  556. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +169 -79
  557. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +27 -14
  558. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +65 -38
  559. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +86 -30
  560. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +223 -54
  561. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +21 -13
  562. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +89 -34
  563. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +53 -0
  564. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +107 -0
  565. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +75 -0
  566. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +270 -0
  567. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +39 -0
  568. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +78 -0
  569. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +78 -0
  570. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +289 -0
  571. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +162 -101
  572. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +501 -293
  573. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +160 -0
  574. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +740 -0
  575. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +24 -15
  576. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +53 -37
  577. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +40 -23
  578. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +161 -75
  579. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +82 -0
  580. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +240 -0
  581. data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +85 -0
  582. data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +246 -0
  583. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +21 -13
  584. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +45 -30
  585. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +1 -1
  586. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +6 -5
  587. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +55 -54
  588. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +6 -5
  589. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +1 -1
  590. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +6 -5
  591. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +35 -14
  592. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +16 -5
  593. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +1 -1
  594. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +6 -5
  595. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +1 -1
  596. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +6 -5
  597. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +1 -1
  598. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +6 -5
  599. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +1 -1
  600. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +6 -5
  601. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +1 -1
  602. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +6 -5
  603. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +1 -1
  604. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +6 -5
  605. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +1 -1
  606. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +6 -5
  607. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +1 -1
  608. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +6 -5
  609. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +1 -1
  610. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +6 -5
  611. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +1 -1
  612. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +6 -5
  613. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +252 -241
  614. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +6 -5
  615. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +1 -1
  616. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +6 -5
  617. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +233 -225
  618. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +6 -10
  619. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +1 -1
  620. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +6 -5
  621. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +1 -1
  622. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +6 -5
  623. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +1 -1
  624. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +6 -5
  625. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +96 -76
  626. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +11 -5
  627. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +1 -1
  628. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +6 -5
  629. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +95 -94
  630. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +6 -5
  631. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +13 -12
  632. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +11 -5
  633. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +1 -1
  634. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +6 -5
  635. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +1 -1
  636. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +6 -5
  637. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +1 -1
  638. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +6 -5
  639. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +1 -1
  640. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +6 -5
  641. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +82 -76
  642. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +6 -5
  643. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +1 -1
  644. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +6 -5
  645. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +193 -188
  646. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +6 -5
  647. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +32 -16
  648. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +11 -5
  649. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +1 -1
  650. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +6 -5
  651. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +8 -4
  652. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +11 -5
  653. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +1 -1
  654. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +6 -5
  655. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +1 -1
  656. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +6 -5
  657. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +1 -1
  658. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +6 -5
  659. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +72 -67
  660. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +6 -5
  661. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +1 -1
  662. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +6 -5
  663. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +1 -1
  664. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +6 -5
  665. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +141 -134
  666. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +21 -5
  667. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +1 -1
  668. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +6 -5
  669. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +55 -42
  670. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +6 -5
  671. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +1 -1
  672. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +6 -5
  673. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +1 -1
  674. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +6 -5
  675. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +1 -1
  676. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +6 -5
  677. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +1 -1
  678. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +6 -5
  679. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +167 -138
  680. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +16 -5
  681. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +82 -71
  682. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +11 -5
  683. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +772 -739
  684. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +16 -5
  685. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +1 -1
  686. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +6 -5
  687. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +1 -1
  688. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +6 -5
  689. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +17 -15
  690. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +6 -5
  691. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +1 -1
  692. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +6 -5
  693. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +1 -1
  694. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +6 -5
  695. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +1 -1
  696. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +6 -5
  697. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +1 -1
  698. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +6 -5
  699. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +7 -9
  700. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +6 -5
  701. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +1 -1
  702. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +6 -5
  703. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +1 -1
  704. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +6 -5
  705. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +1 -1
  706. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +6 -5
  707. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +1 -1
  708. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +6 -5
  709. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +21 -19
  710. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +6 -5
  711. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +1 -1
  712. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +6 -5
  713. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +1 -1
  714. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +6 -5
  715. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +1 -1
  716. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +6 -5
  717. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +1 -1
  718. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +6 -5
  719. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +54 -43
  720. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +6 -5
  721. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +60 -0
  722. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +41 -0
  723. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +382 -364
  724. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +6 -5
  725. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +50 -0
  726. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +36 -0
  727. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +1 -1
  728. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +6 -5
  729. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +138 -136
  730. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +6 -5
  731. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +1 -1
  732. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +6 -5
  733. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +151 -147
  734. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +6 -5
  735. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +1 -1
  736. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +6 -5
  737. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +6 -6
  738. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +6 -5
  739. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +17 -14
  740. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +6 -5
  741. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +6 -6
  742. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +6 -5
  743. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +12 -13
  744. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +6 -5
  745. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +1 -1
  746. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +6 -5
  747. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +1 -1
  748. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +6 -5
  749. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +48 -0
  750. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +36 -0
  751. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +13 -10
  752. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +11 -5
  753. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +1 -1
  754. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +6 -5
  755. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +1 -1
  756. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +6 -5
  757. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +1 -1
  758. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +6 -5
  759. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +1 -1
  760. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +6 -5
  761. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +15 -15
  762. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +6 -5
  763. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +40 -0
  764. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +41 -0
  765. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +1 -1
  766. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +6 -5
  767. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +1 -1
  768. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +6 -5
  769. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +1 -1
  770. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +6 -5
  771. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +1 -1
  772. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +6 -5
  773. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +1 -1
  774. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +6 -5
  775. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +1 -1
  776. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +6 -5
  777. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +1 -1
  778. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +6 -5
  779. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +1 -1
  780. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +6 -5
  781. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +1 -1
  782. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +6 -5
  783. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +1 -1
  784. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +6 -5
  785. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +1 -1
  786. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +6 -5
  787. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +11 -10
  788. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +6 -5
  789. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +1 -1
  790. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +6 -5
  791. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +1 -1
  792. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +6 -5
  793. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +1 -1
  794. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +6 -5
  795. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +1 -1
  796. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +6 -5
  797. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +1 -1
  798. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +6 -5
  799. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +1 -1
  800. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +6 -5
  801. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +1 -1
  802. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +6 -5
  803. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +1 -1
  804. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +6 -5
  805. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +329 -273
  806. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +11 -5
  807. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +1 -1
  808. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +6 -5
  809. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +1 -1
  810. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +6 -5
  811. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +1 -1
  812. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +6 -5
  813. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +1 -1
  814. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +6 -5
  815. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +1 -1
  816. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +6 -5
  817. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +1 -1
  818. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +6 -5
  819. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +1 -1
  820. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +6 -5
  821. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +1 -1
  822. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +6 -5
  823. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +1 -1
  824. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +6 -5
  825. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +1 -1
  826. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +6 -5
  827. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +1 -1
  828. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +6 -5
  829. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +1 -1
  830. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +6 -5
  831. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +1 -1
  832. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +6 -5
  833. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +1 -1
  834. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +6 -5
  835. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +1 -1
  836. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +6 -5
  837. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +1 -1
  838. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +6 -5
  839. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +1 -1
  840. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +6 -5
  841. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +1 -1
  842. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +6 -5
  843. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +1 -1
  844. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +6 -5
  845. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +1 -1
  846. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +6 -5
  847. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +45 -0
  848. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +36 -0
  849. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +1 -1
  850. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +6 -5
  851. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +1 -1
  852. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +6 -5
  853. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +1 -1
  854. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +6 -5
  855. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +1 -1
  856. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +6 -5
  857. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +1 -1
  858. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +6 -5
  859. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +1 -1
  860. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +6 -5
  861. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +43 -0
  862. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +36 -0
  863. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +51 -0
  864. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +41 -0
  865. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +36 -0
  866. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +36 -0
  867. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +55 -0
  868. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +41 -0
  869. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +10 -10
  870. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +6 -5
  871. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +71 -0
  872. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +61 -0
  873. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +1 -1
  874. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +6 -5
  875. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +1 -1
  876. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +6 -5
  877. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +60 -0
  878. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +41 -0
  879. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +36 -0
  880. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +46 -0
  881. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +5 -8
  882. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +6 -5
  883. data/src/core/ext/xds/certificate_provider_store.cc +8 -13
  884. data/src/core/ext/xds/certificate_provider_store.h +4 -4
  885. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +32 -46
  886. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +17 -12
  887. data/src/core/ext/xds/upb_utils.h +4 -4
  888. data/src/core/ext/xds/xds_api.cc +61 -113
  889. data/src/core/ext/xds/xds_api.h +13 -15
  890. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  891. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  892. data/src/core/ext/xds/xds_bootstrap.cc +3 -3
  893. data/src/core/ext/xds/xds_bootstrap.h +3 -4
  894. data/src/core/ext/xds/xds_bootstrap_grpc.cc +37 -33
  895. data/src/core/ext/xds/xds_bootstrap_grpc.h +24 -4
  896. data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
  897. data/src/core/ext/xds/xds_certificate_provider.h +4 -4
  898. data/src/core/ext/xds/xds_channel_args.h +3 -3
  899. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -3
  900. data/src/core/ext/xds/xds_channel_stack_modifier.h +4 -4
  901. data/src/core/ext/xds/xds_client.cc +171 -104
  902. data/src/core/ext/xds/xds_client.h +17 -9
  903. data/src/core/ext/xds/xds_client_grpc.cc +30 -24
  904. data/src/core/ext/xds/xds_client_grpc.h +4 -4
  905. data/src/core/ext/xds/xds_client_stats.cc +46 -32
  906. data/src/core/ext/xds/xds_client_stats.h +46 -41
  907. data/src/core/ext/xds/xds_cluster.cc +358 -205
  908. data/src/core/ext/xds/xds_cluster.h +55 -39
  909. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +61 -74
  910. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +50 -26
  911. data/src/core/ext/xds/xds_common_types.cc +213 -141
  912. data/src/core/ext/xds/xds_common_types.h +22 -16
  913. data/src/core/ext/xds/xds_endpoint.cc +229 -132
  914. data/src/core/ext/xds/xds_endpoint.h +17 -12
  915. data/src/core/ext/xds/xds_health_status.cc +80 -0
  916. data/src/core/ext/xds/xds_health_status.h +109 -0
  917. data/src/core/ext/xds/xds_http_fault_filter.cc +68 -51
  918. data/src/core/ext/xds/xds_http_fault_filter.h +19 -26
  919. data/src/core/ext/xds/xds_http_filters.cc +65 -73
  920. data/src/core/ext/xds/xds_http_filters.h +76 -25
  921. data/src/core/ext/xds/xds_http_rbac_filter.cc +303 -272
  922. data/src/core/ext/xds/xds_http_rbac_filter.h +19 -21
  923. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +222 -0
  924. data/src/core/ext/xds/xds_http_stateful_session_filter.h +59 -0
  925. data/src/core/ext/xds/xds_lb_policy_registry.cc +211 -166
  926. data/src/core/ext/xds/xds_lb_policy_registry.h +13 -14
  927. data/src/core/ext/xds/xds_listener.cc +456 -420
  928. data/src/core/ext/xds/xds_listener.h +49 -51
  929. data/src/core/ext/xds/xds_resource_type.h +8 -16
  930. data/src/core/ext/xds/xds_resource_type_impl.h +13 -16
  931. data/src/core/ext/xds/xds_route_config.cc +566 -534
  932. data/src/core/ext/xds/xds_route_config.h +43 -32
  933. data/src/core/ext/xds/xds_routing.cc +4 -3
  934. data/src/core/ext/xds/xds_routing.h +5 -3
  935. data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -106
  936. data/src/core/ext/xds/xds_transport.h +3 -3
  937. data/src/core/ext/xds/xds_transport_grpc.cc +10 -9
  938. data/src/core/ext/xds/xds_transport_grpc.h +4 -4
  939. data/src/core/lib/address_utils/parse_address.cc +30 -29
  940. data/src/core/lib/address_utils/parse_address.h +35 -35
  941. data/src/core/lib/address_utils/sockaddr_utils.cc +30 -28
  942. data/src/core/lib/address_utils/sockaddr_utils.h +36 -36
  943. data/src/core/lib/avl/avl.h +12 -7
  944. data/src/core/lib/backoff/backoff.cc +17 -17
  945. data/src/core/lib/backoff/backoff.h +20 -20
  946. data/src/core/lib/backoff/random_early_detection.cc +31 -0
  947. data/src/core/lib/backoff/random_early_detection.h +59 -0
  948. data/src/core/lib/channel/call_finalization.h +4 -4
  949. data/src/core/lib/channel/call_tracer.cc +51 -0
  950. data/src/core/lib/channel/call_tracer.h +106 -34
  951. data/src/core/lib/channel/channel_args.cc +100 -42
  952. data/src/core/lib/channel/channel_args.h +104 -49
  953. data/src/core/lib/channel/channel_args_preconditioning.h +4 -4
  954. data/src/core/lib/channel/channel_fwd.h +3 -3
  955. data/src/core/lib/channel/channel_stack.cc +60 -57
  956. data/src/core/lib/channel/channel_stack.h +148 -135
  957. data/src/core/lib/channel/channel_stack_builder.cc +21 -24
  958. data/src/core/lib/channel/channel_stack_builder.h +17 -9
  959. data/src/core/lib/channel/channel_stack_builder_impl.cc +56 -25
  960. data/src/core/lib/channel/channel_stack_builder_impl.h +5 -3
  961. data/src/core/lib/channel/channel_trace.cc +37 -34
  962. data/src/core/lib/channel/channel_trace.h +22 -22
  963. data/src/core/lib/channel/channelz.cc +181 -154
  964. data/src/core/lib/channel/channelz.h +71 -64
  965. data/src/core/lib/channel/channelz_registry.cc +41 -37
  966. data/src/core/lib/channel/channelz_registry.h +21 -21
  967. data/src/core/lib/channel/connected_channel.cc +764 -67
  968. data/src/core/lib/channel/connected_channel.h +20 -24
  969. data/src/core/lib/channel/context.h +33 -22
  970. data/src/core/lib/channel/promise_based_filter.cc +1591 -278
  971. data/src/core/lib/channel/promise_based_filter.h +486 -104
  972. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  973. data/src/core/lib/channel/status_util.cc +35 -17
  974. data/src/core/lib/channel/status_util.h +29 -22
  975. data/src/core/lib/compression/compression.cc +19 -19
  976. data/src/core/lib/compression/compression_internal.cc +38 -48
  977. data/src/core/lib/compression/compression_internal.h +25 -25
  978. data/src/core/lib/compression/message_compress.cc +26 -26
  979. data/src/core/lib/compression/message_compress.h +27 -27
  980. data/src/core/lib/config/config_vars.cc +153 -0
  981. data/src/core/lib/config/config_vars.h +127 -0
  982. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  983. data/src/core/lib/config/core_configuration.h +3 -3
  984. data/src/core/lib/config/load_config.cc +79 -0
  985. data/src/core/lib/config/load_config.h +55 -0
  986. data/src/core/lib/debug/event_log.cc +88 -0
  987. data/src/core/lib/debug/event_log.h +81 -0
  988. data/src/core/lib/debug/histogram_view.cc +69 -0
  989. data/src/core/lib/debug/histogram_view.h +37 -0
  990. data/src/core/lib/debug/stats.cc +39 -136
  991. data/src/core/lib/debug/stats.h +49 -55
  992. data/src/core/lib/debug/stats_data.cc +240 -88
  993. data/src/core/lib/debug/stats_data.h +295 -145
  994. data/src/core/lib/debug/trace.cc +56 -79
  995. data/src/core/lib/debug/trace.h +37 -54
  996. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  997. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  998. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  999. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  1000. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  1001. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +5 -0
  1002. data/src/core/lib/event_engine/channel_args_endpoint_config.h +3 -3
  1003. data/src/core/lib/event_engine/common_closures.h +71 -0
  1004. data/src/core/lib/event_engine/default_event_engine.cc +56 -16
  1005. data/src/core/lib/event_engine/default_event_engine.h +44 -8
  1006. data/src/core/lib/event_engine/default_event_engine_factory.cc +16 -6
  1007. data/src/core/lib/event_engine/default_event_engine_factory.h +3 -3
  1008. data/src/core/lib/event_engine/event_engine.cc +60 -0
  1009. data/src/core/lib/event_engine/forkable.cc +11 -6
  1010. data/src/core/lib/event_engine/forkable.h +3 -3
  1011. data/src/core/lib/event_engine/handle_containers.h +12 -20
  1012. data/src/core/lib/event_engine/memory_allocator.cc +1 -1
  1013. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  1014. data/src/core/lib/event_engine/poller.h +13 -7
  1015. data/src/core/lib/event_engine/posix.h +162 -0
  1016. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +642 -0
  1017. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +139 -0
  1018. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +895 -0
  1019. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
  1020. data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
  1021. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +68 -0
  1022. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +33 -0
  1023. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
  1024. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
  1025. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +254 -0
  1026. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
  1027. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1338 -0
  1028. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +726 -0
  1029. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +523 -28
  1030. data/src/core/lib/event_engine/posix_engine/posix_engine.h +165 -27
  1031. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
  1032. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +292 -0
  1033. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +278 -0
  1034. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +379 -0
  1035. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +91 -0
  1036. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +867 -0
  1037. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +316 -0
  1038. data/src/core/lib/event_engine/posix_engine/timer.cc +49 -49
  1039. data/src/core/lib/event_engine/posix_engine/timer.h +90 -89
  1040. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +27 -27
  1041. data/src/core/lib/event_engine/posix_engine/timer_heap.h +24 -24
  1042. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +76 -214
  1043. data/src/core/lib/event_engine/posix_engine/timer_manager.h +44 -72
  1044. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +332 -0
  1045. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +185 -0
  1046. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +127 -0
  1047. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
  1048. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +150 -0
  1049. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
  1050. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
  1051. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
  1052. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
  1053. data/src/core/lib/event_engine/resolved_address.cc +21 -1
  1054. data/src/core/lib/event_engine/{executor/executor.h → resolved_address_internal.h} +11 -15
  1055. data/src/core/lib/event_engine/shim.cc +64 -0
  1056. data/src/core/lib/event_engine/{executor/threaded_executor.cc → shim.h} +10 -13
  1057. data/src/core/lib/event_engine/slice.cc +8 -7
  1058. data/src/core/lib/event_engine/slice_buffer.cc +2 -2
  1059. data/src/core/lib/event_engine/tcp_socket_utils.cc +389 -0
  1060. data/src/core/lib/event_engine/tcp_socket_utils.h +90 -0
  1061. data/src/core/lib/event_engine/thread_local.cc +29 -0
  1062. data/src/core/lib/event_engine/thread_local.h +32 -0
  1063. data/src/core/lib/event_engine/thread_pool/original_thread_pool.cc +256 -0
  1064. data/src/core/lib/event_engine/thread_pool/original_thread_pool.h +137 -0
  1065. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  1066. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +40 -0
  1067. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  1068. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  1069. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  1070. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  1071. data/src/core/lib/event_engine/time_util.h +3 -3
  1072. data/src/core/lib/event_engine/trace.cc +7 -0
  1073. data/src/core/lib/event_engine/trace.h +22 -3
  1074. data/src/core/lib/event_engine/utils.cc +2 -2
  1075. data/src/core/lib/event_engine/utils.h +12 -4
  1076. data/src/core/lib/event_engine/windows/iocp.cc +39 -53
  1077. data/src/core/lib/event_engine/windows/iocp.h +7 -7
  1078. data/src/core/lib/event_engine/windows/win_socket.cc +69 -47
  1079. data/src/core/lib/event_engine/windows/win_socket.h +38 -29
  1080. data/src/core/lib/event_engine/windows/windows_endpoint.cc +379 -0
  1081. data/src/core/lib/event_engine/windows/windows_endpoint.h +120 -0
  1082. data/src/core/lib/event_engine/windows/windows_engine.cc +285 -33
  1083. data/src/core/lib/event_engine/windows/windows_engine.h +70 -26
  1084. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  1085. data/src/core/lib/event_engine/windows/windows_listener.h +156 -0
  1086. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  1087. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  1088. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  1089. data/src/core/lib/experiments/config.cc +56 -17
  1090. data/src/core/lib/experiments/config.h +29 -3
  1091. data/src/core/lib/experiments/experiments.cc +92 -29
  1092. data/src/core/lib/experiments/experiments.h +101 -23
  1093. data/src/core/lib/gpr/alloc.cc +19 -17
  1094. data/src/core/lib/gpr/alloc.h +20 -20
  1095. data/src/core/lib/gpr/{log_android.cc → android/log.cc} +22 -20
  1096. data/src/core/lib/gpr/atm.cc +17 -17
  1097. data/src/core/lib/gpr/iphone/cpu.cc +44 -0
  1098. data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +28 -23
  1099. data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +24 -24
  1100. data/src/core/lib/gpr/log.cc +42 -47
  1101. data/src/core/lib/gpr/log_internal.h +55 -0
  1102. data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +21 -20
  1103. data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +23 -22
  1104. data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +20 -19
  1105. data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +24 -24
  1106. data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +23 -21
  1107. data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +40 -30
  1108. data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +22 -20
  1109. data/src/core/lib/gpr/spinlock.h +20 -20
  1110. data/src/core/lib/gpr/string.cc +25 -24
  1111. data/src/core/lib/gpr/string.h +61 -61
  1112. data/src/core/lib/gpr/sync.cc +25 -25
  1113. data/src/core/lib/gpr/sync_abseil.cc +37 -27
  1114. data/src/core/lib/gpr/time.cc +23 -21
  1115. data/src/core/lib/gpr/time_precise.cc +22 -22
  1116. data/src/core/lib/gpr/time_precise.h +20 -21
  1117. data/src/core/lib/gpr/tmpfile.h +24 -24
  1118. data/src/core/lib/gpr/useful.h +43 -30
  1119. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc → lib/gpr/windows/cpu.cc} +16 -11
  1120. data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +25 -24
  1121. data/src/core/lib/gpr/windows/string.cc +69 -0
  1122. data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +22 -22
  1123. data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +29 -27
  1124. data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +25 -22
  1125. data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +23 -22
  1126. data/src/core/lib/gpr/wrap_memcpy.cc +23 -23
  1127. data/src/core/lib/gprpp/atomic_utils.h +20 -20
  1128. data/src/core/lib/gprpp/bitset.h +27 -3
  1129. data/src/core/lib/gprpp/chunked_vector.h +3 -3
  1130. data/src/core/lib/gprpp/construct_destruct.h +3 -3
  1131. data/src/core/lib/gprpp/cpp_impl_of.h +3 -3
  1132. data/src/core/lib/gprpp/crash.cc +43 -0
  1133. data/src/core/lib/gprpp/crash.h +37 -0
  1134. data/src/core/lib/gprpp/debug_location.h +20 -23
  1135. data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
  1136. data/src/core/lib/gprpp/env.h +23 -23
  1137. data/src/core/lib/gprpp/examine_stack.cc +17 -17
  1138. data/src/core/lib/gprpp/examine_stack.h +21 -21
  1139. data/src/core/lib/gprpp/fork.cc +49 -39
  1140. data/src/core/lib/gprpp/fork.h +29 -27
  1141. data/src/core/lib/gprpp/host_port.cc +28 -26
  1142. data/src/core/lib/gprpp/host_port.h +32 -31
  1143. data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +21 -21
  1144. data/src/core/lib/gprpp/load_file.cc +75 -0
  1145. data/src/core/lib/gprpp/load_file.h +33 -0
  1146. data/src/core/lib/gprpp/manual_constructor.h +22 -21
  1147. data/src/core/lib/gprpp/match.h +3 -3
  1148. data/src/core/lib/gprpp/memory.h +21 -21
  1149. data/src/core/lib/gprpp/mpscq.cc +17 -17
  1150. data/src/core/lib/gprpp/mpscq.h +21 -21
  1151. data/src/core/lib/gprpp/no_destruct.h +4 -3
  1152. data/src/core/lib/gprpp/notification.h +3 -3
  1153. data/src/core/lib/gprpp/orphanable.h +25 -24
  1154. data/src/core/lib/gprpp/overload.h +3 -3
  1155. data/src/core/lib/gprpp/packed_table.h +3 -3
  1156. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  1157. data/src/core/lib/gprpp/per_cpu.h +75 -0
  1158. data/src/core/lib/gprpp/posix/env.cc +47 -0
  1159. data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +5 -4
  1160. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +75 -64
  1161. data/src/core/lib/gprpp/ref_counted.h +54 -55
  1162. data/src/core/lib/gprpp/ref_counted_ptr.h +22 -21
  1163. data/src/core/lib/gprpp/single_set_ptr.h +3 -3
  1164. data/src/core/lib/gprpp/sorted_pack.h +3 -3
  1165. data/src/core/lib/gprpp/stat.h +3 -3
  1166. data/src/core/lib/gprpp/status_helper.cc +6 -5
  1167. data/src/core/lib/gprpp/status_helper.h +4 -6
  1168. data/src/core/lib/gprpp/strerror.cc +43 -0
  1169. data/src/core/lib/gprpp/strerror.h +29 -0
  1170. data/src/core/lib/gprpp/sync.h +23 -23
  1171. data/src/core/lib/gprpp/table.h +4 -3
  1172. data/src/core/lib/gprpp/tchar.h +3 -3
  1173. data/src/core/lib/gprpp/thd.h +39 -23
  1174. data/src/core/lib/gprpp/time.cc +18 -10
  1175. data/src/core/lib/gprpp/time.h +16 -6
  1176. data/src/core/lib/gprpp/time_averaged_stats.cc +20 -20
  1177. data/src/core/lib/gprpp/time_averaged_stats.h +50 -50
  1178. data/src/core/lib/gprpp/time_util.h +4 -4
  1179. data/src/core/lib/gprpp/unique_type_name.h +21 -21
  1180. data/src/core/lib/gprpp/validation_errors.cc +8 -3
  1181. data/src/core/lib/gprpp/validation_errors.h +37 -13
  1182. data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +18 -18
  1183. data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +4 -2
  1184. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +28 -28
  1185. data/src/core/lib/gprpp/work_serializer.h +3 -3
  1186. data/src/core/lib/handshaker/proxy_mapper.h +21 -21
  1187. data/src/core/lib/handshaker/proxy_mapper_registry.cc +17 -17
  1188. data/src/core/lib/handshaker/proxy_mapper_registry.h +21 -21
  1189. data/src/core/lib/http/format_request.cc +19 -18
  1190. data/src/core/lib/http/format_request.h +20 -20
  1191. data/src/core/lib/http/httpcli.cc +58 -61
  1192. data/src/core/lib/http/httpcli.h +29 -29
  1193. data/src/core/lib/http/httpcli_security_connector.cc +22 -25
  1194. data/src/core/lib/http/httpcli_ssl_credentials.h +3 -3
  1195. data/src/core/lib/http/parser.cc +76 -87
  1196. data/src/core/lib/http/parser.h +35 -35
  1197. data/src/core/lib/iomgr/block_annotate.h +23 -23
  1198. data/src/core/lib/iomgr/buffer_list.cc +156 -136
  1199. data/src/core/lib/iomgr/buffer_list.h +122 -101
  1200. data/src/core/lib/iomgr/call_combiner.cc +32 -30
  1201. data/src/core/lib/iomgr/call_combiner.h +26 -27
  1202. data/src/core/lib/iomgr/cfstream_handle.cc +34 -37
  1203. data/src/core/lib/iomgr/cfstream_handle.h +25 -25
  1204. data/src/core/lib/iomgr/closure.cc +27 -0
  1205. data/src/core/lib/iomgr/closure.h +95 -48
  1206. data/src/core/lib/iomgr/combiner.cc +20 -19
  1207. data/src/core/lib/iomgr/combiner.h +20 -20
  1208. data/src/core/lib/iomgr/dualstack_socket_posix.cc +21 -21
  1209. data/src/core/lib/iomgr/dynamic_annotations.h +22 -22
  1210. data/src/core/lib/iomgr/endpoint.cc +17 -17
  1211. data/src/core/lib/iomgr/endpoint.h +49 -49
  1212. data/src/core/lib/iomgr/endpoint_cfstream.cc +58 -53
  1213. data/src/core/lib/iomgr/endpoint_cfstream.h +32 -32
  1214. data/src/core/lib/iomgr/endpoint_pair.h +22 -22
  1215. data/src/core/lib/iomgr/endpoint_pair_posix.cc +22 -21
  1216. data/src/core/lib/iomgr/endpoint_pair_windows.cc +29 -20
  1217. data/src/core/lib/iomgr/error.cc +49 -61
  1218. data/src/core/lib/iomgr/error.h +45 -176
  1219. data/src/core/lib/iomgr/error_cfstream.cc +18 -18
  1220. data/src/core/lib/iomgr/error_cfstream.h +21 -21
  1221. data/src/core/lib/iomgr/ev_apple.cc +33 -33
  1222. data/src/core/lib/iomgr/ev_apple.h +21 -21
  1223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +218 -198
  1224. data/src/core/lib/iomgr/ev_epoll1_linux.h +20 -20
  1225. data/src/core/lib/iomgr/ev_poll_posix.cc +212 -205
  1226. data/src/core/lib/iomgr/ev_poll_posix.h +20 -20
  1227. data/src/core/lib/iomgr/ev_posix.cc +47 -79
  1228. data/src/core/lib/iomgr/ev_posix.h +88 -87
  1229. data/src/core/lib/iomgr/ev_windows.cc +18 -18
  1230. data/src/core/lib/iomgr/event_engine_shims/closure.cc +62 -0
  1231. data/src/core/lib/{event_engine/executor/threaded_executor.h → iomgr/event_engine_shims/closure.h} +11 -16
  1232. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +471 -0
  1233. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +43 -0
  1234. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +91 -0
  1235. data/src/core/lib/iomgr/event_engine_shims/tcp_client.h +44 -0
  1236. data/src/core/lib/iomgr/exec_ctx.cc +34 -34
  1237. data/src/core/lib/iomgr/exec_ctx.h +144 -144
  1238. data/src/core/lib/iomgr/executor.cc +21 -21
  1239. data/src/core/lib/iomgr/executor.h +27 -27
  1240. data/src/core/lib/iomgr/fork_posix.cc +29 -26
  1241. data/src/core/lib/iomgr/fork_windows.cc +21 -21
  1242. data/src/core/lib/iomgr/gethostname.h +20 -20
  1243. data/src/core/lib/iomgr/gethostname_fallback.cc +17 -17
  1244. data/src/core/lib/iomgr/gethostname_host_name_max.cc +17 -17
  1245. data/src/core/lib/iomgr/gethostname_sysconf.cc +17 -17
  1246. data/src/core/lib/iomgr/grpc_if_nametoindex.h +22 -22
  1247. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +20 -19
  1248. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +20 -19
  1249. data/src/core/lib/iomgr/internal_errqueue.cc +4 -2
  1250. data/src/core/lib/iomgr/internal_errqueue.h +83 -83
  1251. data/src/core/lib/iomgr/iocp_windows.cc +46 -24
  1252. data/src/core/lib/iomgr/iocp_windows.h +32 -21
  1253. data/src/core/lib/iomgr/iomgr.cc +23 -26
  1254. data/src/core/lib/iomgr/iomgr.h +35 -35
  1255. data/src/core/lib/iomgr/iomgr_fwd.h +3 -3
  1256. data/src/core/lib/iomgr/iomgr_internal.cc +17 -17
  1257. data/src/core/lib/iomgr/iomgr_internal.h +28 -28
  1258. data/src/core/lib/iomgr/iomgr_posix.cc +20 -20
  1259. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +21 -20
  1260. data/src/core/lib/iomgr/iomgr_windows.cc +32 -24
  1261. data/src/core/lib/iomgr/load_file.cc +24 -27
  1262. data/src/core/lib/iomgr/load_file.h +22 -22
  1263. data/src/core/lib/iomgr/lockfree_event.cc +114 -114
  1264. data/src/core/lib/iomgr/lockfree_event.h +23 -23
  1265. data/src/core/lib/iomgr/nameser.h +86 -86
  1266. data/src/core/lib/iomgr/polling_entity.cc +25 -21
  1267. data/src/core/lib/iomgr/polling_entity.h +29 -29
  1268. data/src/core/lib/iomgr/pollset.cc +17 -17
  1269. data/src/core/lib/iomgr/pollset.h +54 -54
  1270. data/src/core/lib/iomgr/pollset_set.cc +17 -17
  1271. data/src/core/lib/iomgr/pollset_set.h +25 -25
  1272. data/src/core/lib/iomgr/pollset_set_windows.cc +27 -27
  1273. data/src/core/lib/iomgr/pollset_set_windows.h +20 -20
  1274. data/src/core/lib/iomgr/pollset_windows.cc +33 -32
  1275. data/src/core/lib/iomgr/pollset_windows.h +24 -24
  1276. data/src/core/lib/iomgr/port.h +31 -31
  1277. data/src/core/lib/iomgr/python_util.h +24 -24
  1278. data/src/core/lib/iomgr/resolve_address.cc +26 -20
  1279. data/src/core/lib/iomgr/resolve_address.h +24 -25
  1280. data/src/core/lib/iomgr/resolve_address_impl.h +4 -4
  1281. data/src/core/lib/iomgr/resolve_address_posix.cc +35 -45
  1282. data/src/core/lib/iomgr/resolve_address_posix.h +4 -5
  1283. data/src/core/lib/iomgr/resolve_address_windows.cc +18 -20
  1284. data/src/core/lib/iomgr/resolve_address_windows.h +4 -5
  1285. data/src/core/lib/iomgr/resolved_address.h +3 -3
  1286. data/src/core/lib/iomgr/sockaddr.h +23 -23
  1287. data/src/core/lib/iomgr/sockaddr_posix.h +21 -21
  1288. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +18 -17
  1289. data/src/core/lib/iomgr/sockaddr_windows.h +21 -21
  1290. data/src/core/lib/iomgr/socket_factory_posix.cc +18 -18
  1291. data/src/core/lib/iomgr/socket_factory_posix.h +32 -32
  1292. data/src/core/lib/iomgr/socket_mutator.cc +19 -18
  1293. data/src/core/lib/iomgr/socket_mutator.h +39 -39
  1294. data/src/core/lib/iomgr/socket_utils.h +27 -27
  1295. data/src/core/lib/iomgr/socket_utils_common_posix.cc +87 -70
  1296. data/src/core/lib/iomgr/socket_utils_linux.cc +18 -17
  1297. data/src/core/lib/iomgr/socket_utils_posix.cc +25 -20
  1298. data/src/core/lib/iomgr/socket_utils_posix.h +84 -81
  1299. data/src/core/lib/iomgr/socket_utils_windows.cc +20 -19
  1300. data/src/core/lib/iomgr/socket_windows.cc +97 -42
  1301. data/src/core/lib/iomgr/socket_windows.h +68 -61
  1302. data/src/core/lib/iomgr/systemd_utils.cc +116 -0
  1303. data/src/core/lib/iomgr/systemd_utils.h +33 -0
  1304. data/src/core/lib/iomgr/tcp_client.cc +17 -17
  1305. data/src/core/lib/iomgr/tcp_client.h +28 -28
  1306. data/src/core/lib/iomgr/tcp_client_cfstream.cc +39 -31
  1307. data/src/core/lib/iomgr/tcp_client_posix.cc +86 -73
  1308. data/src/core/lib/iomgr/tcp_client_posix.h +45 -45
  1309. data/src/core/lib/iomgr/tcp_client_windows.cc +51 -42
  1310. data/src/core/lib/iomgr/tcp_posix.cc +270 -301
  1311. data/src/core/lib/iomgr/tcp_posix.h +29 -29
  1312. data/src/core/lib/iomgr/tcp_server.cc +30 -22
  1313. data/src/core/lib/iomgr/tcp_server.h +71 -65
  1314. data/src/core/lib/iomgr/tcp_server_posix.cc +373 -98
  1315. data/src/core/lib/iomgr/tcp_server_utils_posix.h +67 -54
  1316. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +90 -55
  1317. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +40 -40
  1318. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +19 -19
  1319. data/src/core/lib/iomgr/tcp_server_windows.cc +277 -119
  1320. data/src/core/lib/iomgr/tcp_windows.cc +121 -101
  1321. data/src/core/lib/iomgr/tcp_windows.h +34 -34
  1322. data/src/core/lib/iomgr/timer.cc +17 -17
  1323. data/src/core/lib/iomgr/timer.h +68 -68
  1324. data/src/core/lib/iomgr/timer_generic.cc +132 -138
  1325. data/src/core/lib/iomgr/timer_generic.h +21 -21
  1326. data/src/core/lib/iomgr/timer_heap.cc +25 -25
  1327. data/src/core/lib/iomgr/timer_heap.h +22 -22
  1328. data/src/core/lib/iomgr/timer_manager.cc +30 -29
  1329. data/src/core/lib/iomgr/timer_manager.h +27 -27
  1330. data/src/core/lib/iomgr/unix_sockets_posix.cc +20 -21
  1331. data/src/core/lib/iomgr/unix_sockets_posix.h +21 -21
  1332. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +19 -17
  1333. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +23 -21
  1334. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +23 -23
  1335. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +29 -26
  1336. data/src/core/lib/iomgr/wakeup_fd_pipe.h +20 -20
  1337. data/src/core/lib/iomgr/wakeup_fd_posix.cc +18 -18
  1338. data/src/core/lib/iomgr/wakeup_fd_posix.h +52 -52
  1339. data/src/core/lib/json/json.h +5 -221
  1340. data/src/core/lib/json/json_args.h +3 -3
  1341. data/src/core/lib/json/json_channel_args.h +42 -0
  1342. data/src/core/lib/json/json_object_loader.cc +39 -25
  1343. data/src/core/lib/json/json_object_loader.h +69 -21
  1344. data/src/core/lib/json/json_reader.cc +98 -70
  1345. data/src/core/lib/json/json_reader.h +34 -0
  1346. data/src/core/lib/json/json_util.cc +14 -19
  1347. data/src/core/lib/json/json_util.h +12 -11
  1348. data/src/core/lib/json/json_writer.cc +80 -81
  1349. data/src/core/{ext/xds/xds_resource_type.cc → lib/json/json_writer.h} +11 -11
  1350. data/src/core/lib/load_balancing/lb_policy.cc +36 -31
  1351. data/src/core/lib/load_balancing/lb_policy.h +32 -10
  1352. data/src/core/lib/load_balancing/lb_policy_factory.h +3 -3
  1353. data/src/core/lib/load_balancing/lb_policy_registry.cc +10 -8
  1354. data/src/core/lib/load_balancing/lb_policy_registry.h +3 -3
  1355. data/src/core/lib/load_balancing/subchannel_interface.h +9 -14
  1356. data/src/core/lib/matchers/matchers.cc +10 -9
  1357. data/src/core/lib/matchers/matchers.h +5 -4
  1358. data/src/core/lib/promise/activity.cc +43 -6
  1359. data/src/core/lib/promise/activity.h +143 -79
  1360. data/src/core/lib/promise/arena_promise.h +84 -54
  1361. data/src/core/lib/promise/cancel_callback.h +77 -0
  1362. data/src/core/lib/promise/context.h +17 -9
  1363. data/src/core/lib/promise/detail/basic_join.h +197 -0
  1364. data/src/core/lib/promise/detail/basic_seq.h +20 -45
  1365. data/src/core/lib/promise/detail/promise_factory.h +67 -14
  1366. data/src/core/lib/promise/detail/promise_like.h +3 -3
  1367. data/src/core/lib/promise/detail/status.h +31 -3
  1368. data/src/core/lib/promise/detail/switch.h +1455 -0
  1369. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +23 -15
  1370. data/src/core/lib/promise/for_each.h +176 -0
  1371. data/src/core/lib/promise/if.h +204 -0
  1372. data/src/core/lib/promise/interceptor_list.h +329 -0
  1373. data/src/core/lib/promise/latch.h +197 -23
  1374. data/src/core/lib/promise/loop.h +22 -16
  1375. data/src/core/lib/promise/map.h +12 -6
  1376. data/src/core/lib/promise/party.cc +304 -0
  1377. data/src/core/lib/promise/party.h +508 -0
  1378. data/src/core/lib/promise/pipe.h +762 -0
  1379. data/src/core/lib/promise/poll.h +177 -11
  1380. data/src/core/lib/promise/prioritized_race.h +95 -0
  1381. data/src/core/lib/promise/promise.h +6 -7
  1382. data/src/core/lib/promise/race.h +6 -9
  1383. data/src/core/lib/promise/seq.h +7 -8
  1384. data/src/core/lib/promise/sleep.cc +7 -5
  1385. data/src/core/lib/promise/sleep.h +4 -5
  1386. data/src/core/lib/promise/trace.cc +20 -0
  1387. data/src/core/lib/promise/trace.h +24 -0
  1388. data/src/core/lib/promise/try_join.h +82 -0
  1389. data/src/core/lib/promise/try_seq.h +14 -16
  1390. data/src/core/lib/resolver/resolver.cc +17 -17
  1391. data/src/core/lib/resolver/resolver.h +3 -3
  1392. data/src/core/lib/resolver/resolver_factory.h +4 -4
  1393. data/src/core/lib/resolver/resolver_registry.cc +15 -0
  1394. data/src/core/lib/resolver/resolver_registry.h +3 -3
  1395. data/src/core/lib/resolver/server_address.cc +19 -25
  1396. data/src/core/lib/resolver/server_address.h +22 -30
  1397. data/src/core/lib/resource_quota/api.cc +0 -1
  1398. data/src/core/lib/resource_quota/api.h +4 -4
  1399. data/src/core/lib/resource_quota/arena.cc +82 -20
  1400. data/src/core/lib/resource_quota/arena.h +287 -22
  1401. data/src/core/lib/resource_quota/memory_quota.cc +141 -44
  1402. data/src/core/lib/resource_quota/memory_quota.h +87 -26
  1403. data/src/core/lib/resource_quota/periodic_update.h +3 -3
  1404. data/src/core/lib/resource_quota/resource_quota.h +4 -4
  1405. data/src/core/lib/resource_quota/thread_quota.h +3 -3
  1406. data/src/core/lib/resource_quota/trace.h +3 -3
  1407. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  1408. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  1409. data/src/core/lib/security/authorization/authorization_engine.h +3 -3
  1410. data/src/core/lib/security/authorization/authorization_policy_provider.h +4 -4
  1411. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +0 -1
  1412. data/src/core/lib/security/authorization/evaluate_args.h +3 -3
  1413. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -4
  1414. data/src/core/lib/security/authorization/grpc_authorization_engine.h +21 -4
  1415. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
  1416. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +3 -3
  1417. data/src/core/lib/security/authorization/matchers.cc +25 -22
  1418. data/src/core/lib/security/authorization/matchers.h +3 -3
  1419. data/src/core/lib/security/authorization/rbac_policy.cc +39 -7
  1420. data/src/core/lib/security/authorization/rbac_policy.h +22 -5
  1421. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  1422. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  1423. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +11 -7
  1424. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  1425. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +17 -11
  1426. data/src/core/lib/security/context/security_context.cc +22 -23
  1427. data/src/core/lib/security/context/security_context.h +43 -33
  1428. data/src/core/lib/security/credentials/alts/alts_credentials.cc +17 -17
  1429. data/src/core/lib/security/credentials/alts/alts_credentials.h +53 -53
  1430. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +19 -19
  1431. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +43 -43
  1432. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +17 -17
  1433. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +18 -17
  1434. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +18 -17
  1435. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +19 -19
  1436. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +18 -18
  1437. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +38 -39
  1438. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +18 -18
  1439. data/src/core/lib/security/credentials/call_creds_util.h +3 -3
  1440. data/src/core/lib/security/credentials/channel_creds_registry.h +3 -3
  1441. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
  1442. data/src/core/lib/security/credentials/composite/composite_credentials.cc +22 -22
  1443. data/src/core/lib/security/credentials/composite/composite_credentials.h +23 -24
  1444. data/src/core/lib/security/credentials/credentials.cc +19 -18
  1445. data/src/core/lib/security/credentials/credentials.h +37 -36
  1446. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +113 -108
  1447. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -3
  1448. data/src/core/lib/security/credentials/external/aws_request_signer.cc +5 -3
  1449. data/src/core/lib/security/credentials/external/aws_request_signer.h +3 -3
  1450. data/src/core/lib/security/credentials/external/external_account_credentials.cc +105 -115
  1451. data/src/core/lib/security/credentials/external/external_account_credentials.h +3 -3
  1452. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +39 -41
  1453. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +3 -3
  1454. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +51 -52
  1455. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +3 -3
  1456. data/src/core/lib/security/credentials/fake/fake_credentials.cc +20 -19
  1457. data/src/core/lib/security/credentials/fake/fake_credentials.h +37 -38
  1458. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +17 -17
  1459. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +72 -126
  1460. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +21 -22
  1461. data/src/core/lib/security/credentials/iam/iam_credentials.cc +19 -17
  1462. data/src/core/lib/security/credentials/iam/iam_credentials.h +20 -20
  1463. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +3 -3
  1464. data/src/core/lib/security/credentials/jwt/json_token.cc +43 -41
  1465. data/src/core/lib/security/credentials/jwt/json_token.h +35 -35
  1466. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +27 -22
  1467. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +22 -22
  1468. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +115 -113
  1469. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +46 -46
  1470. data/src/core/lib/security/credentials/local/local_credentials.cc +17 -17
  1471. data/src/core/lib/security/credentials/local/local_credentials.h +23 -23
  1472. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +80 -80
  1473. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -23
  1474. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +24 -23
  1475. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +25 -25
  1476. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +19 -20
  1477. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +20 -20
  1478. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +20 -28
  1479. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +7 -14
  1480. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +44 -44
  1481. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +5 -3
  1482. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
  1483. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +3 -3
  1484. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +18 -18
  1485. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +3 -3
  1486. data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -19
  1487. data/src/core/lib/security/credentials/tls/tls_credentials.h +21 -21
  1488. data/src/core/lib/security/credentials/tls/tls_utils.h +3 -3
  1489. data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -2
  1490. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  1491. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +33 -43
  1492. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +43 -44
  1493. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +33 -41
  1494. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +22 -23
  1495. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  1496. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +5 -10
  1497. data/src/core/lib/security/security_connector/load_system_roots.h +20 -20
  1498. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +18 -18
  1499. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +24 -31
  1500. data/src/core/lib/security/security_connector/load_system_roots_supported.h +22 -23
  1501. data/src/core/lib/security/security_connector/local/local_security_connector.cc +30 -34
  1502. data/src/core/lib/security/security_connector/local/local_security_connector.h +42 -43
  1503. data/src/core/lib/security/security_connector/security_connector.cc +17 -17
  1504. data/src/core/lib/security/security_connector/security_connector.h +35 -36
  1505. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +35 -39
  1506. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +40 -41
  1507. data/src/core/lib/security/security_connector/ssl_utils.cc +48 -64
  1508. data/src/core/lib/security/security_connector/ssl_utils.h +35 -35
  1509. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +54 -48
  1510. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +21 -21
  1511. data/src/core/lib/security/transport/auth_filters.h +45 -23
  1512. data/src/core/lib/security/transport/client_auth_filter.cc +21 -21
  1513. data/src/core/lib/security/transport/secure_endpoint.cc +58 -58
  1514. data/src/core/lib/security/transport/secure_endpoint.h +25 -25
  1515. data/src/core/lib/security/transport/security_handshaker.cc +79 -70
  1516. data/src/core/lib/security/transport/security_handshaker.h +22 -22
  1517. data/src/core/lib/security/transport/server_auth_filter.cc +160 -274
  1518. data/src/core/lib/security/transport/tsi_error.cc +23 -20
  1519. data/src/core/lib/security/transport/tsi_error.h +20 -20
  1520. data/src/core/lib/security/util/json_util.cc +27 -27
  1521. data/src/core/lib/security/util/json_util.h +20 -20
  1522. data/src/core/lib/service_config/service_config.h +4 -4
  1523. data/src/core/lib/service_config/service_config_call_data.h +54 -19
  1524. data/src/core/lib/service_config/service_config_impl.cc +118 -158
  1525. data/src/core/lib/service_config/service_config_impl.h +16 -19
  1526. data/src/core/lib/service_config/service_config_parser.cc +14 -31
  1527. data/src/core/lib/service_config/service_config_parser.h +16 -12
  1528. data/src/core/lib/slice/b64.cc +26 -26
  1529. data/src/core/lib/slice/b64.h +32 -32
  1530. data/src/core/lib/slice/percent_encoding.cc +17 -17
  1531. data/src/core/lib/slice/percent_encoding.h +28 -28
  1532. data/src/core/lib/slice/slice.cc +48 -42
  1533. data/src/core/lib/slice/slice.h +59 -18
  1534. data/src/core/lib/slice/slice_buffer.cc +63 -59
  1535. data/src/core/lib/slice/slice_buffer.h +35 -4
  1536. data/src/core/lib/slice/slice_internal.h +34 -42
  1537. data/src/core/lib/slice/slice_refcount.cc +3 -18
  1538. data/src/core/lib/slice/slice_refcount.h +53 -18
  1539. data/src/core/lib/slice/slice_string_helpers.cc +17 -17
  1540. data/src/core/lib/slice/slice_string_helpers.h +21 -21
  1541. data/src/core/lib/surface/api_trace.cc +17 -17
  1542. data/src/core/lib/surface/api_trace.h +25 -25
  1543. data/src/core/lib/surface/builtins.cc +2 -0
  1544. data/src/core/lib/surface/builtins.h +3 -3
  1545. data/src/core/lib/surface/byte_buffer.cc +22 -23
  1546. data/src/core/lib/surface/byte_buffer_reader.cc +23 -23
  1547. data/src/core/lib/surface/call.cc +2297 -535
  1548. data/src/core/lib/surface/call.h +123 -42
  1549. data/src/core/lib/surface/call_details.cc +20 -21
  1550. data/src/core/lib/surface/call_log_batch.cc +19 -18
  1551. data/src/core/lib/surface/call_test_only.h +33 -33
  1552. data/src/core/lib/surface/call_trace.cc +123 -0
  1553. data/src/core/{ext/filters/http/message_compress/message_decompress_filter.h → lib/surface/call_trace.h} +10 -12
  1554. data/src/core/lib/surface/channel.cc +62 -67
  1555. data/src/core/lib/surface/channel.h +43 -35
  1556. data/src/core/lib/surface/channel_init.cc +17 -17
  1557. data/src/core/lib/surface/channel_init.h +20 -20
  1558. data/src/core/lib/surface/channel_ping.cc +19 -19
  1559. data/src/core/lib/surface/channel_stack_type.cc +21 -17
  1560. data/src/core/lib/surface/channel_stack_type.h +22 -20
  1561. data/src/core/lib/surface/completion_queue.cc +182 -194
  1562. data/src/core/lib/surface/completion_queue.h +36 -36
  1563. data/src/core/lib/surface/completion_queue_factory.cc +28 -28
  1564. data/src/core/lib/surface/completion_queue_factory.h +22 -22
  1565. data/src/core/lib/surface/event_string.cc +18 -17
  1566. data/src/core/lib/surface/event_string.h +22 -22
  1567. data/src/core/lib/surface/init.cc +30 -59
  1568. data/src/core/lib/surface/init.h +20 -20
  1569. data/src/core/lib/surface/init_internally.cc +1 -0
  1570. data/src/core/lib/surface/init_internally.h +12 -3
  1571. data/src/core/lib/surface/lame_client.cc +31 -26
  1572. data/src/core/lib/surface/lame_client.h +21 -21
  1573. data/src/core/lib/surface/metadata_array.cc +17 -18
  1574. data/src/core/lib/surface/server.cc +363 -111
  1575. data/src/core/lib/surface/server.h +10 -9
  1576. data/src/core/lib/surface/validate_metadata.cc +60 -60
  1577. data/src/core/lib/surface/validate_metadata.h +30 -21
  1578. data/src/core/lib/surface/version.cc +21 -21
  1579. data/src/core/lib/transport/batch_builder.cc +182 -0
  1580. data/src/core/lib/transport/batch_builder.h +480 -0
  1581. data/src/core/lib/transport/bdp_estimator.cc +24 -24
  1582. data/src/core/lib/transport/bdp_estimator.h +31 -28
  1583. data/src/core/lib/transport/connectivity_state.cc +19 -19
  1584. data/src/core/lib/transport/connectivity_state.h +22 -22
  1585. data/src/core/lib/transport/custom_metadata.h +30 -0
  1586. data/src/core/lib/transport/error_utils.cc +51 -45
  1587. data/src/core/lib/transport/error_utils.h +24 -24
  1588. data/src/core/lib/transport/handshaker.cc +60 -46
  1589. data/src/core/lib/transport/handshaker.h +47 -42
  1590. data/src/core/lib/transport/handshaker_factory.h +47 -21
  1591. data/src/core/lib/transport/handshaker_registry.cc +25 -19
  1592. data/src/core/lib/transport/handshaker_registry.h +23 -24
  1593. data/src/core/lib/transport/http2_errors.h +22 -22
  1594. data/src/core/lib/transport/http_connect_handshaker.cc +40 -41
  1595. data/src/core/lib/transport/http_connect_handshaker.h +21 -21
  1596. data/src/core/lib/transport/metadata_batch.cc +24 -7
  1597. data/src/core/lib/transport/metadata_batch.h +193 -53
  1598. data/src/core/lib/transport/metadata_compression_traits.h +67 -0
  1599. data/src/core/lib/transport/parsed_metadata.cc +2 -6
  1600. data/src/core/lib/transport/parsed_metadata.h +23 -12
  1601. data/src/core/lib/transport/pid_controller.cc +20 -20
  1602. data/src/core/lib/transport/pid_controller.h +27 -27
  1603. data/src/core/lib/transport/simple_slice_based_metadata.h +48 -0
  1604. data/src/core/lib/transport/status_conversion.cc +22 -22
  1605. data/src/core/lib/transport/status_conversion.h +22 -22
  1606. data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -21
  1607. data/src/core/lib/transport/tcp_connect_handshaker.h +3 -3
  1608. data/src/core/lib/transport/timeout_encoding.cc +28 -23
  1609. data/src/core/lib/transport/timeout_encoding.h +20 -20
  1610. data/src/core/lib/transport/transport.cc +113 -43
  1611. data/src/core/lib/transport/transport.h +275 -210
  1612. data/src/core/lib/transport/transport_fwd.h +3 -3
  1613. data/src/core/lib/transport/transport_impl.h +53 -46
  1614. data/src/core/lib/transport/transport_op_string.cc +75 -63
  1615. data/src/core/lib/uri/uri_parser.cc +1 -1
  1616. data/src/core/lib/uri/uri_parser.h +3 -3
  1617. data/src/core/plugin_registry/grpc_plugin_registry.cc +34 -35
  1618. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +9 -14
  1619. data/src/core/tsi/alts/crypt/aes_gcm.cc +20 -20
  1620. data/src/core/tsi/alts/crypt/gsec.cc +26 -26
  1621. data/src/core/tsi/alts/crypt/gsec.h +336 -336
  1622. data/src/core/tsi/alts/frame_protector/alts_counter.cc +23 -23
  1623. data/src/core/tsi/alts/frame_protector/alts_counter.h +68 -68
  1624. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +19 -19
  1625. data/src/core/tsi/alts/frame_protector/alts_crypter.h +209 -209
  1626. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +73 -71
  1627. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +40 -40
  1628. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +18 -18
  1629. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +82 -83
  1630. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +22 -22
  1631. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +22 -22
  1632. data/src/core/tsi/alts/frame_protector/frame_handler.cc +26 -25
  1633. data/src/core/tsi/alts/frame_protector/frame_handler.h +169 -169
  1634. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +98 -80
  1635. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +107 -102
  1636. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +18 -17
  1637. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +43 -44
  1638. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +38 -37
  1639. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +60 -60
  1640. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +23 -23
  1641. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +21 -20
  1642. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +38 -38
  1643. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +19 -19
  1644. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +105 -104
  1645. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +45 -44
  1646. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +40 -41
  1647. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +38 -36
  1648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +35 -36
  1649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +67 -68
  1650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +32 -31
  1651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +55 -56
  1652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +54 -53
  1653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +141 -142
  1654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +58 -57
  1655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +43 -44
  1656. data/src/core/tsi/fake_transport_security.cc +80 -79
  1657. data/src/core/tsi/fake_transport_security.h +33 -33
  1658. data/src/core/tsi/local_transport_security.cc +34 -33
  1659. data/src/core/tsi/local_transport_security.h +33 -33
  1660. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +9 -4
  1661. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +3 -3
  1662. data/src/core/tsi/ssl/session_cache/ssl_session.h +21 -21
  1663. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +19 -19
  1664. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +18 -17
  1665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +22 -22
  1666. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +25 -20
  1667. data/src/core/tsi/ssl_transport_security.cc +256 -349
  1668. data/src/core/tsi/ssl_transport_security.h +206 -203
  1669. data/src/core/tsi/ssl_transport_security_utils.cc +250 -0
  1670. data/src/core/tsi/ssl_transport_security_utils.h +147 -0
  1671. data/src/core/tsi/ssl_types.h +27 -27
  1672. data/src/core/tsi/transport_security.cc +26 -26
  1673. data/src/core/tsi/transport_security.h +47 -47
  1674. data/src/core/tsi/transport_security_grpc.cc +20 -20
  1675. data/src/core/tsi/transport_security_grpc.h +41 -41
  1676. data/src/core/tsi/transport_security_interface.h +333 -333
  1677. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.clang +2 -0
  1678. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.gcc +7 -0
  1679. data/src/ruby/ext/grpc/ext-export.clang +0 -1
  1680. data/src/ruby/ext/grpc/ext-export.gcc +1 -2
  1681. data/src/ruby/ext/grpc/extconf.rb +55 -11
  1682. data/src/ruby/ext/grpc/rb_call.c +1 -0
  1683. data/src/ruby/ext/grpc/rb_channel.c +1 -0
  1684. data/src/ruby/ext/grpc/rb_channel_args.c +1 -0
  1685. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  1686. data/src/ruby/ext/grpc/rb_grpc.c +1 -0
  1687. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +38 -38
  1688. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +59 -59
  1689. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
  1690. data/src/ruby/lib/grpc/version.rb +1 -1
  1691. data/src/ruby/pb/generate_proto_ruby.sh +0 -6
  1692. data/src/ruby/spec/channel_spec.rb +0 -43
  1693. data/src/ruby/spec/client_server_spec.rb +20 -8
  1694. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  1695. data/third_party/abseil-cpp/absl/algorithm/container.h +56 -57
  1696. data/third_party/abseil-cpp/absl/base/attributes.h +39 -19
  1697. data/third_party/abseil-cpp/absl/base/config.h +45 -4
  1698. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +3 -18
  1699. data/third_party/abseil-cpp/absl/base/internal/cycleclock_config.h +55 -0
  1700. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +2 -1
  1701. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +3 -3
  1702. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +2 -2
  1703. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +1 -1
  1704. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +10 -6
  1705. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +23 -24
  1706. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +3 -3
  1707. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +2 -6
  1708. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +4 -1
  1709. data/third_party/abseil-cpp/absl/base/internal/strerror.cc +4 -4
  1710. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +14 -10
  1711. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +9 -0
  1712. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +4 -0
  1713. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -40
  1714. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock_config.h +62 -0
  1715. data/third_party/abseil-cpp/absl/base/macros.h +4 -21
  1716. data/third_party/abseil-cpp/absl/base/optimization.h +58 -6
  1717. data/third_party/abseil-cpp/absl/base/options.h +1 -7
  1718. data/third_party/abseil-cpp/absl/base/policy_checks.h +15 -13
  1719. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
  1720. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
  1721. data/third_party/abseil-cpp/absl/container/fixed_array.h +7 -5
  1722. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -7
  1723. data/third_party/abseil-cpp/absl/container/inlined_vector.h +66 -18
  1724. data/third_party/abseil-cpp/absl/container/internal/common.h +3 -3
  1725. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +132 -0
  1726. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -1
  1727. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +4 -55
  1728. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +50 -5
  1729. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +14 -46
  1730. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +110 -32
  1731. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +155 -4
  1732. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +661 -341
  1733. data/third_party/abseil-cpp/absl/crc/crc32c.cc +99 -0
  1734. data/third_party/abseil-cpp/absl/crc/crc32c.h +183 -0
  1735. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +256 -0
  1736. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +57 -0
  1737. data/third_party/abseil-cpp/absl/crc/internal/crc.cc +468 -0
  1738. data/third_party/abseil-cpp/absl/crc/internal/crc.h +91 -0
  1739. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +269 -0
  1740. data/third_party/abseil-cpp/absl/crc/internal/crc32c.h +39 -0
  1741. data/third_party/abseil-cpp/absl/crc/internal/crc32c_inline.h +72 -0
  1742. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.cc +130 -0
  1743. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.h +159 -0
  1744. data/third_party/abseil-cpp/absl/crc/internal/crc_internal.h +179 -0
  1745. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +119 -0
  1746. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +75 -0
  1747. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_x86_64.cc +434 -0
  1748. data/third_party/abseil-cpp/absl/crc/internal/crc_non_temporal_memcpy.cc +93 -0
  1749. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +725 -0
  1750. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_arm_intrinsics.h +79 -0
  1751. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_memcpy.h +180 -0
  1752. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +1 -1
  1753. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +67 -38
  1754. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +1 -1
  1755. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +12 -13
  1756. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +11 -9
  1757. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +1 -1
  1758. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +40 -85
  1759. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +5 -4
  1760. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +33 -8
  1761. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +3 -2
  1762. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +3 -2
  1763. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +118 -94
  1764. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +7 -6
  1765. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  1766. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  1767. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  1768. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  1769. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  1770. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  1771. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc +26 -0
  1772. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  1773. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  1774. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  1775. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  1776. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  1777. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  1778. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  1779. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  1780. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  1781. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  1782. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  1783. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  1784. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  1785. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  1786. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  1787. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  1788. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  1789. data/third_party/abseil-cpp/absl/functional/any_invocable.h +5 -2
  1790. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +47 -26
  1791. data/third_party/abseil-cpp/absl/hash/internal/city.cc +10 -10
  1792. data/third_party/abseil-cpp/absl/hash/internal/hash.h +18 -4
  1793. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +3 -14
  1794. data/third_party/abseil-cpp/absl/memory/memory.h +26 -447
  1795. data/third_party/abseil-cpp/absl/meta/type_traits.h +104 -12
  1796. data/third_party/abseil-cpp/absl/numeric/bits.h +2 -3
  1797. data/third_party/abseil-cpp/absl/numeric/int128.cc +10 -8
  1798. data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +14 -6
  1799. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +2 -1
  1800. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +1 -1
  1801. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +2 -23
  1802. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +9 -9
  1803. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +2 -2
  1804. data/third_party/abseil-cpp/absl/random/random.h +6 -6
  1805. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +1 -0
  1806. data/third_party/abseil-cpp/absl/status/status.cc +19 -12
  1807. data/third_party/abseil-cpp/absl/status/status.h +2 -2
  1808. data/third_party/abseil-cpp/absl/strings/ascii.cc +5 -5
  1809. data/third_party/abseil-cpp/absl/strings/charconv.cc +534 -96
  1810. data/third_party/abseil-cpp/absl/strings/cord.cc +92 -40
  1811. data/third_party/abseil-cpp/absl/strings/cord.h +71 -80
  1812. data/third_party/abseil-cpp/absl/strings/cord_buffer.h +8 -5
  1813. data/third_party/abseil-cpp/absl/strings/escaping.cc +73 -62
  1814. data/third_party/abseil-cpp/absl/strings/escaping.h +24 -19
  1815. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +14 -12
  1816. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +4 -4
  1817. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  1818. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +330 -70
  1819. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +8 -4
  1820. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +26 -14
  1821. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +5 -5
  1822. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.cc +9 -7
  1823. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.h +5 -4
  1824. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +7 -15
  1825. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +3 -3
  1826. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +8 -5
  1827. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +7 -7
  1828. data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +4 -4
  1829. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.cc +93 -0
  1830. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.h +34 -0
  1831. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +12 -10
  1832. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +7 -9
  1833. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +55 -0
  1834. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +9 -6
  1835. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +14 -7
  1836. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +35 -10
  1837. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +113 -46
  1838. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +126 -29
  1839. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +3 -2
  1840. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +4 -3
  1841. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +49 -287
  1842. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +351 -0
  1843. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +2 -1
  1844. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +4 -2
  1845. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +215 -181
  1846. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +10 -209
  1847. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +10 -101
  1848. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -1
  1849. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.cc +28 -0
  1850. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.h +57 -0
  1851. data/third_party/abseil-cpp/absl/strings/numbers.cc +34 -31
  1852. data/third_party/abseil-cpp/absl/strings/str_cat.cc +9 -6
  1853. data/third_party/abseil-cpp/absl/strings/str_cat.h +50 -3
  1854. data/third_party/abseil-cpp/absl/strings/str_format.h +71 -9
  1855. data/third_party/abseil-cpp/absl/strings/string_view.cc +6 -6
  1856. data/third_party/abseil-cpp/absl/strings/string_view.h +3 -10
  1857. data/third_party/abseil-cpp/absl/strings/substitute.cc +8 -6
  1858. data/third_party/abseil-cpp/absl/strings/substitute.h +46 -20
  1859. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +20 -17
  1860. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +37 -31
  1861. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +22 -8
  1862. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +104 -55
  1863. data/third_party/abseil-cpp/absl/synchronization/mutex.h +85 -46
  1864. data/third_party/abseil-cpp/absl/synchronization/notification.cc +0 -1
  1865. data/third_party/abseil-cpp/absl/synchronization/notification.h +0 -1
  1866. data/third_party/abseil-cpp/absl/time/civil_time.cc +26 -0
  1867. data/third_party/abseil-cpp/absl/time/civil_time.h +25 -0
  1868. data/third_party/abseil-cpp/absl/time/clock.cc +17 -11
  1869. data/third_party/abseil-cpp/absl/time/duration.cc +7 -7
  1870. data/third_party/abseil-cpp/absl/time/format.cc +2 -1
  1871. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  1872. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +26 -5
  1873. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +7 -6
  1874. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +36 -35
  1875. data/third_party/abseil-cpp/absl/time/time.cc +2 -2
  1876. data/third_party/abseil-cpp/absl/time/time.h +253 -158
  1877. data/third_party/abseil-cpp/absl/types/internal/span.h +30 -19
  1878. data/third_party/abseil-cpp/absl/types/internal/variant.h +28 -40
  1879. data/third_party/abseil-cpp/absl/types/span.h +29 -7
  1880. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  1881. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  1882. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  1883. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  1884. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  1885. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  1886. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  1887. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  1888. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +177 -196
  1889. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  1890. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  1891. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  1892. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  1893. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  1894. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  1895. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  1896. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  1897. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  1898. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  1899. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  1900. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  1901. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +135 -90
  1902. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  1903. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +797 -793
  1904. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +529 -526
  1905. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  1906. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  1907. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  1908. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  1909. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  1910. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +17 -11
  1911. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +37 -51
  1912. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  1913. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +13 -9
  1914. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +22 -19
  1915. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +5 -5
  1916. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  1917. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  1918. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  1919. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +40 -27
  1920. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  1921. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  1922. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  1923. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  1924. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  1925. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  1926. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  1927. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  1928. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  1929. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  1930. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  1931. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  1932. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  1933. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  1934. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  1935. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  1936. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +34 -37
  1937. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +22 -11
  1938. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  1939. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  1940. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  1941. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  1942. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  1943. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  1944. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  1945. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  1946. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  1947. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  1948. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  1949. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  1950. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  1951. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  1952. data/third_party/boringssl-with-bazel/src/crypto/{cpu-ppc64le.c → cpu_arm_openbsd.c} +10 -17
  1953. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  1954. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  1955. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +22 -31
  1956. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  1957. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  1958. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  1959. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  1960. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  1961. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  1962. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  1963. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  1964. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +43 -16
  1965. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  1966. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  1967. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  1968. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +229 -102
  1969. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +31 -7
  1970. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  1971. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  1972. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  1973. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  1974. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  1975. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  1976. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  1977. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  1978. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  1979. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  1980. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  1981. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  1982. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  1983. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +6 -6
  1984. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  1985. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  1986. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  1987. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  1988. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  1989. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  1990. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  1991. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  1992. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  1993. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  1994. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  1995. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  1996. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +36 -27
  1997. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  1998. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  1999. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  2000. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  2001. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  2002. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  2003. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  2004. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  2005. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  2006. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  2007. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  2008. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  2009. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  2010. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  2011. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  2012. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  2013. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  2014. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  2015. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  2016. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  2017. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  2018. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  2019. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  2020. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  2021. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  2022. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  2023. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  2024. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +24 -6
  2025. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  2026. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  2027. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  2028. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +49 -49
  2029. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +92 -18
  2030. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +12 -12
  2031. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +108 -86
  2032. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +55 -25
  2033. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +55 -71
  2034. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  2035. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +72 -65
  2036. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  2037. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +62 -51
  2038. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  2039. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  2040. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +12 -17
  2041. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +25 -26
  2042. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -14
  2043. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +9 -1
  2044. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +44 -16
  2045. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  2046. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  2047. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  2048. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -23
  2049. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  2050. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +3 -8
  2051. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +170 -160
  2052. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  2053. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +69 -61
  2054. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -12
  2055. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  2056. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  2057. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  2058. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  2059. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  2060. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  2061. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  2062. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +22 -68
  2063. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  2064. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +43 -16
  2065. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +42 -314
  2066. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +244 -139
  2067. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +144 -205
  2068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  2069. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +593 -421
  2070. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  2071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  2072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  2073. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  2074. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  2075. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  2076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  2077. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +52 -6
  2078. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +192 -18
  2079. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  2080. data/third_party/boringssl-with-bazel/src/crypto/internal.h +391 -18
  2081. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +91 -0
  2082. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +204 -0
  2083. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +833 -0
  2084. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  2085. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  2086. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  2087. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +9 -4
  2088. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  2089. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  2090. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +633 -613
  2091. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  2092. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  2093. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  2094. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  2095. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  2096. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  2097. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  2098. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  2099. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  2100. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  2101. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  2102. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  2103. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  2104. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  2105. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  2106. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +6 -17
  2107. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  2108. data/third_party/boringssl-with-bazel/src/crypto/{asn1/a_print.c → rsa_extra/internal.h} +15 -21
  2109. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  2110. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  2111. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  2112. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  2113. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  2114. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +128 -34
  2115. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +418 -133
  2116. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +116 -284
  2117. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +701 -87
  2118. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  2119. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +63 -55
  2120. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  2121. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  2122. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  2123. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +285 -331
  2124. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  2125. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  2126. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +68 -50
  2127. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +132 -151
  2128. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +790 -0
  2129. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  2130. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  2131. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  2132. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +220 -254
  2133. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  2134. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  2135. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +136 -270
  2136. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  2137. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  2138. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  2139. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  2140. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +528 -616
  2141. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  2142. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +164 -181
  2143. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  2144. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +186 -203
  2145. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  2146. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  2147. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1864 -2050
  2148. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +380 -480
  2149. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  2150. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +266 -265
  2151. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  2152. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  2153. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  2154. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  2155. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  2156. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +329 -416
  2157. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  2158. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  2159. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  2160. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  2161. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  2162. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  2163. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  2164. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  2165. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  2166. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  2167. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  2168. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  2169. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +79 -171
  2170. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  2171. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  2172. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  2173. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  2174. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  2175. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +294 -344
  2176. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +342 -365
  2177. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  2178. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  2179. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  2180. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  2181. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  2182. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +120 -125
  2183. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  2184. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +228 -265
  2185. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  2186. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  2187. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  2188. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  2189. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +130 -135
  2190. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +652 -691
  2191. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +90 -75
  2192. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1063 -1145
  2193. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -11
  2194. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  2195. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +217 -191
  2196. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  2197. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +50 -14
  2198. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +29 -14
  2199. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  2200. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  2201. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  2202. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  2203. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  2204. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  2205. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  2206. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  2207. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  2208. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  2209. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  2210. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  2211. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  2212. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  2213. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  2214. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -33
  2215. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  2216. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  2217. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +69 -16
  2218. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  2219. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +128 -0
  2220. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  2221. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +7 -3
  2222. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +8 -1
  2223. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  2224. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -18
  2225. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  2226. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  2227. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +98 -5
  2228. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  2229. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -21
  2230. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +285 -92
  2231. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  2232. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +381 -287
  2233. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +9 -6
  2234. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  2235. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +22 -7
  2236. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +57 -23
  2237. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  2238. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2075 -1407
  2239. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +242 -214
  2240. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  2241. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  2242. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  2243. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  2244. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  2245. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +45 -26
  2246. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +64 -35
  2247. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  2248. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  2249. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +53 -34
  2250. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  2251. data/third_party/boringssl-with-bazel/src/ssl/internal.h +200 -121
  2252. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -12
  2253. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  2254. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  2255. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  2256. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +47 -69
  2257. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  2258. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  2259. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +217 -226
  2260. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +78 -101
  2261. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +106 -142
  2262. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +244 -35
  2263. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +167 -64
  2264. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +41 -32
  2265. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  2266. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  2267. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  2268. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +7 -44
  2269. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  2270. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +7 -23
  2271. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +25 -34
  2272. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  2273. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  2274. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  2275. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  2276. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  2277. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  2278. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  2279. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  2280. data/third_party/cares/cares/include/ares.h +23 -1
  2281. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  2282. data/third_party/cares/cares/include/ares_rules.h +2 -2
  2283. data/third_party/cares/cares/include/ares_version.h +3 -3
  2284. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  2285. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  2286. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  2287. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  2288. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  2289. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  2290. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  2291. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  2292. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  2293. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  2294. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  2295. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  2296. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  2297. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  2298. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  2299. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  2300. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  2301. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  2302. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  2303. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  2304. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  2305. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  2306. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  2307. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  2308. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  2309. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  2310. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  2311. data/third_party/re2/re2/bitstate.cc +3 -3
  2312. data/third_party/re2/re2/dfa.cc +13 -13
  2313. data/third_party/re2/re2/nfa.cc +4 -4
  2314. data/third_party/re2/re2/onepass.cc +2 -2
  2315. data/third_party/re2/re2/prefilter_tree.cc +27 -59
  2316. data/third_party/re2/re2/prefilter_tree.h +3 -2
  2317. data/third_party/re2/re2/prog.cc +11 -2
  2318. data/third_party/re2/re2/prog.h +17 -5
  2319. data/third_party/re2/re2/re2.cc +6 -11
  2320. data/third_party/re2/re2/re2.h +1 -1
  2321. data/third_party/re2/re2/regexp.cc +1 -2
  2322. data/third_party/re2/re2/stringpiece.h +10 -7
  2323. data/third_party/re2/re2/unicode_casefold.cc +25 -11
  2324. data/third_party/re2/re2/unicode_groups.cc +319 -151
  2325. data/third_party/re2/re2/walker-inl.h +3 -2
  2326. data/third_party/re2/util/mutex.h +4 -4
  2327. data/third_party/upb/upb/{table_internal.h → alloc.h} +6 -6
  2328. data/third_party/upb/upb/arena.h +4 -193
  2329. data/third_party/upb/upb/array.h +4 -51
  2330. data/third_party/upb/upb/base/descriptor_constants.h +104 -0
  2331. data/third_party/upb/upb/base/log2.h +57 -0
  2332. data/third_party/upb/upb/{status.c → base/status.c} +2 -7
  2333. data/third_party/upb/upb/base/status.h +66 -0
  2334. data/third_party/upb/upb/base/string_view.h +75 -0
  2335. data/third_party/upb/upb/{array.c → collections/array.c} +67 -36
  2336. data/third_party/upb/upb/collections/array.h +85 -0
  2337. data/third_party/upb/upb/collections/array_internal.h +135 -0
  2338. data/third_party/upb/upb/{map.c → collections/map.c} +53 -26
  2339. data/third_party/upb/upb/collections/map.h +135 -0
  2340. data/third_party/upb/upb/collections/map_gencode_util.h +78 -0
  2341. data/third_party/upb/upb/collections/map_internal.h +170 -0
  2342. data/third_party/upb/upb/collections/map_sorter.c +166 -0
  2343. data/third_party/upb/upb/collections/map_sorter_internal.h +109 -0
  2344. data/third_party/upb/upb/{message_value.h → collections/message_value.h} +12 -13
  2345. data/third_party/upb/upb/decode.h +3 -62
  2346. data/third_party/upb/upb/def.h +4 -384
  2347. data/third_party/upb/upb/def.hpp +3 -411
  2348. data/third_party/upb/upb/encode.h +3 -48
  2349. data/third_party/upb/upb/extension_registry.h +3 -52
  2350. data/third_party/upb/upb/{table.c → hash/common.c} +52 -110
  2351. data/third_party/upb/upb/hash/common.h +199 -0
  2352. data/third_party/upb/upb/hash/int_table.h +102 -0
  2353. data/third_party/upb/upb/hash/str_table.h +161 -0
  2354. data/third_party/upb/upb/{json_decode.c → json/decode.c} +63 -98
  2355. data/third_party/upb/upb/json/decode.h +52 -0
  2356. data/third_party/upb/upb/{json_encode.c → json/encode.c} +69 -45
  2357. data/third_party/upb/upb/json/encode.h +70 -0
  2358. data/third_party/upb/upb/json_decode.h +4 -15
  2359. data/third_party/upb/upb/json_encode.h +4 -33
  2360. data/third_party/upb/upb/lex/atoi.c +68 -0
  2361. data/third_party/upb/upb/lex/atoi.h +53 -0
  2362. data/third_party/upb/upb/{upb.c → lex/round_trip.c} +2 -11
  2363. data/third_party/upb/upb/{internal/upb.h → lex/round_trip.h} +17 -30
  2364. data/third_party/upb/upb/lex/strtod.c +97 -0
  2365. data/third_party/upb/upb/lex/strtod.h +46 -0
  2366. data/third_party/upb/upb/lex/unicode.c +57 -0
  2367. data/third_party/upb/upb/lex/unicode.h +77 -0
  2368. data/third_party/upb/upb/map.h +4 -85
  2369. data/third_party/upb/upb/mem/alloc.c +47 -0
  2370. data/third_party/upb/upb/mem/alloc.h +98 -0
  2371. data/third_party/upb/upb/mem/arena.c +367 -0
  2372. data/third_party/upb/upb/mem/arena.h +160 -0
  2373. data/third_party/upb/upb/mem/arena_internal.h +114 -0
  2374. data/third_party/upb/upb/message/accessors.c +68 -0
  2375. data/third_party/upb/upb/message/accessors.h +379 -0
  2376. data/third_party/upb/upb/message/accessors_internal.h +325 -0
  2377. data/third_party/upb/upb/message/extension_internal.h +83 -0
  2378. data/third_party/upb/upb/message/internal.h +135 -0
  2379. data/third_party/upb/upb/message/message.c +180 -0
  2380. data/third_party/upb/upb/message/message.h +69 -0
  2381. data/third_party/upb/upb/mini_table/common.c +128 -0
  2382. data/third_party/upb/upb/mini_table/common.h +170 -0
  2383. data/third_party/upb/upb/mini_table/common_internal.h +111 -0
  2384. data/third_party/upb/upb/{mini_table.c → mini_table/decode.c} +513 -533
  2385. data/third_party/upb/upb/mini_table/decode.h +179 -0
  2386. data/third_party/upb/upb/mini_table/encode.c +300 -0
  2387. data/third_party/upb/upb/mini_table/encode_internal.h +111 -0
  2388. data/third_party/upb/upb/{mini_table.hpp → mini_table/encode_internal.hpp} +32 -8
  2389. data/third_party/upb/upb/mini_table/enum_internal.h +88 -0
  2390. data/third_party/upb/upb/mini_table/extension_internal.h +47 -0
  2391. data/third_party/upb/upb/{extension_registry.c → mini_table/extension_registry.c} +27 -24
  2392. data/third_party/upb/upb/mini_table/extension_registry.h +104 -0
  2393. data/third_party/upb/upb/mini_table/field_internal.h +192 -0
  2394. data/third_party/upb/upb/mini_table/file_internal.h +47 -0
  2395. data/third_party/upb/upb/mini_table/message_internal.h +136 -0
  2396. data/third_party/upb/upb/mini_table/sub_internal.h +38 -0
  2397. data/third_party/upb/upb/mini_table/types.h +40 -0
  2398. data/third_party/upb/upb/mini_table.h +4 -157
  2399. data/third_party/upb/upb/msg.h +3 -38
  2400. data/third_party/upb/upb/port/atomic.h +101 -0
  2401. data/third_party/upb/upb/{port_def.inc → port/def.inc} +94 -27
  2402. data/third_party/upb/upb/{port_undef.inc → port/undef.inc} +13 -3
  2403. data/third_party/upb/upb/{internal → port}/vsnprintf_compat.h +5 -7
  2404. data/third_party/upb/upb/reflection/common.h +67 -0
  2405. data/third_party/upb/upb/reflection/def.h +42 -0
  2406. data/third_party/upb/upb/reflection/def.hpp +610 -0
  2407. data/third_party/upb/upb/reflection/def_builder.c +357 -0
  2408. data/third_party/upb/upb/reflection/def_builder_internal.h +157 -0
  2409. data/third_party/upb/upb/reflection/def_pool.c +462 -0
  2410. data/third_party/upb/upb/reflection/def_pool.h +108 -0
  2411. data/third_party/upb/upb/reflection/def_pool_internal.h +77 -0
  2412. data/third_party/upb/upb/reflection/def_type.c +50 -0
  2413. data/third_party/upb/upb/reflection/def_type.h +81 -0
  2414. data/third_party/upb/upb/reflection/desc_state.c +53 -0
  2415. data/third_party/upb/upb/reflection/desc_state_internal.h +64 -0
  2416. data/third_party/upb/upb/reflection/enum_def.c +310 -0
  2417. data/third_party/upb/upb/reflection/enum_def.h +80 -0
  2418. data/third_party/upb/upb/reflection/enum_def_internal.h +56 -0
  2419. data/third_party/upb/upb/reflection/enum_reserved_range.c +84 -0
  2420. data/third_party/upb/upb/reflection/enum_reserved_range.h +51 -0
  2421. data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +55 -0
  2422. data/third_party/upb/upb/reflection/enum_value_def.c +144 -0
  2423. data/third_party/upb/upb/reflection/enum_value_def.h +57 -0
  2424. data/third_party/upb/upb/reflection/enum_value_def_internal.h +57 -0
  2425. data/third_party/upb/upb/reflection/extension_range.c +93 -0
  2426. data/third_party/upb/upb/reflection/extension_range.h +55 -0
  2427. data/third_party/upb/upb/reflection/extension_range_internal.h +54 -0
  2428. data/third_party/upb/upb/reflection/field_def.c +930 -0
  2429. data/third_party/upb/upb/reflection/field_def.h +91 -0
  2430. data/third_party/upb/upb/reflection/field_def_internal.h +76 -0
  2431. data/third_party/upb/upb/reflection/file_def.c +370 -0
  2432. data/third_party/upb/upb/reflection/file_def.h +77 -0
  2433. data/third_party/upb/upb/reflection/file_def_internal.h +57 -0
  2434. data/third_party/upb/upb/reflection/message.c +233 -0
  2435. data/third_party/upb/upb/reflection/message.h +102 -0
  2436. data/third_party/upb/upb/reflection/message.hpp +37 -0
  2437. data/third_party/upb/upb/reflection/message_def.c +718 -0
  2438. data/third_party/upb/upb/reflection/message_def.h +174 -0
  2439. data/third_party/upb/upb/reflection/message_def_internal.h +63 -0
  2440. data/third_party/upb/upb/reflection/message_reserved_range.c +81 -0
  2441. data/third_party/upb/upb/reflection/message_reserved_range.h +51 -0
  2442. data/third_party/upb/upb/reflection/message_reserved_range_internal.h +55 -0
  2443. data/third_party/upb/upb/reflection/method_def.c +124 -0
  2444. data/third_party/upb/upb/reflection/method_def.h +59 -0
  2445. data/third_party/upb/upb/reflection/method_def_internal.h +53 -0
  2446. data/third_party/upb/upb/reflection/oneof_def.c +226 -0
  2447. data/third_party/upb/upb/reflection/oneof_def.h +66 -0
  2448. data/third_party/upb/upb/reflection/oneof_def_internal.h +57 -0
  2449. data/third_party/upb/upb/reflection/service_def.c +128 -0
  2450. data/third_party/upb/upb/reflection/service_def.h +60 -0
  2451. data/third_party/upb/upb/reflection/service_def_internal.h +53 -0
  2452. data/third_party/upb/upb/reflection.h +4 -78
  2453. data/third_party/upb/upb/reflection.hpp +3 -7
  2454. data/third_party/upb/upb/status.h +4 -34
  2455. data/third_party/upb/upb/{collections.h → string_view.h} +7 -7
  2456. data/third_party/upb/upb/{text_encode.c → text/encode.c} +74 -70
  2457. data/third_party/upb/upb/text/encode.h +69 -0
  2458. data/third_party/upb/upb/text_encode.h +4 -32
  2459. data/third_party/upb/upb/upb.h +6 -151
  2460. data/third_party/upb/upb/upb.hpp +10 -18
  2461. data/third_party/upb/upb/wire/common.h +44 -0
  2462. data/third_party/upb/upb/wire/common_internal.h +50 -0
  2463. data/third_party/upb/upb/wire/decode.c +1343 -0
  2464. data/third_party/upb/upb/wire/decode.h +108 -0
  2465. data/third_party/upb/upb/{decode_fast.c → wire/decode_fast.c} +184 -225
  2466. data/third_party/upb/upb/{decode_fast.h → wire/decode_fast.h} +21 -7
  2467. data/third_party/upb/upb/{internal/decode.h → wire/decode_internal.h} +44 -92
  2468. data/third_party/upb/upb/{encode.c → wire/encode.c} +114 -95
  2469. data/third_party/upb/upb/wire/encode.h +92 -0
  2470. data/third_party/upb/upb/wire/eps_copy_input_stream.c +39 -0
  2471. data/third_party/upb/upb/wire/eps_copy_input_stream.h +425 -0
  2472. data/third_party/upb/upb/wire/reader.c +67 -0
  2473. data/third_party/upb/upb/wire/reader.h +227 -0
  2474. data/third_party/upb/upb/wire/swap_internal.h +63 -0
  2475. data/third_party/upb/upb/wire/types.h +41 -0
  2476. data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-neon.c +1 -1
  2477. data/third_party/{upb/third_party/utf8_range → utf8_range}/utf8_range.h +12 -0
  2478. data/third_party/zlib/compress.c +3 -3
  2479. data/third_party/zlib/crc32.c +21 -12
  2480. data/third_party/zlib/deflate.c +112 -106
  2481. data/third_party/zlib/deflate.h +2 -2
  2482. data/third_party/zlib/gzlib.c +1 -1
  2483. data/third_party/zlib/gzread.c +3 -5
  2484. data/third_party/zlib/gzwrite.c +1 -1
  2485. data/third_party/zlib/infback.c +10 -7
  2486. data/third_party/zlib/inflate.c +5 -2
  2487. data/third_party/zlib/inftrees.c +2 -2
  2488. data/third_party/zlib/inftrees.h +1 -1
  2489. data/third_party/zlib/trees.c +61 -62
  2490. data/third_party/zlib/uncompr.c +2 -2
  2491. data/third_party/zlib/zconf.h +16 -3
  2492. data/third_party/zlib/zlib.h +10 -10
  2493. data/third_party/zlib/zutil.c +9 -7
  2494. data/third_party/zlib/zutil.h +1 -0
  2495. metadata +509 -152
  2496. data/include/grpc/impl/codegen/gpr_slice.h +0 -71
  2497. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -176
  2498. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  2499. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -30
  2500. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
  2501. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
  2502. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +0 -332
  2503. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +0 -52
  2504. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +0 -322
  2505. data/src/core/ext/filters/server_config_selector/server_config_selector.cc +0 -62
  2506. data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
  2507. data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
  2508. data/src/core/lib/event_engine/socket_notifier.h +0 -55
  2509. data/src/core/lib/event_engine/thread_pool.cc +0 -195
  2510. data/src/core/lib/event_engine/thread_pool.h +0 -114
  2511. data/src/core/lib/gpr/cpu_iphone.cc +0 -44
  2512. data/src/core/lib/gpr/cpu_windows.cc +0 -33
  2513. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  2514. data/src/core/lib/gpr/murmur_hash.h +0 -29
  2515. data/src/core/lib/gpr/string_windows.cc +0 -69
  2516. data/src/core/lib/gpr/tls.h +0 -156
  2517. data/src/core/lib/gprpp/env_posix.cc +0 -47
  2518. data/src/core/lib/gprpp/global_config.h +0 -93
  2519. data/src/core/lib/gprpp/global_config_custom.h +0 -29
  2520. data/src/core/lib/gprpp/global_config_env.cc +0 -139
  2521. data/src/core/lib/gprpp/global_config_env.h +0 -133
  2522. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  2523. data/src/core/lib/promise/call_push_pull.h +0 -148
  2524. data/src/core/lib/promise/intra_activity_waiter.h +0 -49
  2525. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  2526. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -30
  2527. data/src/core/lib/slice/slice_api.cc +0 -39
  2528. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  2529. data/src/core/lib/slice/slice_refcount_base.h +0 -60
  2530. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  2531. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  2532. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  2533. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  2534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  2535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  2536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  2537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  2538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  2539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  2540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  2541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  2542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  2543. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
  2544. data/third_party/upb/upb/arena.c +0 -277
  2545. data/third_party/upb/upb/decode.c +0 -1221
  2546. data/third_party/upb/upb/def.c +0 -3269
  2547. data/third_party/upb/upb/internal/table.h +0 -385
  2548. data/third_party/upb/upb/msg.c +0 -368
  2549. data/third_party/upb/upb/msg_internal.h +0 -837
  2550. data/third_party/upb/upb/reflection.c +0 -323
  2551. /data/src/ruby/ext/grpc/{ext-export-truffleruby.clang → ext-export-truffleruby-with-ruby-abi-version.clang} +0 -0
  2552. /data/src/ruby/ext/grpc/{ext-export-truffleruby.gcc → ext-export-truffleruby-with-ruby-abi-version.gcc} +0 -0
  2553. /data/third_party/{upb/third_party/utf8_range → utf8_range}/naive.c +0 -0
  2554. /data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-sse.c +0 -0
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c CHANGED
@@ -67,50 +67,51 @@
67
67
  #include <openssl/x509.h>
68
68
  #include <openssl/x509v3.h>
69
69
 
70
- #include "internal.h"
71
70
  #include "../internal.h"
72
71
  #include "../x509v3/internal.h"
72
+ #include "internal.h"
73
73
 
74
74
  static CRYPTO_EX_DATA_CLASS g_ex_data_class =
75
75
  CRYPTO_EX_DATA_CLASS_INIT_WITH_APP_DATA;
76
76
 
77
- /* CRL score values */
77
+ // CRL score values
78
78
 
79
- /* No unhandled critical extensions */
79
+ // No unhandled critical extensions
80
80
 
81
- #define CRL_SCORE_NOCRITICAL 0x100
81
+ #define CRL_SCORE_NOCRITICAL 0x100
82
82
 
83
- /* certificate is within CRL scope */
83
+ // certificate is within CRL scope
84
84
 
85
- #define CRL_SCORE_SCOPE 0x080
85
+ #define CRL_SCORE_SCOPE 0x080
86
86
 
87
- /* CRL times valid */
87
+ // CRL times valid
88
88
 
89
- #define CRL_SCORE_TIME 0x040
89
+ #define CRL_SCORE_TIME 0x040
90
90
 
91
- /* Issuer name matches certificate */
91
+ // Issuer name matches certificate
92
92
 
93
- #define CRL_SCORE_ISSUER_NAME 0x020
93
+ #define CRL_SCORE_ISSUER_NAME 0x020
94
94
 
95
- /* If this score or above CRL is probably valid */
95
+ // If this score or above CRL is probably valid
96
96
 
97
- #define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
97
+ #define CRL_SCORE_VALID \
98
+ (CRL_SCORE_NOCRITICAL | CRL_SCORE_TIME | CRL_SCORE_SCOPE)
98
99
 
99
- /* CRL issuer is certificate issuer */
100
+ // CRL issuer is certificate issuer
100
101
 
101
- #define CRL_SCORE_ISSUER_CERT 0x018
102
+ #define CRL_SCORE_ISSUER_CERT 0x018
102
103
 
103
- /* CRL issuer is on certificate path */
104
+ // CRL issuer is on certificate path
104
105
 
105
- #define CRL_SCORE_SAME_PATH 0x008
106
+ #define CRL_SCORE_SAME_PATH 0x008
106
107
 
107
- /* CRL issuer matches CRL AKID */
108
+ // CRL issuer matches CRL AKID
108
109
 
109
- #define CRL_SCORE_AKID 0x004
110
+ #define CRL_SCORE_AKID 0x004
110
111
 
111
- /* Have a delta CRL with valid times */
112
+ // Have a delta CRL with valid times
112
113
 
113
- #define CRL_SCORE_TIME_DELTA 0x002
114
+ #define CRL_SCORE_TIME_DELTA 0x002
114
115
 
115
116
  static int null_callback(int ok, X509_STORE_CTX *e);
116
117
  static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
@@ -125,2332 +126,2145 @@ static int check_policy(X509_STORE_CTX *ctx);
125
126
 
126
127
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
127
128
  unsigned int *preasons, X509_CRL *crl, X509 *x);
128
- static int get_crl_delta(X509_STORE_CTX *ctx,
129
- X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
130
- static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
131
- int *pcrl_score, X509_CRL *base,
132
- STACK_OF(X509_CRL) *crls);
129
+ static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
130
+ X509 *x);
131
+ static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score,
132
+ X509_CRL *base, STACK_OF(X509_CRL) *crls);
133
133
  static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
134
134
  int *pcrl_score);
135
135
  static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
136
136
  unsigned int *preasons);
137
137
  static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
138
- static int check_crl_chain(X509_STORE_CTX *ctx,
139
- STACK_OF(X509) *cert_path,
138
+ static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
140
139
  STACK_OF(X509) *crl_path);
141
140
 
142
141
  static int internal_verify(X509_STORE_CTX *ctx);
143
142
 
144
- static int null_callback(int ok, X509_STORE_CTX *e)
145
- {
146
- return ok;
147
- }
143
+ static int null_callback(int ok, X509_STORE_CTX *e) { return ok; }
148
144
 
149
- /* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
150
- * one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
151
- * returns zero. */
152
- static int cert_self_signed(X509 *x, int *out_is_self_signed)
153
- {
154
- if (!x509v3_cache_extensions(x)) {
155
- return 0;
156
- }
157
- *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
158
- return 1;
145
+ // cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
146
+ // one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
147
+ // returns zero.
148
+ static int cert_self_signed(X509 *x, int *out_is_self_signed) {
149
+ if (!x509v3_cache_extensions(x)) {
150
+ return 0;
151
+ }
152
+ *out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
153
+ return 1;
159
154
  }
160
155
 
161
- /* Given a certificate try and find an exact match in the store */
162
-
163
- static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
164
- {
165
- STACK_OF(X509) *certs;
166
- X509 *xtmp = NULL;
167
- size_t i;
168
- /* Lookup all certs with matching subject name */
169
- certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
170
- if (certs == NULL)
171
- return NULL;
172
- /* Look for exact match */
173
- for (i = 0; i < sk_X509_num(certs); i++) {
174
- xtmp = sk_X509_value(certs, i);
175
- if (!X509_cmp(xtmp, x))
176
- break;
177
- }
178
- if (i < sk_X509_num(certs))
179
- X509_up_ref(xtmp);
180
- else
181
- xtmp = NULL;
182
- sk_X509_pop_free(certs, X509_free);
183
- return xtmp;
184
- }
185
-
186
- int X509_verify_cert(X509_STORE_CTX *ctx)
187
- {
188
- X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
189
- int bad_chain = 0;
190
- X509_VERIFY_PARAM *param = ctx->param;
191
- int depth, i, ok = 0;
192
- int num, j, retry, trust;
193
- int (*cb) (int xok, X509_STORE_CTX *xctx);
194
- STACK_OF(X509) *sktmp = NULL;
195
- if (ctx->cert == NULL) {
196
- OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
197
- ctx->error = X509_V_ERR_INVALID_CALL;
198
- return -1;
199
- }
200
- if (ctx->chain != NULL) {
201
- /*
202
- * This X509_STORE_CTX has already been used to verify a cert. We
203
- * cannot do another one.
204
- */
205
- OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
206
- ctx->error = X509_V_ERR_INVALID_CALL;
207
- return -1;
208
- }
209
-
210
- cb = ctx->verify_cb;
211
-
212
- /*
213
- * first we make sure the chain we are going to build is present and that
214
- * the first entry is in place
215
- */
216
- ctx->chain = sk_X509_new_null();
217
- if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
218
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
219
- ctx->error = X509_V_ERR_OUT_OF_MEM;
220
- goto end;
221
- }
222
- X509_up_ref(ctx->cert);
223
- ctx->last_untrusted = 1;
156
+ // Given a certificate try and find an exact match in the store
224
157
 
225
- /* We use a temporary STACK so we can chop and hack at it. */
226
- if (ctx->untrusted != NULL
227
- && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
228
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
229
- ctx->error = X509_V_ERR_OUT_OF_MEM;
158
+ static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) {
159
+ STACK_OF(X509) *certs;
160
+ X509 *xtmp = NULL;
161
+ size_t i;
162
+ // Lookup all certs with matching subject name
163
+ certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
164
+ if (certs == NULL) {
165
+ return NULL;
166
+ }
167
+ // Look for exact match
168
+ for (i = 0; i < sk_X509_num(certs); i++) {
169
+ xtmp = sk_X509_value(certs, i);
170
+ if (!X509_cmp(xtmp, x)) {
171
+ break;
172
+ }
173
+ }
174
+ if (i < sk_X509_num(certs)) {
175
+ X509_up_ref(xtmp);
176
+ } else {
177
+ xtmp = NULL;
178
+ }
179
+ sk_X509_pop_free(certs, X509_free);
180
+ return xtmp;
181
+ }
182
+
183
+ int X509_verify_cert(X509_STORE_CTX *ctx) {
184
+ X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
185
+ int bad_chain = 0;
186
+ X509_VERIFY_PARAM *param = ctx->param;
187
+ int depth, i, ok = 0;
188
+ int num, j, retry, trust;
189
+ STACK_OF(X509) *sktmp = NULL;
190
+
191
+ if (ctx->cert == NULL) {
192
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
193
+ ctx->error = X509_V_ERR_INVALID_CALL;
194
+ return -1;
195
+ }
196
+ if (ctx->chain != NULL) {
197
+ // This X509_STORE_CTX has already been used to verify a cert. We
198
+ // cannot do another one.
199
+ OPENSSL_PUT_ERROR(X509, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
200
+ ctx->error = X509_V_ERR_INVALID_CALL;
201
+ return -1;
202
+ }
203
+
204
+ // first we make sure the chain we are going to build is present and that
205
+ // the first entry is in place
206
+ ctx->chain = sk_X509_new_null();
207
+ if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) {
208
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
209
+ goto end;
210
+ }
211
+ X509_up_ref(ctx->cert);
212
+ ctx->last_untrusted = 1;
213
+
214
+ // We use a temporary STACK so we can chop and hack at it.
215
+ if (ctx->untrusted != NULL && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
216
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
217
+ goto end;
218
+ }
219
+
220
+ num = sk_X509_num(ctx->chain);
221
+ x = sk_X509_value(ctx->chain, num - 1);
222
+ depth = param->depth;
223
+
224
+ for (;;) {
225
+ // If we have enough, we break
226
+ if (depth < num) {
227
+ break; // FIXME: If this happens, we should take
228
+ // note of it and, if appropriate, use the
229
+ // X509_V_ERR_CERT_CHAIN_TOO_LONG error code
230
+ // later.
231
+ }
232
+
233
+ int is_self_signed;
234
+ if (!cert_self_signed(x, &is_self_signed)) {
235
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
236
+ goto end;
237
+ }
238
+
239
+ // If we are self signed, we break
240
+ if (is_self_signed) {
241
+ break;
242
+ }
243
+ // If asked see if we can find issuer in trusted store first
244
+ if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
245
+ ok = ctx->get_issuer(&xtmp, ctx, x);
246
+ if (ok < 0) {
247
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
230
248
  goto end;
231
- }
232
-
233
- num = sk_X509_num(ctx->chain);
234
- x = sk_X509_value(ctx->chain, num - 1);
235
- depth = param->depth;
236
-
237
- for (;;) {
238
- /* If we have enough, we break */
239
- if (depth < num)
240
- break; /* FIXME: If this happens, we should take
241
- * note of it and, if appropriate, use the
242
- * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
243
- * later. */
244
-
245
- int is_self_signed;
246
- if (!cert_self_signed(x, &is_self_signed)) {
247
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
248
- goto end;
249
- }
250
-
251
- /* If we are self signed, we break */
252
- if (is_self_signed)
253
- break;
254
- /*
255
- * If asked see if we can find issuer in trusted store first
256
- */
257
- if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) {
258
- ok = ctx->get_issuer(&xtmp, ctx, x);
259
- if (ok < 0) {
260
- ctx->error = X509_V_ERR_STORE_LOOKUP;
261
- goto end;
262
- }
263
- /*
264
- * If successful for now free up cert so it will be picked up
265
- * again later.
266
- */
267
- if (ok > 0) {
268
- X509_free(xtmp);
269
- break;
270
- }
271
- }
272
-
273
- /* If we were passed a cert chain, use it first */
274
- if (sktmp != NULL) {
275
- xtmp = find_issuer(ctx, sktmp, x);
276
- if (xtmp != NULL) {
277
- if (!sk_X509_push(ctx->chain, xtmp)) {
278
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
279
- ctx->error = X509_V_ERR_OUT_OF_MEM;
280
- ok = 0;
281
- goto end;
282
- }
283
- X509_up_ref(xtmp);
284
- (void)sk_X509_delete_ptr(sktmp, xtmp);
285
- ctx->last_untrusted++;
286
- x = xtmp;
287
- num++;
288
- /*
289
- * reparse the full chain for the next one
290
- */
291
- continue;
292
- }
293
- }
249
+ }
250
+ // If successful for now free up cert so it will be picked up
251
+ // again later.
252
+ if (ok > 0) {
253
+ X509_free(xtmp);
294
254
  break;
255
+ }
295
256
  }
296
257
 
297
- /* Remember how many untrusted certs we have */
298
- j = num;
299
- /*
300
- * at this point, chain should contain a list of untrusted certificates.
301
- * We now need to add at least one trusted one, if possible, otherwise we
302
- * complain.
303
- */
304
-
305
- do {
306
- /*
307
- * Examine last certificate in chain and see if it is self signed.
308
- */
309
- i = sk_X509_num(ctx->chain);
310
- x = sk_X509_value(ctx->chain, i - 1);
311
-
312
- int is_self_signed;
313
- if (!cert_self_signed(x, &is_self_signed)) {
314
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
315
- goto end;
258
+ // If we were passed a cert chain, use it first
259
+ if (sktmp != NULL) {
260
+ xtmp = find_issuer(ctx, sktmp, x);
261
+ if (xtmp != NULL) {
262
+ if (!sk_X509_push(ctx->chain, xtmp)) {
263
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
264
+ ok = 0;
265
+ goto end;
316
266
  }
317
-
318
- if (is_self_signed) {
319
- /* we have a self signed certificate */
320
- if (sk_X509_num(ctx->chain) == 1) {
321
- /*
322
- * We have a single self signed certificate: see if we can
323
- * find it in the store. We must have an exact match to avoid
324
- * possible impersonation.
325
- */
326
- ok = ctx->get_issuer(&xtmp, ctx, x);
327
- if ((ok <= 0) || X509_cmp(x, xtmp)) {
328
- ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
329
- ctx->current_cert = x;
330
- ctx->error_depth = i - 1;
331
- if (ok == 1)
332
- X509_free(xtmp);
333
- bad_chain = 1;
334
- ok = cb(0, ctx);
335
- if (!ok)
336
- goto end;
337
- } else {
338
- /*
339
- * We have a match: replace certificate with store
340
- * version so we get any trust settings.
341
- */
342
- X509_free(x);
343
- x = xtmp;
344
- (void)sk_X509_set(ctx->chain, i - 1, x);
345
- ctx->last_untrusted = 0;
346
- }
347
- } else {
348
- /*
349
- * extract and save self signed certificate for later use
350
- */
351
- chain_ss = sk_X509_pop(ctx->chain);
352
- ctx->last_untrusted--;
353
- num--;
354
- j--;
355
- x = sk_X509_value(ctx->chain, num - 1);
356
- }
357
- }
358
- /* We now lookup certs from the certificate store */
359
- for (;;) {
360
- /* If we have enough, we break */
361
- if (depth < num)
362
- break;
363
- if (!cert_self_signed(x, &is_self_signed)) {
364
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
365
- goto end;
366
- }
367
- /* If we are self signed, we break */
368
- if (is_self_signed)
369
- break;
370
- ok = ctx->get_issuer(&xtmp, ctx, x);
371
-
372
- if (ok < 0) {
373
- ctx->error = X509_V_ERR_STORE_LOOKUP;
374
- goto end;
375
- }
376
- if (ok == 0)
377
- break;
378
- x = xtmp;
379
- if (!sk_X509_push(ctx->chain, x)) {
380
- X509_free(xtmp);
381
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
382
- ctx->error = X509_V_ERR_OUT_OF_MEM;
383
- ok = 0;
384
- goto end;
385
- }
386
- num++;
387
- }
388
-
389
- /* we now have our chain, lets check it... */
390
- trust = check_trust(ctx);
391
-
392
- /* If explicitly rejected error */
393
- if (trust == X509_TRUST_REJECTED) {
394
- ok = 0;
267
+ X509_up_ref(xtmp);
268
+ (void)sk_X509_delete_ptr(sktmp, xtmp);
269
+ ctx->last_untrusted++;
270
+ x = xtmp;
271
+ num++;
272
+ // reparse the full chain for the next one
273
+ continue;
274
+ }
275
+ }
276
+ break;
277
+ }
278
+
279
+ // Remember how many untrusted certs we have
280
+ j = num;
281
+ // at this point, chain should contain a list of untrusted certificates.
282
+ // We now need to add at least one trusted one, if possible, otherwise we
283
+ // complain.
284
+
285
+ do {
286
+ // Examine last certificate in chain and see if it is self signed.
287
+ i = sk_X509_num(ctx->chain);
288
+ x = sk_X509_value(ctx->chain, i - 1);
289
+
290
+ int is_self_signed;
291
+ if (!cert_self_signed(x, &is_self_signed)) {
292
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
293
+ goto end;
294
+ }
295
+
296
+ if (is_self_signed) {
297
+ // we have a self signed certificate
298
+ if (sk_X509_num(ctx->chain) == 1) {
299
+ // We have a single self signed certificate: see if we can
300
+ // find it in the store. We must have an exact match to avoid
301
+ // possible impersonation.
302
+ ok = ctx->get_issuer(&xtmp, ctx, x);
303
+ if ((ok <= 0) || X509_cmp(x, xtmp)) {
304
+ ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
305
+ ctx->current_cert = x;
306
+ ctx->error_depth = i - 1;
307
+ if (ok == 1) {
308
+ X509_free(xtmp);
309
+ }
310
+ bad_chain = 1;
311
+ ok = ctx->verify_cb(0, ctx);
312
+ if (!ok) {
395
313
  goto end;
396
- }
397
- /*
398
- * If it's not explicitly trusted then check if there is an alternative
399
- * chain that could be used. We only do this if we haven't already
400
- * checked via TRUSTED_FIRST and the user hasn't switched off alternate
401
- * chain checking
402
- */
403
- retry = 0;
404
- if (trust != X509_TRUST_TRUSTED
405
- && !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
406
- && !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
407
- while (j-- > 1) {
408
- xtmp2 = sk_X509_value(ctx->chain, j - 1);
409
- ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
410
- if (ok < 0)
411
- goto end;
412
- /* Check if we found an alternate chain */
413
- if (ok > 0) {
414
- /*
415
- * Free up the found cert we'll add it again later
416
- */
417
- X509_free(xtmp);
418
-
419
- /*
420
- * Dump all the certs above this point - we've found an
421
- * alternate chain
422
- */
423
- while (num > j) {
424
- xtmp = sk_X509_pop(ctx->chain);
425
- X509_free(xtmp);
426
- num--;
427
- }
428
- ctx->last_untrusted = sk_X509_num(ctx->chain);
429
- retry = 1;
430
- break;
431
- }
432
- }
433
- }
434
- } while (retry);
435
-
436
- /*
437
- * If not explicitly trusted then indicate error unless it's a single
438
- * self signed certificate in which case we've indicated an error already
439
- * and set bad_chain == 1
440
- */
441
- if (trust != X509_TRUST_TRUSTED && !bad_chain) {
442
- if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
443
- if (ctx->last_untrusted >= num)
444
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
445
- else
446
- ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
447
- ctx->current_cert = x;
314
+ }
448
315
  } else {
449
-
450
- sk_X509_push(ctx->chain, chain_ss);
451
- num++;
452
- ctx->last_untrusted = num;
453
- ctx->current_cert = chain_ss;
454
- ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
455
- chain_ss = NULL;
316
+ // We have a match: replace certificate with store
317
+ // version so we get any trust settings.
318
+ X509_free(x);
319
+ x = xtmp;
320
+ (void)sk_X509_set(ctx->chain, i - 1, x);
321
+ ctx->last_untrusted = 0;
456
322
  }
457
-
458
- ctx->error_depth = num - 1;
459
- bad_chain = 1;
460
- ok = cb(0, ctx);
461
- if (!ok)
462
- goto end;
463
- }
464
-
465
- /* We have the chain complete: now we need to check its purpose */
466
- ok = check_chain_extensions(ctx);
467
-
468
- if (!ok)
469
- goto end;
470
-
471
- ok = check_id(ctx);
472
-
473
- if (!ok)
474
- goto end;
475
-
476
- /*
477
- * Check revocation status: we do this after copying parameters because
478
- * they may be needed for CRL signature verification.
479
- */
480
-
481
- ok = ctx->check_revocation(ctx);
482
- if (!ok)
323
+ } else {
324
+ // extract and save self signed certificate for later use
325
+ chain_ss = sk_X509_pop(ctx->chain);
326
+ ctx->last_untrusted--;
327
+ num--;
328
+ j--;
329
+ x = sk_X509_value(ctx->chain, num - 1);
330
+ }
331
+ }
332
+ // We now lookup certs from the certificate store
333
+ for (;;) {
334
+ // If we have enough, we break
335
+ if (depth < num) {
336
+ break;
337
+ }
338
+ if (!cert_self_signed(x, &is_self_signed)) {
339
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
483
340
  goto end;
341
+ }
342
+ // If we are self signed, we break
343
+ if (is_self_signed) {
344
+ break;
345
+ }
346
+ ok = ctx->get_issuer(&xtmp, ctx, x);
484
347
 
485
- int err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
486
- ctx->param->flags);
487
- if (err != X509_V_OK) {
488
- ctx->error = err;
489
- ctx->current_cert = sk_X509_value(ctx->chain, ctx->error_depth);
490
- ok = cb(0, ctx);
491
- if (!ok)
492
- goto end;
493
- }
494
-
495
- /* At this point, we have a chain and need to verify it */
496
- if (ctx->verify != NULL)
497
- ok = ctx->verify(ctx);
498
- else
499
- ok = internal_verify(ctx);
500
- if (!ok)
348
+ if (ok < 0) {
349
+ ctx->error = X509_V_ERR_STORE_LOOKUP;
501
350
  goto end;
502
-
503
- /* Check name constraints */
504
-
505
- ok = check_name_constraints(ctx);
506
- if (!ok)
351
+ }
352
+ if (ok == 0) {
353
+ break;
354
+ }
355
+ x = xtmp;
356
+ if (!sk_X509_push(ctx->chain, x)) {
357
+ X509_free(xtmp);
358
+ ctx->error = X509_V_ERR_OUT_OF_MEM;
359
+ ok = 0;
507
360
  goto end;
361
+ }
362
+ num++;
363
+ }
364
+
365
+ // we now have our chain, lets check it...
366
+ trust = check_trust(ctx);
367
+
368
+ // If explicitly rejected error
369
+ if (trust == X509_TRUST_REJECTED) {
370
+ ok = 0;
371
+ goto end;
372
+ }
373
+ // If it's not explicitly trusted then check if there is an alternative
374
+ // chain that could be used. We only do this if we haven't already
375
+ // checked via TRUSTED_FIRST and the user hasn't switched off alternate
376
+ // chain checking
377
+ retry = 0;
378
+ if (trust != X509_TRUST_TRUSTED &&
379
+ !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) &&
380
+ !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) {
381
+ while (j-- > 1) {
382
+ xtmp2 = sk_X509_value(ctx->chain, j - 1);
383
+ ok = ctx->get_issuer(&xtmp, ctx, xtmp2);
384
+ if (ok < 0) {
385
+ goto end;
386
+ }
387
+ // Check if we found an alternate chain
388
+ if (ok > 0) {
389
+ // Free up the found cert we'll add it again later
390
+ X509_free(xtmp);
391
+
392
+ // Dump all the certs above this point - we've found an
393
+ // alternate chain
394
+ while (num > j) {
395
+ xtmp = sk_X509_pop(ctx->chain);
396
+ X509_free(xtmp);
397
+ num--;
398
+ }
399
+ ctx->last_untrusted = sk_X509_num(ctx->chain);
400
+ retry = 1;
401
+ break;
402
+ }
403
+ }
404
+ }
405
+ } while (retry);
406
+
407
+ // If not explicitly trusted then indicate error unless it's a single
408
+ // self signed certificate in which case we've indicated an error already
409
+ // and set bad_chain == 1
410
+ if (trust != X509_TRUST_TRUSTED && !bad_chain) {
411
+ if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
412
+ if (ctx->last_untrusted >= num) {
413
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
414
+ } else {
415
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
416
+ }
417
+ ctx->current_cert = x;
418
+ } else {
419
+ sk_X509_push(ctx->chain, chain_ss);
420
+ num++;
421
+ ctx->last_untrusted = num;
422
+ ctx->current_cert = chain_ss;
423
+ ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
424
+ chain_ss = NULL;
425
+ }
426
+
427
+ ctx->error_depth = num - 1;
428
+ bad_chain = 1;
429
+ ok = ctx->verify_cb(0, ctx);
430
+ if (!ok) {
431
+ goto end;
432
+ }
433
+ }
434
+
435
+ // We have the chain complete: now we need to check its purpose
436
+ ok = check_chain_extensions(ctx);
437
+
438
+ if (!ok) {
439
+ goto end;
440
+ }
441
+
442
+ ok = check_id(ctx);
443
+
444
+ if (!ok) {
445
+ goto end;
446
+ }
447
+
448
+ // Check revocation status: we do this after copying parameters because
449
+ // they may be needed for CRL signature verification.
450
+ ok = ctx->check_revocation(ctx);
451
+ if (!ok) {
452
+ goto end;
453
+ }
454
+
455
+ // At this point, we have a chain and need to verify it
456
+ if (ctx->verify != NULL) {
457
+ ok = ctx->verify(ctx);
458
+ } else {
459
+ ok = internal_verify(ctx);
460
+ }
461
+ if (!ok) {
462
+ goto end;
463
+ }
464
+
465
+ // Check name constraints
466
+ ok = check_name_constraints(ctx);
467
+ if (!ok) {
468
+ goto end;
469
+ }
470
+
471
+ // If we get this far, evaluate policies.
472
+ if (!bad_chain) {
473
+ ok = ctx->check_policy(ctx);
474
+ }
475
+
476
+ end:
477
+ if (sktmp != NULL) {
478
+ sk_X509_free(sktmp);
479
+ }
480
+ if (chain_ss != NULL) {
481
+ X509_free(chain_ss);
482
+ }
483
+
484
+ // Safety net, error returns must set ctx->error
485
+ if (ok <= 0 && ctx->error == X509_V_OK) {
486
+ ctx->error = X509_V_ERR_UNSPECIFIED;
487
+ }
488
+ return ok;
489
+ }
490
+
491
+ // Given a STACK_OF(X509) find the issuer of cert (if any)
492
+
493
+ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) {
494
+ size_t i;
495
+ X509 *issuer;
496
+ for (i = 0; i < sk_X509_num(sk); i++) {
497
+ issuer = sk_X509_value(sk, i);
498
+ if (ctx->check_issued(ctx, x, issuer)) {
499
+ return issuer;
500
+ }
501
+ }
502
+ return NULL;
503
+ }
504
+
505
+ // Given a possible certificate and issuer check them
506
+
507
+ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) {
508
+ int ret;
509
+ ret = X509_check_issued(issuer, x);
510
+ if (ret == X509_V_OK) {
511
+ return 1;
512
+ }
513
+ // If we haven't asked for issuer errors don't set ctx
514
+ if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) {
515
+ return 0;
516
+ }
508
517
 
509
- /* If we get this far evaluate policies */
510
- if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
511
- ok = ctx->check_policy(ctx);
512
-
513
- end:
514
- if (sktmp != NULL)
515
- sk_X509_free(sktmp);
516
- if (chain_ss != NULL)
517
- X509_free(chain_ss);
518
-
519
- /* Safety net, error returns must set ctx->error */
520
- if (ok <= 0 && ctx->error == X509_V_OK)
521
- ctx->error = X509_V_ERR_UNSPECIFIED;
522
- return ok;
523
- }
524
-
525
- /*
526
- * Given a STACK_OF(X509) find the issuer of cert (if any)
527
- */
528
-
529
- static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
530
- {
531
- size_t i;
532
- X509 *issuer;
533
- for (i = 0; i < sk_X509_num(sk); i++) {
534
- issuer = sk_X509_value(sk, i);
535
- if (ctx->check_issued(ctx, x, issuer))
536
- return issuer;
537
- }
538
- return NULL;
539
- }
540
-
541
- /* Given a possible certificate and issuer check them */
542
-
543
- static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
544
- {
545
- int ret;
546
- ret = X509_check_issued(issuer, x);
547
- if (ret == X509_V_OK)
548
- return 1;
549
- /* If we haven't asked for issuer errors don't set ctx */
550
- if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
551
- return 0;
552
-
553
- ctx->error = ret;
554
- ctx->current_cert = x;
555
- ctx->current_issuer = issuer;
556
- return ctx->verify_cb(0, ctx);
518
+ ctx->error = ret;
519
+ ctx->current_cert = x;
520
+ ctx->current_issuer = issuer;
521
+ return ctx->verify_cb(0, ctx);
557
522
  }
558
523
 
559
- /* Alternative lookup method: look from a STACK stored in other_ctx */
524
+ // Alternative lookup method: look from a STACK stored in other_ctx
560
525
 
561
- static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
562
- {
563
- *issuer = find_issuer(ctx, ctx->other_ctx, x);
564
- if (*issuer) {
565
- X509_up_ref(*issuer);
566
- return 1;
567
- } else
568
- return 0;
526
+ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) {
527
+ *issuer = find_issuer(ctx, ctx->other_ctx, x);
528
+ if (*issuer) {
529
+ X509_up_ref(*issuer);
530
+ return 1;
531
+ } else {
532
+ return 0;
533
+ }
569
534
  }
570
535
 
571
- /*
572
- * Check a certificate chains extensions for consistency with the supplied
573
- * purpose
574
- */
575
-
576
- static int check_chain_extensions(X509_STORE_CTX *ctx)
577
- {
578
- int i, ok = 0, plen = 0;
579
- X509 *x;
580
- int (*cb) (int xok, X509_STORE_CTX *xctx);
581
- int proxy_path_length = 0;
582
- int purpose;
583
- int allow_proxy_certs;
584
- cb = ctx->verify_cb;
585
-
586
- enum {
587
- // ca_or_leaf allows either type of certificate so that direct use of
588
- // self-signed certificates works.
589
- ca_or_leaf,
590
- must_be_ca,
591
- must_not_be_ca,
592
- } ca_requirement;
593
-
594
- /* CRL path validation */
595
- if (ctx->parent) {
596
- allow_proxy_certs = 0;
597
- purpose = X509_PURPOSE_CRL_SIGN;
598
- } else {
599
- allow_proxy_certs =
600
- ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
601
- purpose = ctx->param->purpose;
602
- }
603
-
604
- ca_requirement = ca_or_leaf;
536
+ // Check a certificate chains extensions for consistency with the supplied
537
+ // purpose
605
538
 
606
- /* Check all untrusted certificates */
607
- for (i = 0; i < ctx->last_untrusted; i++) {
608
- int ret;
609
- x = sk_X509_value(ctx->chain, i);
610
- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
611
- && (x->ex_flags & EXFLAG_CRITICAL)) {
612
- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
613
- ctx->error_depth = i;
614
- ctx->current_cert = x;
615
- ok = cb(0, ctx);
616
- if (!ok)
617
- goto end;
618
- }
619
- if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
620
- ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
621
- ctx->error_depth = i;
622
- ctx->current_cert = x;
623
- ok = cb(0, ctx);
624
- if (!ok)
625
- goto end;
626
- }
627
-
628
- switch (ca_requirement) {
629
- case ca_or_leaf:
630
- ret = 1;
631
- break;
632
- case must_not_be_ca:
633
- if (X509_check_ca(x)) {
634
- ret = 0;
635
- ctx->error = X509_V_ERR_INVALID_NON_CA;
636
- } else
637
- ret = 1;
638
- break;
639
- case must_be_ca:
640
- if (!X509_check_ca(x)) {
641
- ret = 0;
642
- ctx->error = X509_V_ERR_INVALID_CA;
643
- } else
644
- ret = 1;
645
- break;
646
- default:
647
- // impossible.
648
- ret = 0;
649
- }
539
+ static int check_chain_extensions(X509_STORE_CTX *ctx) {
540
+ int ok = 0, plen = 0;
650
541
 
651
- if (ret == 0) {
652
- ctx->error_depth = i;
653
- ctx->current_cert = x;
654
- ok = cb(0, ctx);
655
- if (!ok)
656
- goto end;
657
- }
658
- if (ctx->param->purpose > 0) {
659
- ret = X509_check_purpose(x, purpose, ca_requirement == must_be_ca);
660
- if (ret != 1) {
661
- ret = 0;
662
- ctx->error = X509_V_ERR_INVALID_PURPOSE;
663
- ctx->error_depth = i;
664
- ctx->current_cert = x;
665
- ok = cb(0, ctx);
666
- if (!ok)
667
- goto end;
668
- }
669
- }
670
- /* Check pathlen if not self issued */
671
- if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
672
- && (x->ex_pathlen != -1)
673
- && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
674
- ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
675
- ctx->error_depth = i;
676
- ctx->current_cert = x;
677
- ok = cb(0, ctx);
678
- if (!ok)
679
- goto end;
680
- }
681
- /* Increment path length if not self issued */
682
- if (!(x->ex_flags & EXFLAG_SI))
683
- plen++;
684
- /*
685
- * If this certificate is a proxy certificate, the next certificate
686
- * must be another proxy certificate or a EE certificate. If not,
687
- * the next certificate must be a CA certificate.
688
- */
689
- if (x->ex_flags & EXFLAG_PROXY) {
690
- if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
691
- ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
692
- ctx->error_depth = i;
693
- ctx->current_cert = x;
694
- ok = cb(0, ctx);
695
- if (!ok)
696
- goto end;
697
- }
698
- proxy_path_length++;
699
- ca_requirement = must_not_be_ca;
700
- } else {
701
- ca_requirement = must_be_ca;
702
- }
703
- }
704
- ok = 1;
705
- end:
706
- return ok;
707
- }
542
+ // If |ctx->parent| is set, this is CRL path validation.
543
+ int purpose =
544
+ ctx->parent == NULL ? ctx->param->purpose : X509_PURPOSE_CRL_SIGN;
708
545
 
709
- static int reject_dns_name_in_common_name(X509 *x509)
710
- {
711
- X509_NAME *name = X509_get_subject_name(x509);
712
- int i = -1;
713
- for (;;) {
714
- i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
715
- if (i == -1) {
716
- return X509_V_OK;
717
- }
718
-
719
- X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
720
- ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
721
- unsigned char *idval;
722
- int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
723
- if (idlen < 0) {
724
- return X509_V_ERR_OUT_OF_MEM;
725
- }
726
- /* Only process attributes that look like host names. Note it is
727
- * important that this check be mirrored in |X509_check_host|. */
728
- int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
729
- OPENSSL_free(idval);
730
- if (looks_like_dns) {
731
- return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
732
- }
733
- }
734
- }
735
-
736
- static int check_name_constraints(X509_STORE_CTX *ctx)
737
- {
738
- int i, j, rv;
739
- int has_name_constraints = 0;
740
- /* Check name constraints for all certificates */
741
- for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
742
- X509 *x = sk_X509_value(ctx->chain, i);
743
- /* Ignore self issued certs unless last in chain */
744
- if (i && (x->ex_flags & EXFLAG_SI))
745
- continue;
746
- /*
747
- * Check against constraints for all certificates higher in chain
748
- * including trust anchor. Trust anchor not strictly speaking needed
749
- * but if it includes constraints it is to be assumed it expects them
750
- * to be obeyed.
751
- */
752
- for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
753
- NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
754
- if (nc) {
755
- has_name_constraints = 1;
756
- rv = NAME_CONSTRAINTS_check(x, nc);
757
- switch (rv) {
758
- case X509_V_OK:
759
- continue;
760
- case X509_V_ERR_OUT_OF_MEM:
761
- ctx->error = rv;
762
- return 0;
763
- default:
764
- ctx->error = rv;
765
- ctx->error_depth = i;
766
- ctx->current_cert = x;
767
- if (!ctx->verify_cb(0, ctx))
768
- return 0;
769
- break;
770
- }
771
- }
772
- }
546
+ // Check all untrusted certificates
547
+ for (int i = 0; i < ctx->last_untrusted; i++) {
548
+ X509 *x = sk_X509_value(ctx->chain, i);
549
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
550
+ (x->ex_flags & EXFLAG_CRITICAL)) {
551
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
552
+ ctx->error_depth = i;
553
+ ctx->current_cert = x;
554
+ ok = ctx->verify_cb(0, ctx);
555
+ if (!ok) {
556
+ goto end;
557
+ }
773
558
  }
774
559
 
775
- /* Name constraints do not match against the common name, but
776
- * |X509_check_host| still implements the legacy behavior where, on
777
- * certificates lacking a SAN list, DNS-like names in the common name are
778
- * checked instead.
779
- *
780
- * While we could apply the name constraints to the common name, name
781
- * constraints are rare enough that can hold such certificates to a higher
782
- * standard. Note this does not make "DNS-like" heuristic failures any
783
- * worse. A decorative common-name misidentified as a DNS name would fail
784
- * the name constraint anyway. */
785
- X509 *leaf = sk_X509_value(ctx->chain, 0);
786
- if (has_name_constraints && leaf->altname == NULL) {
787
- rv = reject_dns_name_in_common_name(leaf);
560
+ int must_be_ca = i > 0;
561
+ if (must_be_ca && !X509_check_ca(x)) {
562
+ ctx->error = X509_V_ERR_INVALID_CA;
563
+ ctx->error_depth = i;
564
+ ctx->current_cert = x;
565
+ ok = ctx->verify_cb(0, ctx);
566
+ if (!ok) {
567
+ goto end;
568
+ }
569
+ }
570
+ if (ctx->param->purpose > 0 &&
571
+ X509_check_purpose(x, purpose, must_be_ca) != 1) {
572
+ ctx->error = X509_V_ERR_INVALID_PURPOSE;
573
+ ctx->error_depth = i;
574
+ ctx->current_cert = x;
575
+ ok = ctx->verify_cb(0, ctx);
576
+ if (!ok) {
577
+ goto end;
578
+ }
579
+ }
580
+ // Check pathlen if not self issued
581
+ if (i > 1 && !(x->ex_flags & EXFLAG_SI) && x->ex_pathlen != -1 &&
582
+ plen > x->ex_pathlen + 1) {
583
+ ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
584
+ ctx->error_depth = i;
585
+ ctx->current_cert = x;
586
+ ok = ctx->verify_cb(0, ctx);
587
+ if (!ok) {
588
+ goto end;
589
+ }
590
+ }
591
+ // Increment path length if not self issued
592
+ if (!(x->ex_flags & EXFLAG_SI)) {
593
+ plen++;
594
+ }
595
+ }
596
+ ok = 1;
597
+ end:
598
+ return ok;
599
+ }
600
+
601
+ static int reject_dns_name_in_common_name(X509 *x509) {
602
+ const X509_NAME *name = X509_get_subject_name(x509);
603
+ int i = -1;
604
+ for (;;) {
605
+ i = X509_NAME_get_index_by_NID(name, NID_commonName, i);
606
+ if (i == -1) {
607
+ return X509_V_OK;
608
+ }
609
+
610
+ const X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, i);
611
+ const ASN1_STRING *common_name = X509_NAME_ENTRY_get_data(entry);
612
+ unsigned char *idval;
613
+ int idlen = ASN1_STRING_to_UTF8(&idval, common_name);
614
+ if (idlen < 0) {
615
+ return X509_V_ERR_OUT_OF_MEM;
616
+ }
617
+ // Only process attributes that look like host names. Note it is
618
+ // important that this check be mirrored in |X509_check_host|.
619
+ int looks_like_dns = x509v3_looks_like_dns_name(idval, (size_t)idlen);
620
+ OPENSSL_free(idval);
621
+ if (looks_like_dns) {
622
+ return X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS;
623
+ }
624
+ }
625
+ }
626
+
627
+ static int check_name_constraints(X509_STORE_CTX *ctx) {
628
+ int i, j, rv;
629
+ int has_name_constraints = 0;
630
+ // Check name constraints for all certificates
631
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
632
+ X509 *x = sk_X509_value(ctx->chain, i);
633
+ // Ignore self issued certs unless last in chain
634
+ if (i && (x->ex_flags & EXFLAG_SI)) {
635
+ continue;
636
+ }
637
+ // Check against constraints for all certificates higher in chain
638
+ // including trust anchor. Trust anchor not strictly speaking needed
639
+ // but if it includes constraints it is to be assumed it expects them
640
+ // to be obeyed.
641
+ for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
642
+ NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
643
+ if (nc) {
644
+ has_name_constraints = 1;
645
+ rv = NAME_CONSTRAINTS_check(x, nc);
788
646
  switch (rv) {
789
- case X509_V_OK:
790
- break;
791
- case X509_V_ERR_OUT_OF_MEM:
647
+ case X509_V_OK:
648
+ continue;
649
+ case X509_V_ERR_OUT_OF_MEM:
792
650
  ctx->error = rv;
793
651
  return 0;
794
- default:
652
+ default:
795
653
  ctx->error = rv;
796
654
  ctx->error_depth = i;
797
- ctx->current_cert = leaf;
798
- if (!ctx->verify_cb(0, ctx))
799
- return 0;
655
+ ctx->current_cert = x;
656
+ if (!ctx->verify_cb(0, ctx)) {
657
+ return 0;
658
+ }
800
659
  break;
801
660
  }
661
+ }
662
+ }
663
+ }
664
+
665
+ // Name constraints do not match against the common name, but
666
+ // |X509_check_host| still implements the legacy behavior where, on
667
+ // certificates lacking a SAN list, DNS-like names in the common name are
668
+ // checked instead.
669
+ //
670
+ // While we could apply the name constraints to the common name, name
671
+ // constraints are rare enough that can hold such certificates to a higher
672
+ // standard. Note this does not make "DNS-like" heuristic failures any
673
+ // worse. A decorative common-name misidentified as a DNS name would fail
674
+ // the name constraint anyway.
675
+ X509 *leaf = sk_X509_value(ctx->chain, 0);
676
+ if (has_name_constraints && leaf->altname == NULL) {
677
+ rv = reject_dns_name_in_common_name(leaf);
678
+ switch (rv) {
679
+ case X509_V_OK:
680
+ break;
681
+ case X509_V_ERR_OUT_OF_MEM:
682
+ ctx->error = rv;
683
+ return 0;
684
+ default:
685
+ ctx->error = rv;
686
+ ctx->error_depth = i;
687
+ ctx->current_cert = leaf;
688
+ if (!ctx->verify_cb(0, ctx)) {
689
+ return 0;
690
+ }
691
+ break;
802
692
  }
803
-
693
+ }
694
+
695
+ return 1;
696
+ }
697
+
698
+ static int check_id_error(X509_STORE_CTX *ctx, int errcode) {
699
+ ctx->error = errcode;
700
+ ctx->current_cert = ctx->cert;
701
+ ctx->error_depth = 0;
702
+ return ctx->verify_cb(0, ctx);
703
+ }
704
+
705
+ static int check_hosts(X509 *x, X509_VERIFY_PARAM *param) {
706
+ size_t i;
707
+ size_t n = sk_OPENSSL_STRING_num(param->hosts);
708
+ char *name;
709
+
710
+ if (param->peername != NULL) {
711
+ OPENSSL_free(param->peername);
712
+ param->peername = NULL;
713
+ }
714
+ for (i = 0; i < n; ++i) {
715
+ name = sk_OPENSSL_STRING_value(param->hosts, i);
716
+ if (X509_check_host(x, name, strlen(name), param->hostflags,
717
+ &param->peername) > 0) {
718
+ return 1;
719
+ }
720
+ }
721
+ return n == 0;
722
+ }
723
+
724
+ static int check_id(X509_STORE_CTX *ctx) {
725
+ X509_VERIFY_PARAM *vpm = ctx->param;
726
+ X509 *x = ctx->cert;
727
+ if (vpm->poison) {
728
+ if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL)) {
729
+ return 0;
730
+ }
731
+ }
732
+ if (vpm->hosts && check_hosts(x, vpm) <= 0) {
733
+ if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) {
734
+ return 0;
735
+ }
736
+ }
737
+ if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
738
+ if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) {
739
+ return 0;
740
+ }
741
+ }
742
+ if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
743
+ if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) {
744
+ return 0;
745
+ }
746
+ }
747
+ return 1;
748
+ }
749
+
750
+ static int check_trust(X509_STORE_CTX *ctx) {
751
+ size_t i;
752
+ int ok;
753
+ X509 *x = NULL;
754
+ // Check all trusted certificates in chain
755
+ for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
756
+ x = sk_X509_value(ctx->chain, i);
757
+ ok = X509_check_trust(x, ctx->param->trust, 0);
758
+ // If explicitly trusted return trusted
759
+ if (ok == X509_TRUST_TRUSTED) {
760
+ return X509_TRUST_TRUSTED;
761
+ }
762
+ // If explicitly rejected notify callback and reject if not
763
+ // overridden.
764
+ if (ok == X509_TRUST_REJECTED) {
765
+ ctx->error_depth = i;
766
+ ctx->current_cert = x;
767
+ ctx->error = X509_V_ERR_CERT_REJECTED;
768
+ ok = ctx->verify_cb(0, ctx);
769
+ if (!ok) {
770
+ return X509_TRUST_REJECTED;
771
+ }
772
+ }
773
+ }
774
+ // If we accept partial chains and have at least one trusted certificate
775
+ // return success.
776
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
777
+ X509 *mx;
778
+ if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) {
779
+ return X509_TRUST_TRUSTED;
780
+ }
781
+ x = sk_X509_value(ctx->chain, 0);
782
+ mx = lookup_cert_match(ctx, x);
783
+ if (mx) {
784
+ (void)sk_X509_set(ctx->chain, 0, mx);
785
+ X509_free(x);
786
+ ctx->last_untrusted = 0;
787
+ return X509_TRUST_TRUSTED;
788
+ }
789
+ }
790
+
791
+ // If no trusted certs in chain at all return untrusted and allow
792
+ // standard (no issuer cert) etc errors to be indicated.
793
+ return X509_TRUST_UNTRUSTED;
794
+ }
795
+
796
+ static int check_revocation(X509_STORE_CTX *ctx) {
797
+ int i, last, ok;
798
+ if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) {
804
799
  return 1;
805
- }
806
-
807
- static int check_id_error(X509_STORE_CTX *ctx, int errcode)
808
- {
809
- ctx->error = errcode;
810
- ctx->current_cert = ctx->cert;
811
- ctx->error_depth = 0;
812
- return ctx->verify_cb(0, ctx);
813
- }
814
-
815
- static int check_hosts(X509 *x, X509_VERIFY_PARAM *param)
816
- {
817
- size_t i;
818
- size_t n = sk_OPENSSL_STRING_num(param->hosts);
819
- char *name;
820
-
821
- if (param->peername != NULL) {
822
- OPENSSL_free(param->peername);
823
- param->peername = NULL;
824
- }
825
- for (i = 0; i < n; ++i) {
826
- name = sk_OPENSSL_STRING_value(param->hosts, i);
827
- if (X509_check_host(x, name, strlen(name), param->hostflags,
828
- &param->peername) > 0)
829
- return 1;
830
- }
831
- return n == 0;
832
- }
833
-
834
- static int check_id(X509_STORE_CTX *ctx)
835
- {
836
- X509_VERIFY_PARAM *vpm = ctx->param;
837
- X509 *x = ctx->cert;
838
- if (vpm->poison) {
839
- if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
840
- return 0;
841
- }
842
- if (vpm->hosts && check_hosts(x, vpm) <= 0) {
843
- if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
844
- return 0;
800
+ }
801
+ if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) {
802
+ last = sk_X509_num(ctx->chain) - 1;
803
+ } else {
804
+ // If checking CRL paths this isn't the EE certificate
805
+ if (ctx->parent) {
806
+ return 1;
807
+ }
808
+ last = 0;
809
+ }
810
+ for (i = 0; i <= last; i++) {
811
+ ctx->error_depth = i;
812
+ ok = check_cert(ctx);
813
+ if (!ok) {
814
+ return ok;
815
+ }
816
+ }
817
+ return 1;
818
+ }
819
+
820
+ static int check_cert(X509_STORE_CTX *ctx) {
821
+ X509_CRL *crl = NULL, *dcrl = NULL;
822
+ X509 *x;
823
+ int ok = 0, cnum;
824
+ unsigned int last_reasons;
825
+ cnum = ctx->error_depth;
826
+ x = sk_X509_value(ctx->chain, cnum);
827
+ ctx->current_cert = x;
828
+ ctx->current_issuer = NULL;
829
+ ctx->current_crl_score = 0;
830
+ ctx->current_reasons = 0;
831
+ while (ctx->current_reasons != CRLDP_ALL_REASONS) {
832
+ last_reasons = ctx->current_reasons;
833
+ // Try to retrieve relevant CRL
834
+ if (ctx->get_crl) {
835
+ ok = ctx->get_crl(ctx, &crl, x);
836
+ } else {
837
+ ok = get_crl_delta(ctx, &crl, &dcrl, x);
845
838
  }
846
- if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
847
- if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
848
- return 0;
839
+ // If error looking up CRL, nothing we can do except notify callback
840
+ if (!ok) {
841
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
842
+ ok = ctx->verify_cb(0, ctx);
843
+ goto err;
849
844
  }
850
- if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
851
- if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
852
- return 0;
845
+ ctx->current_crl = crl;
846
+ ok = ctx->check_crl(ctx, crl);
847
+ if (!ok) {
848
+ goto err;
853
849
  }
854
- return 1;
855
- }
856
850
 
857
- static int check_trust(X509_STORE_CTX *ctx)
858
- {
859
- size_t i;
860
- int ok;
861
- X509 *x = NULL;
862
- int (*cb) (int xok, X509_STORE_CTX *xctx);
863
- cb = ctx->verify_cb;
864
- /* Check all trusted certificates in chain */
865
- for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) {
866
- x = sk_X509_value(ctx->chain, i);
867
- ok = X509_check_trust(x, ctx->param->trust, 0);
868
- /* If explicitly trusted return trusted */
869
- if (ok == X509_TRUST_TRUSTED)
870
- return X509_TRUST_TRUSTED;
871
- /*
872
- * If explicitly rejected notify callback and reject if not
873
- * overridden.
874
- */
875
- if (ok == X509_TRUST_REJECTED) {
876
- ctx->error_depth = i;
877
- ctx->current_cert = x;
878
- ctx->error = X509_V_ERR_CERT_REJECTED;
879
- ok = cb(0, ctx);
880
- if (!ok)
881
- return X509_TRUST_REJECTED;
882
- }
883
- }
884
- /*
885
- * If we accept partial chains and have at least one trusted certificate
886
- * return success.
887
- */
888
- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
889
- X509 *mx;
890
- if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain))
891
- return X509_TRUST_TRUSTED;
892
- x = sk_X509_value(ctx->chain, 0);
893
- mx = lookup_cert_match(ctx, x);
894
- if (mx) {
895
- (void)sk_X509_set(ctx->chain, 0, mx);
896
- X509_free(x);
897
- ctx->last_untrusted = 0;
898
- return X509_TRUST_TRUSTED;
899
- }
851
+ if (dcrl) {
852
+ ok = ctx->check_crl(ctx, dcrl);
853
+ if (!ok) {
854
+ goto err;
855
+ }
856
+ ok = ctx->cert_crl(ctx, dcrl, x);
857
+ if (!ok) {
858
+ goto err;
859
+ }
860
+ } else {
861
+ ok = 1;
900
862
  }
901
863
 
902
- /*
903
- * If no trusted certs in chain at all return untrusted and allow
904
- * standard (no issuer cert) etc errors to be indicated.
905
- */
906
- return X509_TRUST_UNTRUSTED;
907
- }
908
-
909
- static int check_revocation(X509_STORE_CTX *ctx)
910
- {
911
- int i, last, ok;
912
- if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
913
- return 1;
914
- if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
915
- last = sk_X509_num(ctx->chain) - 1;
916
- else {
917
- /* If checking CRL paths this isn't the EE certificate */
918
- if (ctx->parent)
919
- return 1;
920
- last = 0;
921
- }
922
- for (i = 0; i <= last; i++) {
923
- ctx->error_depth = i;
924
- ok = check_cert(ctx);
925
- if (!ok)
926
- return ok;
864
+ // Don't look in full CRL if delta reason is removefromCRL
865
+ if (ok != 2) {
866
+ ok = ctx->cert_crl(ctx, crl, x);
867
+ if (!ok) {
868
+ goto err;
869
+ }
927
870
  }
928
- return 1;
929
- }
930
-
931
- static int check_cert(X509_STORE_CTX *ctx)
932
- {
933
- X509_CRL *crl = NULL, *dcrl = NULL;
934
- X509 *x;
935
- int ok = 0, cnum;
936
- unsigned int last_reasons;
937
- cnum = ctx->error_depth;
938
- x = sk_X509_value(ctx->chain, cnum);
939
- ctx->current_cert = x;
940
- ctx->current_issuer = NULL;
941
- ctx->current_crl_score = 0;
942
- ctx->current_reasons = 0;
943
- while (ctx->current_reasons != CRLDP_ALL_REASONS) {
944
- last_reasons = ctx->current_reasons;
945
- /* Try to retrieve relevant CRL */
946
- if (ctx->get_crl)
947
- ok = ctx->get_crl(ctx, &crl, x);
948
- else
949
- ok = get_crl_delta(ctx, &crl, &dcrl, x);
950
- /*
951
- * If error looking up CRL, nothing we can do except notify callback
952
- */
953
- if (!ok) {
954
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
955
- ok = ctx->verify_cb(0, ctx);
956
- goto err;
957
- }
958
- ctx->current_crl = crl;
959
- ok = ctx->check_crl(ctx, crl);
960
- if (!ok)
961
- goto err;
962
-
963
- if (dcrl) {
964
- ok = ctx->check_crl(ctx, dcrl);
965
- if (!ok)
966
- goto err;
967
- ok = ctx->cert_crl(ctx, dcrl, x);
968
- if (!ok)
969
- goto err;
970
- } else
971
- ok = 1;
972
-
973
- /* Don't look in full CRL if delta reason is removefromCRL */
974
- if (ok != 2) {
975
- ok = ctx->cert_crl(ctx, crl, x);
976
- if (!ok)
977
- goto err;
978
- }
979
871
 
980
- X509_CRL_free(crl);
981
- X509_CRL_free(dcrl);
982
- crl = NULL;
983
- dcrl = NULL;
984
- /*
985
- * If reasons not updated we wont get anywhere by another iteration,
986
- * so exit loop.
987
- */
988
- if (last_reasons == ctx->current_reasons) {
989
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
990
- ok = ctx->verify_cb(0, ctx);
991
- goto err;
992
- }
993
- }
994
- err:
995
872
  X509_CRL_free(crl);
996
873
  X509_CRL_free(dcrl);
874
+ crl = NULL;
875
+ dcrl = NULL;
876
+ // If reasons not updated we wont get anywhere by another iteration,
877
+ // so exit loop.
878
+ if (last_reasons == ctx->current_reasons) {
879
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
880
+ ok = ctx->verify_cb(0, ctx);
881
+ goto err;
882
+ }
883
+ }
884
+ err:
885
+ X509_CRL_free(crl);
886
+ X509_CRL_free(dcrl);
997
887
 
998
- ctx->current_crl = NULL;
999
- return ok;
1000
-
888
+ ctx->current_crl = NULL;
889
+ return ok;
1001
890
  }
1002
891
 
1003
- /* Check CRL times against values in X509_STORE_CTX */
892
+ // Check CRL times against values in X509_STORE_CTX
1004
893
 
1005
- static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
1006
- {
1007
- time_t *ptime;
1008
- int i;
1009
- if (notify)
1010
- ctx->current_crl = crl;
1011
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1012
- ptime = &ctx->param->check_time;
1013
- else
1014
- ptime = NULL;
894
+ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) {
895
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
896
+ return 1;
897
+ }
1015
898
 
1016
- i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
1017
- if (i == 0) {
1018
- if (!notify)
1019
- return 0;
1020
- ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
1021
- if (!ctx->verify_cb(0, ctx))
1022
- return 0;
899
+ if (notify) {
900
+ ctx->current_crl = crl;
901
+ }
902
+ int64_t ptime;
903
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
904
+ ptime = ctx->param->check_time;
905
+ } else {
906
+ ptime = time(NULL);
907
+ }
908
+
909
+ int i = X509_cmp_time_posix(X509_CRL_get0_lastUpdate(crl), ptime);
910
+ if (i == 0) {
911
+ if (!notify) {
912
+ return 0;
913
+ }
914
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
915
+ if (!ctx->verify_cb(0, ctx)) {
916
+ return 0;
1023
917
  }
918
+ }
1024
919
 
1025
- if (i > 0) {
1026
- if (!notify)
1027
- return 0;
1028
- ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
1029
- if (!ctx->verify_cb(0, ctx))
1030
- return 0;
920
+ if (i > 0) {
921
+ if (!notify) {
922
+ return 0;
1031
923
  }
924
+ ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
925
+ if (!ctx->verify_cb(0, ctx)) {
926
+ return 0;
927
+ }
928
+ }
1032
929
 
1033
- if (X509_CRL_get0_nextUpdate(crl)) {
1034
- i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
930
+ if (X509_CRL_get0_nextUpdate(crl)) {
931
+ i = X509_cmp_time_posix(X509_CRL_get0_nextUpdate(crl), ptime);
1035
932
 
1036
- if (i == 0) {
1037
- if (!notify)
1038
- return 0;
1039
- ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
1040
- if (!ctx->verify_cb(0, ctx))
1041
- return 0;
1042
- }
1043
- /* Ignore expiry of base CRL is delta is valid */
1044
- if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
1045
- if (!notify)
1046
- return 0;
1047
- ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
1048
- if (!ctx->verify_cb(0, ctx))
1049
- return 0;
1050
- }
933
+ if (i == 0) {
934
+ if (!notify) {
935
+ return 0;
936
+ }
937
+ ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
938
+ if (!ctx->verify_cb(0, ctx)) {
939
+ return 0;
940
+ }
941
+ }
942
+ // Ignore expiry of base CRL is delta is valid
943
+ if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
944
+ if (!notify) {
945
+ return 0;
946
+ }
947
+ ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
948
+ if (!ctx->verify_cb(0, ctx)) {
949
+ return 0;
950
+ }
1051
951
  }
952
+ }
1052
953
 
1053
- if (notify)
1054
- ctx->current_crl = NULL;
954
+ if (notify) {
955
+ ctx->current_crl = NULL;
956
+ }
1055
957
 
1056
- return 1;
958
+ return 1;
1057
959
  }
1058
960
 
1059
961
  static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1060
962
  X509 **pissuer, int *pscore, unsigned int *preasons,
1061
- STACK_OF(X509_CRL) *crls)
1062
- {
1063
- int crl_score, best_score = *pscore;
1064
- size_t i;
1065
- unsigned int reasons, best_reasons = 0;
1066
- X509 *x = ctx->current_cert;
1067
- X509_CRL *crl, *best_crl = NULL;
1068
- X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
1069
-
1070
- for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1071
- crl = sk_X509_CRL_value(crls, i);
1072
- reasons = *preasons;
1073
- crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
1074
- if (crl_score < best_score || crl_score == 0)
1075
- continue;
1076
- /* If current CRL is equivalent use it if it is newer */
1077
- if (crl_score == best_score && best_crl != NULL) {
1078
- int day, sec;
1079
- if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
1080
- X509_CRL_get0_lastUpdate(crl)) == 0)
1081
- continue;
1082
- /*
1083
- * ASN1_TIME_diff never returns inconsistent signs for |day|
1084
- * and |sec|.
1085
- */
1086
- if (day <= 0 && sec <= 0)
1087
- continue;
1088
- }
1089
- best_crl = crl;
1090
- best_crl_issuer = crl_issuer;
1091
- best_score = crl_score;
1092
- best_reasons = reasons;
1093
- }
1094
-
1095
- if (best_crl) {
1096
- if (*pcrl)
1097
- X509_CRL_free(*pcrl);
1098
- *pcrl = best_crl;
1099
- *pissuer = best_crl_issuer;
1100
- *pscore = best_score;
1101
- *preasons = best_reasons;
1102
- X509_CRL_up_ref(best_crl);
1103
- if (*pdcrl) {
1104
- X509_CRL_free(*pdcrl);
1105
- *pdcrl = NULL;
1106
- }
1107
- get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1108
- }
1109
-
1110
- if (best_score >= CRL_SCORE_VALID)
1111
- return 1;
963
+ STACK_OF(X509_CRL) *crls) {
964
+ int crl_score, best_score = *pscore;
965
+ size_t i;
966
+ unsigned int reasons, best_reasons = 0;
967
+ X509 *x = ctx->current_cert;
968
+ X509_CRL *crl, *best_crl = NULL;
969
+ X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
970
+
971
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
972
+ crl = sk_X509_CRL_value(crls, i);
973
+ reasons = *preasons;
974
+ crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
975
+ if (crl_score < best_score || crl_score == 0) {
976
+ continue;
977
+ }
978
+ // If current CRL is equivalent use it if it is newer
979
+ if (crl_score == best_score && best_crl != NULL) {
980
+ int day, sec;
981
+ if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
982
+ X509_CRL_get0_lastUpdate(crl)) == 0) {
983
+ continue;
984
+ }
985
+ // ASN1_TIME_diff never returns inconsistent signs for |day|
986
+ // and |sec|.
987
+ if (day <= 0 && sec <= 0) {
988
+ continue;
989
+ }
990
+ }
991
+ best_crl = crl;
992
+ best_crl_issuer = crl_issuer;
993
+ best_score = crl_score;
994
+ best_reasons = reasons;
995
+ }
996
+
997
+ if (best_crl) {
998
+ if (*pcrl) {
999
+ X509_CRL_free(*pcrl);
1000
+ }
1001
+ *pcrl = best_crl;
1002
+ *pissuer = best_crl_issuer;
1003
+ *pscore = best_score;
1004
+ *preasons = best_reasons;
1005
+ X509_CRL_up_ref(best_crl);
1006
+ if (*pdcrl) {
1007
+ X509_CRL_free(*pdcrl);
1008
+ *pdcrl = NULL;
1009
+ }
1010
+ get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
1011
+ }
1012
+
1013
+ if (best_score >= CRL_SCORE_VALID) {
1014
+ return 1;
1015
+ }
1112
1016
 
1113
- return 0;
1017
+ return 0;
1114
1018
  }
1115
1019
 
1116
- /*
1117
- * Compare two CRL extensions for delta checking purposes. They should be
1118
- * both present or both absent. If both present all fields must be identical.
1119
- */
1120
-
1121
- static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
1122
- {
1123
- ASN1_OCTET_STRING *exta, *extb;
1124
- int i;
1125
- i = X509_CRL_get_ext_by_NID(a, nid, -1);
1126
- if (i >= 0) {
1127
- /* Can't have multiple occurrences */
1128
- if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
1129
- return 0;
1130
- exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1131
- } else
1132
- exta = NULL;
1020
+ // Compare two CRL extensions for delta checking purposes. They should be
1021
+ // both present or both absent. If both present all fields must be identical.
1133
1022
 
1134
- i = X509_CRL_get_ext_by_NID(b, nid, -1);
1023
+ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) {
1024
+ const ASN1_OCTET_STRING *exta, *extb;
1025
+ int i;
1026
+ i = X509_CRL_get_ext_by_NID(a, nid, -1);
1027
+ if (i >= 0) {
1028
+ // Can't have multiple occurrences
1029
+ if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) {
1030
+ return 0;
1031
+ }
1032
+ exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
1033
+ } else {
1034
+ exta = NULL;
1035
+ }
1135
1036
 
1136
- if (i >= 0) {
1037
+ i = X509_CRL_get_ext_by_NID(b, nid, -1);
1137
1038
 
1138
- if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
1139
- return 0;
1140
- extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1141
- } else
1142
- extb = NULL;
1039
+ if (i >= 0) {
1040
+ if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) {
1041
+ return 0;
1042
+ }
1043
+ extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
1044
+ } else {
1045
+ extb = NULL;
1046
+ }
1143
1047
 
1144
- if (!exta && !extb)
1145
- return 1;
1048
+ if (!exta && !extb) {
1049
+ return 1;
1050
+ }
1146
1051
 
1147
- if (!exta || !extb)
1148
- return 0;
1052
+ if (!exta || !extb) {
1053
+ return 0;
1054
+ }
1149
1055
 
1150
- if (ASN1_OCTET_STRING_cmp(exta, extb))
1151
- return 0;
1056
+ if (ASN1_OCTET_STRING_cmp(exta, extb)) {
1057
+ return 0;
1058
+ }
1152
1059
 
1153
- return 1;
1060
+ return 1;
1154
1061
  }
1155
1062
 
1156
- /* See if a base and delta are compatible */
1063
+ // See if a base and delta are compatible
1157
1064
 
1158
- static int check_delta_base(X509_CRL *delta, X509_CRL *base)
1159
- {
1160
- /* Delta CRL must be a delta */
1161
- if (!delta->base_crl_number)
1162
- return 0;
1163
- /* Base must have a CRL number */
1164
- if (!base->crl_number)
1165
- return 0;
1166
- /* Issuer names must match */
1167
- if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
1168
- return 0;
1169
- /* AKID and IDP must match */
1170
- if (!crl_extension_match(delta, base, NID_authority_key_identifier))
1171
- return 0;
1172
- if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
1173
- return 0;
1174
- /* Delta CRL base number must not exceed Full CRL number. */
1175
- if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
1176
- return 0;
1177
- /* Delta CRL number must exceed full CRL number */
1178
- if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
1179
- return 1;
1065
+ static int check_delta_base(X509_CRL *delta, X509_CRL *base) {
1066
+ // Delta CRL must be a delta
1067
+ if (!delta->base_crl_number) {
1068
+ return 0;
1069
+ }
1070
+ // Base must have a CRL number
1071
+ if (!base->crl_number) {
1180
1072
  return 0;
1073
+ }
1074
+ // Issuer names must match
1075
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta))) {
1076
+ return 0;
1077
+ }
1078
+ // AKID and IDP must match
1079
+ if (!crl_extension_match(delta, base, NID_authority_key_identifier)) {
1080
+ return 0;
1081
+ }
1082
+ if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) {
1083
+ return 0;
1084
+ }
1085
+ // Delta CRL base number must not exceed Full CRL number.
1086
+ if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) {
1087
+ return 0;
1088
+ }
1089
+ // Delta CRL number must exceed full CRL number
1090
+ if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) {
1091
+ return 1;
1092
+ }
1093
+ return 0;
1181
1094
  }
1182
1095
 
1183
- /*
1184
- * For a given base CRL find a delta... maybe extend to delta scoring or
1185
- * retrieve a chain of deltas...
1186
- */
1096
+ // For a given base CRL find a delta... maybe extend to delta scoring or
1097
+ // retrieve a chain of deltas...
1187
1098
 
1188
1099
  static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
1189
- X509_CRL *base, STACK_OF(X509_CRL) *crls)
1190
- {
1191
- X509_CRL *delta;
1192
- size_t i;
1193
- if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
1194
- return;
1195
- if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
1196
- return;
1197
- for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1198
- delta = sk_X509_CRL_value(crls, i);
1199
- if (check_delta_base(delta, base)) {
1200
- if (check_crl_time(ctx, delta, 0))
1201
- *pscore |= CRL_SCORE_TIME_DELTA;
1202
- X509_CRL_up_ref(delta);
1203
- *dcrl = delta;
1204
- return;
1205
- }
1206
- }
1207
- *dcrl = NULL;
1208
- }
1209
-
1210
- /*
1211
- * For a given CRL return how suitable it is for the supplied certificate
1212
- * 'x'. The return value is a mask of several criteria. If the issuer is not
1213
- * the certificate issuer this is returned in *pissuer. The reasons mask is
1214
- * also used to determine if the CRL is suitable: if no new reasons the CRL
1215
- * is rejected, otherwise reasons is updated.
1216
- */
1100
+ X509_CRL *base, STACK_OF(X509_CRL) *crls) {
1101
+ X509_CRL *delta;
1102
+ size_t i;
1103
+ if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) {
1104
+ return;
1105
+ }
1106
+ if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) {
1107
+ return;
1108
+ }
1109
+ for (i = 0; i < sk_X509_CRL_num(crls); i++) {
1110
+ delta = sk_X509_CRL_value(crls, i);
1111
+ if (check_delta_base(delta, base)) {
1112
+ if (check_crl_time(ctx, delta, 0)) {
1113
+ *pscore |= CRL_SCORE_TIME_DELTA;
1114
+ }
1115
+ X509_CRL_up_ref(delta);
1116
+ *dcrl = delta;
1117
+ return;
1118
+ }
1119
+ }
1120
+ *dcrl = NULL;
1121
+ }
1122
+
1123
+ // For a given CRL return how suitable it is for the supplied certificate
1124
+ // 'x'. The return value is a mask of several criteria. If the issuer is not
1125
+ // the certificate issuer this is returned in *pissuer. The reasons mask is
1126
+ // also used to determine if the CRL is suitable: if no new reasons the CRL
1127
+ // is rejected, otherwise reasons is updated.
1217
1128
 
1218
1129
  static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
1219
- unsigned int *preasons, X509_CRL *crl, X509 *x)
1220
- {
1221
-
1222
- int crl_score = 0;
1223
- unsigned int tmp_reasons = *preasons, crl_reasons;
1130
+ unsigned int *preasons, X509_CRL *crl, X509 *x) {
1131
+ int crl_score = 0;
1132
+ unsigned int tmp_reasons = *preasons, crl_reasons;
1224
1133
 
1225
- /* First see if we can reject CRL straight away */
1134
+ // First see if we can reject CRL straight away
1226
1135
 
1227
- /* Invalid IDP cannot be processed */
1228
- if (crl->idp_flags & IDP_INVALID)
1229
- return 0;
1230
- /* Reason codes or indirect CRLs need extended CRL support */
1231
- if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1232
- if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
1233
- return 0;
1234
- } else if (crl->idp_flags & IDP_REASONS) {
1235
- /* If no new reasons reject */
1236
- if (!(crl->idp_reasons & ~tmp_reasons))
1237
- return 0;
1136
+ // Invalid IDP cannot be processed
1137
+ if (crl->idp_flags & IDP_INVALID) {
1138
+ return 0;
1139
+ }
1140
+ // Reason codes or indirect CRLs need extended CRL support
1141
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1142
+ if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) {
1143
+ return 0;
1144
+ }
1145
+ } else if (crl->idp_flags & IDP_REASONS) {
1146
+ // If no new reasons reject
1147
+ if (!(crl->idp_reasons & ~tmp_reasons)) {
1148
+ return 0;
1149
+ }
1150
+ }
1151
+ // Don't process deltas at this stage
1152
+ else if (crl->base_crl_number) {
1153
+ return 0;
1154
+ }
1155
+ // If issuer name doesn't match certificate need indirect CRL
1156
+ if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1157
+ if (!(crl->idp_flags & IDP_INDIRECT)) {
1158
+ return 0;
1238
1159
  }
1239
- /* Don't process deltas at this stage */
1240
- else if (crl->base_crl_number)
1241
- return 0;
1242
- /* If issuer name doesn't match certificate need indirect CRL */
1243
- if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
1244
- if (!(crl->idp_flags & IDP_INDIRECT))
1245
- return 0;
1246
- } else
1247
- crl_score |= CRL_SCORE_ISSUER_NAME;
1160
+ } else {
1161
+ crl_score |= CRL_SCORE_ISSUER_NAME;
1162
+ }
1248
1163
 
1249
- if (!(crl->flags & EXFLAG_CRITICAL))
1250
- crl_score |= CRL_SCORE_NOCRITICAL;
1164
+ if (!(crl->flags & EXFLAG_CRITICAL)) {
1165
+ crl_score |= CRL_SCORE_NOCRITICAL;
1166
+ }
1251
1167
 
1252
- /* Check expiry */
1253
- if (check_crl_time(ctx, crl, 0))
1254
- crl_score |= CRL_SCORE_TIME;
1168
+ // Check expiry
1169
+ if (check_crl_time(ctx, crl, 0)) {
1170
+ crl_score |= CRL_SCORE_TIME;
1171
+ }
1255
1172
 
1256
- /* Check authority key ID and locate certificate issuer */
1257
- crl_akid_check(ctx, crl, pissuer, &crl_score);
1173
+ // Check authority key ID and locate certificate issuer
1174
+ crl_akid_check(ctx, crl, pissuer, &crl_score);
1258
1175
 
1259
- /* If we can't locate certificate issuer at this point forget it */
1176
+ // If we can't locate certificate issuer at this point forget it
1260
1177
 
1261
- if (!(crl_score & CRL_SCORE_AKID))
1262
- return 0;
1178
+ if (!(crl_score & CRL_SCORE_AKID)) {
1179
+ return 0;
1180
+ }
1263
1181
 
1264
- /* Check cert for matching CRL distribution points */
1182
+ // Check cert for matching CRL distribution points
1265
1183
 
1266
- if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1267
- /* If no new reasons reject */
1268
- if (!(crl_reasons & ~tmp_reasons))
1269
- return 0;
1270
- tmp_reasons |= crl_reasons;
1271
- crl_score |= CRL_SCORE_SCOPE;
1184
+ if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
1185
+ // If no new reasons reject
1186
+ if (!(crl_reasons & ~tmp_reasons)) {
1187
+ return 0;
1272
1188
  }
1189
+ tmp_reasons |= crl_reasons;
1190
+ crl_score |= CRL_SCORE_SCOPE;
1191
+ }
1273
1192
 
1274
- *preasons = tmp_reasons;
1275
-
1276
- return crl_score;
1193
+ *preasons = tmp_reasons;
1277
1194
 
1195
+ return crl_score;
1278
1196
  }
1279
1197
 
1280
- static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
1281
- X509 **pissuer, int *pcrl_score)
1282
- {
1283
- X509 *crl_issuer = NULL;
1284
- X509_NAME *cnm = X509_CRL_get_issuer(crl);
1285
- int cidx = ctx->error_depth;
1286
- size_t i;
1198
+ static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
1199
+ int *pcrl_score) {
1200
+ X509 *crl_issuer = NULL;
1201
+ X509_NAME *cnm = X509_CRL_get_issuer(crl);
1202
+ int cidx = ctx->error_depth;
1203
+ size_t i;
1287
1204
 
1288
- if ((size_t)cidx != sk_X509_num(ctx->chain) - 1)
1289
- cidx++;
1205
+ if ((size_t)cidx != sk_X509_num(ctx->chain) - 1) {
1206
+ cidx++;
1207
+ }
1290
1208
 
1291
- crl_issuer = sk_X509_value(ctx->chain, cidx);
1209
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1292
1210
 
1293
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1294
- if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1295
- *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1296
- *pissuer = crl_issuer;
1297
- return;
1298
- }
1211
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1212
+ if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
1213
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
1214
+ *pissuer = crl_issuer;
1215
+ return;
1299
1216
  }
1217
+ }
1300
1218
 
1301
- for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1302
- crl_issuer = sk_X509_value(ctx->chain, cidx);
1303
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1304
- continue;
1305
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1306
- *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1307
- *pissuer = crl_issuer;
1308
- return;
1309
- }
1219
+ for (cidx++; cidx < (int)sk_X509_num(ctx->chain); cidx++) {
1220
+ crl_issuer = sk_X509_value(ctx->chain, cidx);
1221
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1222
+ continue;
1310
1223
  }
1224
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1225
+ *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
1226
+ *pissuer = crl_issuer;
1227
+ return;
1228
+ }
1229
+ }
1311
1230
 
1312
- /* Anything else needs extended CRL support */
1231
+ // Anything else needs extended CRL support
1313
1232
 
1314
- if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
1315
- return;
1233
+ if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
1234
+ return;
1235
+ }
1316
1236
 
1317
- /*
1318
- * Otherwise the CRL issuer is not on the path. Look for it in the set of
1319
- * untrusted certificates.
1320
- */
1321
- for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1322
- crl_issuer = sk_X509_value(ctx->untrusted, i);
1323
- if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
1324
- continue;
1325
- if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1326
- *pissuer = crl_issuer;
1327
- *pcrl_score |= CRL_SCORE_AKID;
1328
- return;
1329
- }
1237
+ // Otherwise the CRL issuer is not on the path. Look for it in the set of
1238
+ // untrusted certificates.
1239
+ for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
1240
+ crl_issuer = sk_X509_value(ctx->untrusted, i);
1241
+ if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) {
1242
+ continue;
1243
+ }
1244
+ if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
1245
+ *pissuer = crl_issuer;
1246
+ *pcrl_score |= CRL_SCORE_AKID;
1247
+ return;
1330
1248
  }
1249
+ }
1331
1250
  }
1332
1251
 
1333
- /*
1334
- * Check the path of a CRL issuer certificate. This creates a new
1335
- * X509_STORE_CTX and populates it with most of the parameters from the
1336
- * parent. This could be optimised somewhat since a lot of path checking will
1337
- * be duplicated by the parent, but this will rarely be used in practice.
1338
- */
1339
-
1340
- static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
1341
- {
1342
- X509_STORE_CTX crl_ctx;
1343
- int ret;
1344
- /* Don't allow recursive CRL path validation */
1345
- if (ctx->parent)
1346
- return 0;
1347
- if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
1348
- return -1;
1349
-
1350
- crl_ctx.crls = ctx->crls;
1351
- /* Copy verify params across */
1352
- X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1353
-
1354
- crl_ctx.parent = ctx;
1355
- crl_ctx.verify_cb = ctx->verify_cb;
1356
-
1357
- /* Verify CRL issuer */
1358
- ret = X509_verify_cert(&crl_ctx);
1252
+ // Check the path of a CRL issuer certificate. This creates a new
1253
+ // X509_STORE_CTX and populates it with most of the parameters from the
1254
+ // parent. This could be optimised somewhat since a lot of path checking will
1255
+ // be duplicated by the parent, but this will rarely be used in practice.
1359
1256
 
1360
- if (ret <= 0)
1361
- goto err;
1362
-
1363
- /* Check chain is acceptable */
1364
-
1365
- ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1366
- err:
1367
- X509_STORE_CTX_cleanup(&crl_ctx);
1368
- return ret;
1369
- }
1370
-
1371
- /*
1372
- * RFC 3280 says nothing about the relationship between CRL path and
1373
- * certificate path, which could lead to situations where a certificate could
1374
- * be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1375
- * strict and states that the two paths must end in the same trust anchor,
1376
- * though some discussions remain... until this is resolved we use the
1377
- * RFC 5280 version
1378
- */
1379
-
1380
- static int check_crl_chain(X509_STORE_CTX *ctx,
1381
- STACK_OF(X509) *cert_path,
1382
- STACK_OF(X509) *crl_path)
1383
- {
1384
- X509 *cert_ta, *crl_ta;
1385
- cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1386
- crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1387
- if (!X509_cmp(cert_ta, crl_ta))
1388
- return 1;
1257
+ static int check_crl_path(X509_STORE_CTX *ctx, X509 *x) {
1258
+ X509_STORE_CTX crl_ctx;
1259
+ int ret;
1260
+ // Don't allow recursive CRL path validation
1261
+ if (ctx->parent) {
1389
1262
  return 0;
1263
+ }
1264
+ if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) {
1265
+ return -1;
1266
+ }
1267
+
1268
+ crl_ctx.crls = ctx->crls;
1269
+ // Copy verify params across
1270
+ X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
1271
+
1272
+ crl_ctx.parent = ctx;
1273
+ crl_ctx.verify_cb = ctx->verify_cb;
1274
+
1275
+ // Verify CRL issuer
1276
+ ret = X509_verify_cert(&crl_ctx);
1277
+
1278
+ if (ret <= 0) {
1279
+ goto err;
1280
+ }
1281
+
1282
+ // Check chain is acceptable
1283
+
1284
+ ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
1285
+ err:
1286
+ X509_STORE_CTX_cleanup(&crl_ctx);
1287
+ return ret;
1288
+ }
1289
+
1290
+ // RFC 3280 says nothing about the relationship between CRL path and
1291
+ // certificate path, which could lead to situations where a certificate could
1292
+ // be revoked or validated by a CA not authorised to do so. RFC 5280 is more
1293
+ // strict and states that the two paths must end in the same trust anchor,
1294
+ // though some discussions remain... until this is resolved we use the
1295
+ // RFC 5280 version
1296
+
1297
+ static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path,
1298
+ STACK_OF(X509) *crl_path) {
1299
+ X509 *cert_ta, *crl_ta;
1300
+ cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
1301
+ crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
1302
+ if (!X509_cmp(cert_ta, crl_ta)) {
1303
+ return 1;
1304
+ }
1305
+ return 0;
1390
1306
  }
1391
1307
 
1392
- /*
1393
- * Check for match between two dist point names: three separate cases. 1.
1394
- * Both are relative names and compare X509_NAME types. 2. One full, one
1395
- * relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1396
- * compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1397
- */
1398
-
1399
- static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
1400
- {
1401
- X509_NAME *nm = NULL;
1402
- GENERAL_NAMES *gens = NULL;
1403
- GENERAL_NAME *gena, *genb;
1404
- size_t i, j;
1405
- if (!a || !b)
1308
+ // Check for match between two dist point names: three separate cases. 1.
1309
+ // Both are relative names and compare X509_NAME types. 2. One full, one
1310
+ // relative. Compare X509_NAME to GENERAL_NAMES. 3. Both are full names and
1311
+ // compare two GENERAL_NAMES. 4. One is NULL: automatic match.
1312
+
1313
+ static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) {
1314
+ X509_NAME *nm = NULL;
1315
+ GENERAL_NAMES *gens = NULL;
1316
+ GENERAL_NAME *gena, *genb;
1317
+ size_t i, j;
1318
+ if (!a || !b) {
1319
+ return 1;
1320
+ }
1321
+ if (a->type == 1) {
1322
+ if (!a->dpname) {
1323
+ return 0;
1324
+ }
1325
+ // Case 1: two X509_NAME
1326
+ if (b->type == 1) {
1327
+ if (!b->dpname) {
1328
+ return 0;
1329
+ }
1330
+ if (!X509_NAME_cmp(a->dpname, b->dpname)) {
1406
1331
  return 1;
1407
- if (a->type == 1) {
1408
- if (!a->dpname)
1409
- return 0;
1410
- /* Case 1: two X509_NAME */
1411
- if (b->type == 1) {
1412
- if (!b->dpname)
1413
- return 0;
1414
- if (!X509_NAME_cmp(a->dpname, b->dpname))
1415
- return 1;
1416
- else
1417
- return 0;
1418
- }
1419
- /* Case 2: set name and GENERAL_NAMES appropriately */
1420
- nm = a->dpname;
1421
- gens = b->name.fullname;
1422
- } else if (b->type == 1) {
1423
- if (!b->dpname)
1424
- return 0;
1425
- /* Case 2: set name and GENERAL_NAMES appropriately */
1426
- gens = a->name.fullname;
1427
- nm = b->dpname;
1428
- }
1429
-
1430
- /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
1431
- if (nm) {
1432
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1433
- gena = sk_GENERAL_NAME_value(gens, i);
1434
- if (gena->type != GEN_DIRNAME)
1435
- continue;
1436
- if (!X509_NAME_cmp(nm, gena->d.directoryName))
1437
- return 1;
1438
- }
1332
+ } else {
1439
1333
  return 0;
1334
+ }
1335
+ }
1336
+ // Case 2: set name and GENERAL_NAMES appropriately
1337
+ nm = a->dpname;
1338
+ gens = b->name.fullname;
1339
+ } else if (b->type == 1) {
1340
+ if (!b->dpname) {
1341
+ return 0;
1342
+ }
1343
+ // Case 2: set name and GENERAL_NAMES appropriately
1344
+ gens = a->name.fullname;
1345
+ nm = b->dpname;
1346
+ }
1347
+
1348
+ // Handle case 2 with one GENERAL_NAMES and one X509_NAME
1349
+ if (nm) {
1350
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
1351
+ gena = sk_GENERAL_NAME_value(gens, i);
1352
+ if (gena->type != GEN_DIRNAME) {
1353
+ continue;
1354
+ }
1355
+ if (!X509_NAME_cmp(nm, gena->d.directoryName)) {
1356
+ return 1;
1357
+ }
1440
1358
  }
1359
+ return 0;
1360
+ }
1441
1361
 
1442
- /* Else case 3: two GENERAL_NAMES */
1362
+ // Else case 3: two GENERAL_NAMES
1443
1363
 
1444
- for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1445
- gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1446
- for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1447
- genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1448
- if (!GENERAL_NAME_cmp(gena, genb))
1449
- return 1;
1450
- }
1364
+ for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
1365
+ gena = sk_GENERAL_NAME_value(a->name.fullname, i);
1366
+ for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
1367
+ genb = sk_GENERAL_NAME_value(b->name.fullname, j);
1368
+ if (!GENERAL_NAME_cmp(gena, genb)) {
1369
+ return 1;
1370
+ }
1451
1371
  }
1372
+ }
1452
1373
 
1453
- return 0;
1454
-
1374
+ return 0;
1455
1375
  }
1456
1376
 
1457
- static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
1458
- {
1459
- size_t i;
1460
- X509_NAME *nm = X509_CRL_get_issuer(crl);
1461
- /* If no CRLissuer return is successful iff don't need a match */
1462
- if (!dp->CRLissuer)
1463
- return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
1464
- for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1465
- GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1466
- if (gen->type != GEN_DIRNAME)
1467
- continue;
1468
- if (!X509_NAME_cmp(gen->d.directoryName, nm))
1469
- return 1;
1377
+ static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) {
1378
+ size_t i;
1379
+ X509_NAME *nm = X509_CRL_get_issuer(crl);
1380
+ // If no CRLissuer return is successful iff don't need a match
1381
+ if (!dp->CRLissuer) {
1382
+ return !!(crl_score & CRL_SCORE_ISSUER_NAME);
1383
+ }
1384
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
1385
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
1386
+ if (gen->type != GEN_DIRNAME) {
1387
+ continue;
1470
1388
  }
1471
- return 0;
1389
+ if (!X509_NAME_cmp(gen->d.directoryName, nm)) {
1390
+ return 1;
1391
+ }
1392
+ }
1393
+ return 0;
1472
1394
  }
1473
1395
 
1474
- /* Check CRLDP and IDP */
1396
+ // Check CRLDP and IDP
1475
1397
 
1476
1398
  static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
1477
- unsigned int *preasons)
1478
- {
1479
- size_t i;
1480
- if (crl->idp_flags & IDP_ONLYATTR)
1481
- return 0;
1482
- if (x->ex_flags & EXFLAG_CA) {
1483
- if (crl->idp_flags & IDP_ONLYUSER)
1484
- return 0;
1485
- } else {
1486
- if (crl->idp_flags & IDP_ONLYCA)
1487
- return 0;
1488
- }
1489
- *preasons = crl->idp_reasons;
1490
- for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1491
- DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1492
- if (crldp_check_crlissuer(dp, crl, crl_score)) {
1493
- if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1494
- *preasons &= dp->dp_reasons;
1495
- return 1;
1496
- }
1497
- }
1498
- }
1499
- if ((!crl->idp || !crl->idp->distpoint)
1500
- && (crl_score & CRL_SCORE_ISSUER_NAME))
1501
- return 1;
1399
+ unsigned int *preasons) {
1400
+ size_t i;
1401
+ if (crl->idp_flags & IDP_ONLYATTR) {
1502
1402
  return 0;
1403
+ }
1404
+ if (x->ex_flags & EXFLAG_CA) {
1405
+ if (crl->idp_flags & IDP_ONLYUSER) {
1406
+ return 0;
1407
+ }
1408
+ } else {
1409
+ if (crl->idp_flags & IDP_ONLYCA) {
1410
+ return 0;
1411
+ }
1412
+ }
1413
+ *preasons = crl->idp_reasons;
1414
+ for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
1415
+ DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
1416
+ if (crldp_check_crlissuer(dp, crl, crl_score)) {
1417
+ if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
1418
+ *preasons &= dp->dp_reasons;
1419
+ return 1;
1420
+ }
1421
+ }
1422
+ }
1423
+ if ((!crl->idp || !crl->idp->distpoint) &&
1424
+ (crl_score & CRL_SCORE_ISSUER_NAME)) {
1425
+ return 1;
1426
+ }
1427
+ return 0;
1503
1428
  }
1504
1429
 
1505
- /*
1506
- * Retrieve CRL corresponding to current certificate. If deltas enabled try
1507
- * to find a delta CRL too
1508
- */
1430
+ // Retrieve CRL corresponding to current certificate. If deltas enabled try
1431
+ // to find a delta CRL too
1509
1432
 
1510
- static int get_crl_delta(X509_STORE_CTX *ctx,
1511
- X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
1512
- {
1513
- int ok;
1514
- X509 *issuer = NULL;
1515
- int crl_score = 0;
1516
- unsigned int reasons;
1517
- X509_CRL *crl = NULL, *dcrl = NULL;
1518
- STACK_OF(X509_CRL) *skcrl;
1519
- X509_NAME *nm = X509_get_issuer_name(x);
1520
- reasons = ctx->current_reasons;
1521
- ok = get_crl_sk(ctx, &crl, &dcrl,
1522
- &issuer, &crl_score, &reasons, ctx->crls);
1433
+ static int get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
1434
+ X509 *x) {
1435
+ int ok;
1436
+ X509 *issuer = NULL;
1437
+ int crl_score = 0;
1438
+ unsigned int reasons;
1439
+ X509_CRL *crl = NULL, *dcrl = NULL;
1440
+ STACK_OF(X509_CRL) *skcrl;
1441
+ X509_NAME *nm = X509_get_issuer_name(x);
1442
+ reasons = ctx->current_reasons;
1443
+ ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, ctx->crls);
1523
1444
 
1524
- if (ok)
1525
- goto done;
1445
+ if (ok) {
1446
+ goto done;
1447
+ }
1526
1448
 
1527
- /* Lookup CRLs from store */
1449
+ // Lookup CRLs from store
1528
1450
 
1529
- skcrl = ctx->lookup_crls(ctx, nm);
1451
+ skcrl = ctx->lookup_crls(ctx, nm);
1530
1452
 
1531
- /* If no CRLs found and a near match from get_crl_sk use that */
1532
- if (!skcrl && crl)
1533
- goto done;
1453
+ // If no CRLs found and a near match from get_crl_sk use that
1454
+ if (!skcrl && crl) {
1455
+ goto done;
1456
+ }
1534
1457
 
1535
- get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1458
+ get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
1536
1459
 
1537
- sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1460
+ sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
1538
1461
 
1539
- done:
1462
+ done:
1540
1463
 
1541
- /* If we got any kind of CRL use it and return success */
1542
- if (crl) {
1543
- ctx->current_issuer = issuer;
1544
- ctx->current_crl_score = crl_score;
1545
- ctx->current_reasons = reasons;
1546
- *pcrl = crl;
1547
- *pdcrl = dcrl;
1548
- return 1;
1464
+ // If we got any kind of CRL use it and return success
1465
+ if (crl) {
1466
+ ctx->current_issuer = issuer;
1467
+ ctx->current_crl_score = crl_score;
1468
+ ctx->current_reasons = reasons;
1469
+ *pcrl = crl;
1470
+ *pdcrl = dcrl;
1471
+ return 1;
1472
+ }
1473
+
1474
+ return 0;
1475
+ }
1476
+
1477
+ // Check CRL validity
1478
+ static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) {
1479
+ X509 *issuer = NULL;
1480
+ EVP_PKEY *ikey = NULL;
1481
+ int ok = 0, chnum, cnum;
1482
+ cnum = ctx->error_depth;
1483
+ chnum = sk_X509_num(ctx->chain) - 1;
1484
+ // if we have an alternative CRL issuer cert use that
1485
+ if (ctx->current_issuer) {
1486
+ issuer = ctx->current_issuer;
1487
+ }
1488
+
1489
+ // Else find CRL issuer: if not last certificate then issuer is next
1490
+ // certificate in chain.
1491
+ else if (cnum < chnum) {
1492
+ issuer = sk_X509_value(ctx->chain, cnum + 1);
1493
+ } else {
1494
+ issuer = sk_X509_value(ctx->chain, chnum);
1495
+ // If not self signed, can't check signature
1496
+ if (!ctx->check_issued(ctx, issuer, issuer)) {
1497
+ ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1498
+ ok = ctx->verify_cb(0, ctx);
1499
+ if (!ok) {
1500
+ goto err;
1501
+ }
1549
1502
  }
1503
+ }
1550
1504
 
1551
- return 0;
1552
- }
1553
-
1554
- /* Check CRL validity */
1555
- static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
1556
- {
1557
- X509 *issuer = NULL;
1558
- EVP_PKEY *ikey = NULL;
1559
- int ok = 0, chnum, cnum;
1560
- cnum = ctx->error_depth;
1561
- chnum = sk_X509_num(ctx->chain) - 1;
1562
- /* if we have an alternative CRL issuer cert use that */
1563
- if (ctx->current_issuer)
1564
- issuer = ctx->current_issuer;
1565
-
1566
- /*
1567
- * Else find CRL issuer: if not last certificate then issuer is next
1568
- * certificate in chain.
1569
- */
1570
- else if (cnum < chnum)
1571
- issuer = sk_X509_value(ctx->chain, cnum + 1);
1572
- else {
1573
- issuer = sk_X509_value(ctx->chain, chnum);
1574
- /* If not self signed, can't check signature */
1575
- if (!ctx->check_issued(ctx, issuer, issuer)) {
1576
- ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
1577
- ok = ctx->verify_cb(0, ctx);
1578
- if (!ok)
1579
- goto err;
1505
+ if (issuer) {
1506
+ // Skip most tests for deltas because they have already been done
1507
+ if (!crl->base_crl_number) {
1508
+ // Check for cRLSign bit if keyUsage present
1509
+ if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1510
+ !(issuer->ex_kusage & KU_CRL_SIGN)) {
1511
+ ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1512
+ ok = ctx->verify_cb(0, ctx);
1513
+ if (!ok) {
1514
+ goto err;
1580
1515
  }
1581
- }
1582
-
1583
- if (issuer) {
1584
- /*
1585
- * Skip most tests for deltas because they have already been done
1586
- */
1587
- if (!crl->base_crl_number) {
1588
- /* Check for cRLSign bit if keyUsage present */
1589
- if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
1590
- !(issuer->ex_kusage & KU_CRL_SIGN)) {
1591
- ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
1592
- ok = ctx->verify_cb(0, ctx);
1593
- if (!ok)
1594
- goto err;
1595
- }
1596
-
1597
- if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1598
- ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1599
- ok = ctx->verify_cb(0, ctx);
1600
- if (!ok)
1601
- goto err;
1602
- }
1603
-
1604
- if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1605
- if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1606
- ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1607
- ok = ctx->verify_cb(0, ctx);
1608
- if (!ok)
1609
- goto err;
1610
- }
1611
- }
1612
-
1613
- if (crl->idp_flags & IDP_INVALID) {
1614
- ctx->error = X509_V_ERR_INVALID_EXTENSION;
1615
- ok = ctx->verify_cb(0, ctx);
1616
- if (!ok)
1617
- goto err;
1618
- }
1516
+ }
1619
1517
 
1518
+ if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) {
1519
+ ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE;
1520
+ ok = ctx->verify_cb(0, ctx);
1521
+ if (!ok) {
1522
+ goto err;
1620
1523
  }
1524
+ }
1621
1525
 
1622
- if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1623
- ok = check_crl_time(ctx, crl, 1);
1624
- if (!ok)
1625
- goto err;
1526
+ if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) {
1527
+ if (check_crl_path(ctx, ctx->current_issuer) <= 0) {
1528
+ ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR;
1529
+ ok = ctx->verify_cb(0, ctx);
1530
+ if (!ok) {
1531
+ goto err;
1532
+ }
1626
1533
  }
1534
+ }
1627
1535
 
1628
- /* Attempt to get issuer certificate public key */
1629
- ikey = X509_get_pubkey(issuer);
1630
-
1631
- if (!ikey) {
1632
- ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1633
- ok = ctx->verify_cb(0, ctx);
1634
- if (!ok)
1635
- goto err;
1636
- } else {
1637
- int rv;
1638
- rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
1639
- if (rv != X509_V_OK) {
1640
- ctx->error = rv;
1641
- ok = ctx->verify_cb(0, ctx);
1642
- if (!ok)
1643
- goto err;
1644
- }
1645
- /* Verify CRL signature */
1646
- if (X509_CRL_verify(crl, ikey) <= 0) {
1647
- ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1648
- ok = ctx->verify_cb(0, ctx);
1649
- if (!ok)
1650
- goto err;
1651
- }
1536
+ if (crl->idp_flags & IDP_INVALID) {
1537
+ ctx->error = X509_V_ERR_INVALID_EXTENSION;
1538
+ ok = ctx->verify_cb(0, ctx);
1539
+ if (!ok) {
1540
+ goto err;
1652
1541
  }
1542
+ }
1653
1543
  }
1654
1544
 
1655
- ok = 1;
1545
+ if (!(ctx->current_crl_score & CRL_SCORE_TIME)) {
1546
+ ok = check_crl_time(ctx, crl, 1);
1547
+ if (!ok) {
1548
+ goto err;
1549
+ }
1550
+ }
1656
1551
 
1657
- err:
1658
- EVP_PKEY_free(ikey);
1659
- return ok;
1660
- }
1552
+ // Attempt to get issuer certificate public key
1553
+ ikey = X509_get_pubkey(issuer);
1661
1554
 
1662
- /* Check certificate against CRL */
1663
- static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
1664
- {
1665
- int ok;
1666
- X509_REVOKED *rev;
1667
- /*
1668
- * The rules changed for this... previously if a CRL contained unhandled
1669
- * critical extensions it could still be used to indicate a certificate
1670
- * was revoked. This has since been changed since critical extension can
1671
- * change the meaning of CRL entries.
1672
- */
1673
- if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
1674
- && (crl->flags & EXFLAG_CRITICAL)) {
1675
- ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1676
- ok = ctx->verify_cb(0, ctx);
1677
- if (!ok)
1678
- return 0;
1679
- }
1680
- /*
1681
- * Look for serial number of certificate in CRL If found make sure reason
1682
- * is not removeFromCRL.
1683
- */
1684
- if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1685
- if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
1686
- return 2;
1687
- ctx->error = X509_V_ERR_CERT_REVOKED;
1555
+ if (!ikey) {
1556
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1557
+ ok = ctx->verify_cb(0, ctx);
1558
+ if (!ok) {
1559
+ goto err;
1560
+ }
1561
+ } else {
1562
+ // Verify CRL signature
1563
+ if (X509_CRL_verify(crl, ikey) <= 0) {
1564
+ ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
1688
1565
  ok = ctx->verify_cb(0, ctx);
1689
- if (!ok)
1690
- return 0;
1566
+ if (!ok) {
1567
+ goto err;
1568
+ }
1569
+ }
1691
1570
  }
1571
+ }
1692
1572
 
1693
- return 1;
1573
+ ok = 1;
1574
+
1575
+ err:
1576
+ EVP_PKEY_free(ikey);
1577
+ return ok;
1694
1578
  }
1695
1579
 
1696
- static int check_policy(X509_STORE_CTX *ctx)
1697
- {
1698
- int ret;
1699
- if (ctx->parent)
1700
- return 1;
1701
- ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
1702
- ctx->param->policies, ctx->param->flags);
1703
- if (ret == 0) {
1704
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
1705
- ctx->error = X509_V_ERR_OUT_OF_MEM;
1706
- return 0;
1580
+ // Check certificate against CRL
1581
+ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) {
1582
+ int ok;
1583
+ X509_REVOKED *rev;
1584
+ // The rules changed for this... previously if a CRL contained unhandled
1585
+ // critical extensions it could still be used to indicate a certificate
1586
+ // was revoked. This has since been changed since critical extension can
1587
+ // change the meaning of CRL entries.
1588
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) &&
1589
+ (crl->flags & EXFLAG_CRITICAL)) {
1590
+ ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
1591
+ ok = ctx->verify_cb(0, ctx);
1592
+ if (!ok) {
1593
+ return 0;
1707
1594
  }
1708
- /* Invalid or inconsistent extensions */
1709
- if (ret == -1) {
1710
- /*
1711
- * Locate certificates with bad extensions and notify callback.
1712
- */
1713
- X509 *x;
1714
- size_t i;
1715
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
1716
- x = sk_X509_value(ctx->chain, i);
1717
- if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
1718
- continue;
1719
- ctx->current_cert = x;
1720
- ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
1721
- if (!ctx->verify_cb(0, ctx))
1722
- return 0;
1723
- }
1724
- return 1;
1595
+ }
1596
+ // Look for serial number of certificate in CRL If found make sure reason
1597
+ // is not removeFromCRL.
1598
+ if (X509_CRL_get0_by_cert(crl, &rev, x)) {
1599
+ if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) {
1600
+ return 2;
1725
1601
  }
1726
- if (ret == -2) {
1727
- ctx->current_cert = NULL;
1728
- ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
1729
- return ctx->verify_cb(0, ctx);
1730
- }
1731
-
1732
- if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1733
- ctx->current_cert = NULL;
1734
- /*
1735
- * Verification errors need to be "sticky", a callback may have allowed
1736
- * an SSL handshake to continue despite an error, and we must then
1737
- * remain in an error state. Therefore, we MUST NOT clear earlier
1738
- * verification errors by setting the error to X509_V_OK.
1739
- */
1740
- if (!ctx->verify_cb(2, ctx))
1741
- return 0;
1602
+ ctx->error = X509_V_ERR_CERT_REVOKED;
1603
+ ok = ctx->verify_cb(0, ctx);
1604
+ if (!ok) {
1605
+ return 0;
1742
1606
  }
1607
+ }
1743
1608
 
1744
- return 1;
1609
+ return 1;
1745
1610
  }
1746
1611
 
1747
- static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
1748
- {
1749
- time_t *ptime;
1750
- int i;
1612
+ static int check_policy(X509_STORE_CTX *ctx) {
1613
+ // TODO(davidben): Why do we disable policy validation for CRL paths?
1614
+ if (ctx->parent) {
1615
+ return 1;
1616
+ }
1751
1617
 
1752
- if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
1753
- ptime = &ctx->param->check_time;
1754
- else
1755
- ptime = NULL;
1618
+ X509 *current_cert = NULL;
1619
+ int ret = X509_policy_check(ctx->chain, ctx->param->policies,
1620
+ ctx->param->flags, &current_cert);
1621
+ if (ret != X509_V_OK) {
1622
+ ctx->current_cert = current_cert;
1623
+ ctx->error = ret;
1624
+ if (ret == X509_V_ERR_OUT_OF_MEM) {
1625
+ return 0;
1626
+ }
1627
+ return ctx->verify_cb(0, ctx);
1628
+ }
1756
1629
 
1757
- i = X509_cmp_time(X509_get_notBefore(x), ptime);
1758
- if (i == 0) {
1759
- ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1760
- ctx->current_cert = x;
1761
- if (!ctx->verify_cb(0, ctx))
1762
- return 0;
1630
+ if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
1631
+ ctx->current_cert = NULL;
1632
+ // Verification errors need to be "sticky", a callback may have allowed
1633
+ // an SSL handshake to continue despite an error, and we must then
1634
+ // remain in an error state. Therefore, we MUST NOT clear earlier
1635
+ // verification errors by setting the error to X509_V_OK.
1636
+ if (!ctx->verify_cb(2, ctx)) {
1637
+ return 0;
1763
1638
  }
1639
+ }
1764
1640
 
1765
- if (i > 0) {
1766
- ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1767
- ctx->current_cert = x;
1768
- if (!ctx->verify_cb(0, ctx))
1769
- return 0;
1641
+ return 1;
1642
+ }
1643
+
1644
+ static int check_cert_time(X509_STORE_CTX *ctx, X509 *x) {
1645
+ if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) {
1646
+ return 1;
1647
+ }
1648
+
1649
+ int64_t ptime;
1650
+ if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) {
1651
+ ptime = ctx->param->check_time;
1652
+ } else {
1653
+ ptime = time(NULL);
1654
+ }
1655
+
1656
+ int i = X509_cmp_time_posix(X509_get_notBefore(x), ptime);
1657
+ if (i == 0) {
1658
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
1659
+ ctx->current_cert = x;
1660
+ if (!ctx->verify_cb(0, ctx)) {
1661
+ return 0;
1770
1662
  }
1663
+ }
1771
1664
 
1772
- i = X509_cmp_time(X509_get_notAfter(x), ptime);
1773
- if (i == 0) {
1774
- ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1775
- ctx->current_cert = x;
1776
- if (!ctx->verify_cb(0, ctx))
1777
- return 0;
1665
+ if (i > 0) {
1666
+ ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
1667
+ ctx->current_cert = x;
1668
+ if (!ctx->verify_cb(0, ctx)) {
1669
+ return 0;
1778
1670
  }
1671
+ }
1779
1672
 
1780
- if (i < 0) {
1781
- ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1782
- ctx->current_cert = x;
1783
- if (!ctx->verify_cb(0, ctx))
1784
- return 0;
1673
+ i = X509_cmp_time_posix(X509_get_notAfter(x), ptime);
1674
+ if (i == 0) {
1675
+ ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
1676
+ ctx->current_cert = x;
1677
+ if (!ctx->verify_cb(0, ctx)) {
1678
+ return 0;
1785
1679
  }
1680
+ }
1786
1681
 
1787
- return 1;
1682
+ if (i < 0) {
1683
+ ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
1684
+ ctx->current_cert = x;
1685
+ if (!ctx->verify_cb(0, ctx)) {
1686
+ return 0;
1687
+ }
1688
+ }
1689
+
1690
+ return 1;
1788
1691
  }
1789
1692
 
1790
- static int internal_verify(X509_STORE_CTX *ctx)
1791
- {
1792
- int ok = 0, n;
1793
- X509 *xs, *xi;
1794
- EVP_PKEY *pkey = NULL;
1795
- int (*cb) (int xok, X509_STORE_CTX *xctx);
1693
+ static int internal_verify(X509_STORE_CTX *ctx) {
1694
+ int ok = 0, n;
1695
+ X509 *xs, *xi;
1696
+ EVP_PKEY *pkey = NULL;
1796
1697
 
1797
- cb = ctx->verify_cb;
1698
+ n = sk_X509_num(ctx->chain);
1699
+ ctx->error_depth = n - 1;
1700
+ n--;
1701
+ xi = sk_X509_value(ctx->chain, n);
1798
1702
 
1799
- n = sk_X509_num(ctx->chain);
1800
- ctx->error_depth = n - 1;
1801
- n--;
1802
- xi = sk_X509_value(ctx->chain, n);
1803
-
1804
- if (ctx->check_issued(ctx, xi, xi))
1805
- xs = xi;
1806
- else {
1807
- if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1808
- xs = xi;
1809
- goto check_cert;
1703
+ if (ctx->check_issued(ctx, xi, xi)) {
1704
+ xs = xi;
1705
+ } else {
1706
+ if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
1707
+ xs = xi;
1708
+ goto check_cert;
1709
+ }
1710
+ if (n <= 0) {
1711
+ ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1712
+ ctx->current_cert = xi;
1713
+ ok = ctx->verify_cb(0, ctx);
1714
+ goto end;
1715
+ } else {
1716
+ n--;
1717
+ ctx->error_depth = n;
1718
+ xs = sk_X509_value(ctx->chain, n);
1719
+ }
1720
+ }
1721
+
1722
+ // ctx->error=0; not needed
1723
+ while (n >= 0) {
1724
+ ctx->error_depth = n;
1725
+
1726
+ // Skip signature check for self signed certificates unless
1727
+ // explicitly asked for. It doesn't add any security and just wastes
1728
+ // time.
1729
+ if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1730
+ if ((pkey = X509_get_pubkey(xi)) == NULL) {
1731
+ ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1732
+ ctx->current_cert = xi;
1733
+ ok = ctx->verify_cb(0, ctx);
1734
+ if (!ok) {
1735
+ goto end;
1810
1736
  }
1811
- if (n <= 0) {
1812
- ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
1813
- ctx->current_cert = xi;
1814
- ok = cb(0, ctx);
1815
- goto end;
1816
- } else {
1817
- n--;
1818
- ctx->error_depth = n;
1819
- xs = sk_X509_value(ctx->chain, n);
1737
+ } else if (X509_verify(xs, pkey) <= 0) {
1738
+ ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1739
+ ctx->current_cert = xs;
1740
+ ok = ctx->verify_cb(0, ctx);
1741
+ if (!ok) {
1742
+ EVP_PKEY_free(pkey);
1743
+ goto end;
1820
1744
  }
1745
+ }
1746
+ EVP_PKEY_free(pkey);
1747
+ pkey = NULL;
1821
1748
  }
1822
1749
 
1823
- /* ctx->error=0; not needed */
1824
- while (n >= 0) {
1825
- ctx->error_depth = n;
1826
-
1827
- /*
1828
- * Skip signature check for self signed certificates unless
1829
- * explicitly asked for. It doesn't add any security and just wastes
1830
- * time.
1831
- */
1832
- if (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)) {
1833
- if ((pkey = X509_get_pubkey(xi)) == NULL) {
1834
- ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
1835
- ctx->current_cert = xi;
1836
- ok = (*cb) (0, ctx);
1837
- if (!ok)
1838
- goto end;
1839
- } else if (X509_verify(xs, pkey) <= 0) {
1840
- ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
1841
- ctx->current_cert = xs;
1842
- ok = (*cb) (0, ctx);
1843
- if (!ok) {
1844
- EVP_PKEY_free(pkey);
1845
- goto end;
1846
- }
1847
- }
1848
- EVP_PKEY_free(pkey);
1849
- pkey = NULL;
1850
- }
1851
-
1852
- check_cert:
1853
- ok = check_cert_time(ctx, xs);
1854
- if (!ok)
1855
- goto end;
1856
-
1857
- /* The last error (if any) is still in the error value */
1858
- ctx->current_issuer = xi;
1859
- ctx->current_cert = xs;
1860
- ok = (*cb) (1, ctx);
1861
- if (!ok)
1862
- goto end;
1863
-
1864
- n--;
1865
- if (n >= 0) {
1866
- xi = xs;
1867
- xs = sk_X509_value(ctx->chain, n);
1868
- }
1750
+ check_cert:
1751
+ ok = check_cert_time(ctx, xs);
1752
+ if (!ok) {
1753
+ goto end;
1869
1754
  }
1870
- ok = 1;
1871
- end:
1872
- return ok;
1873
- }
1874
-
1875
- int X509_cmp_current_time(const ASN1_TIME *ctm)
1876
- {
1877
- return X509_cmp_time(ctm, NULL);
1878
- }
1879
-
1880
- int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
1881
- {
1882
- static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
1883
- static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
1884
- ASN1_TIME *asn1_cmp_time = NULL;
1885
- int i, day, sec, ret = 0;
1886
-
1887
- /*
1888
- * Note that ASN.1 allows much more slack in the time format than RFC 5280.
1889
- * In RFC 5280, the representation is fixed:
1890
- * UTCTime: YYMMDDHHMMSSZ
1891
- * GeneralizedTime: YYYYMMDDHHMMSSZ
1892
- *
1893
- * We do NOT currently enforce the following RFC 5280 requirement:
1894
- * "CAs conforming to this profile MUST always encode certificate
1895
- * validity dates through the year 2049 as UTCTime; certificate validity
1896
- * dates in 2050 or later MUST be encoded as GeneralizedTime."
1897
- */
1898
- switch (ctm->type) {
1899
- case V_ASN1_UTCTIME:
1900
- if (ctm->length != (int)(utctime_length))
1901
- return 0;
1902
- break;
1903
- case V_ASN1_GENERALIZEDTIME:
1904
- if (ctm->length != (int)(generalizedtime_length))
1905
- return 0;
1906
- break;
1907
- default:
1908
- return 0;
1755
+
1756
+ // The last error (if any) is still in the error value
1757
+ ctx->current_issuer = xi;
1758
+ ctx->current_cert = xs;
1759
+ ok = ctx->verify_cb(1, ctx);
1760
+ if (!ok) {
1761
+ goto end;
1909
1762
  }
1910
1763
 
1911
- /**
1912
- * Verify the format: the ASN.1 functions we use below allow a more
1913
- * flexible format than what's mandated by RFC 5280.
1914
- * Digit and date ranges will be verified in the conversion methods.
1915
- */
1916
- for (i = 0; i < ctm->length - 1; i++) {
1917
- if (!isdigit(ctm->data[i]))
1918
- return 0;
1764
+ n--;
1765
+ if (n >= 0) {
1766
+ xi = xs;
1767
+ xs = sk_X509_value(ctx->chain, n);
1919
1768
  }
1920
- if (ctm->data[ctm->length - 1] != 'Z')
1921
- return 0;
1769
+ }
1770
+ ok = 1;
1771
+ end:
1772
+ return ok;
1773
+ }
1922
1774
 
1923
- /*
1924
- * There is ASN1_UTCTIME_cmp_time_t but no
1925
- * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
1926
- * so we go through ASN.1
1927
- */
1928
- asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
1929
- if (asn1_cmp_time == NULL)
1930
- goto err;
1931
- if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
1932
- goto err;
1775
+ int X509_cmp_current_time(const ASN1_TIME *ctm) {
1776
+ return X509_cmp_time_posix(ctm, time(NULL));
1777
+ }
1933
1778
 
1934
- /*
1935
- * X509_cmp_time comparison is <=.
1936
- * The return value 0 is reserved for errors.
1937
- */
1938
- ret = (day >= 0 && sec >= 0) ? -1 : 1;
1779
+ int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) {
1780
+ int64_t compare_time = (cmp_time == NULL) ? time(NULL) : *cmp_time;
1781
+ return X509_cmp_time_posix(ctm, compare_time);
1782
+ }
1939
1783
 
1940
- err:
1941
- ASN1_TIME_free(asn1_cmp_time);
1942
- return ret;
1784
+ int X509_cmp_time_posix(const ASN1_TIME *ctm, int64_t cmp_time) {
1785
+ int64_t ctm_time;
1786
+ if (!ASN1_TIME_to_posix(ctm, &ctm_time)) {
1787
+ return 0;
1788
+ }
1789
+ // The return value 0 is reserved for errors.
1790
+ return (ctm_time - cmp_time <= 0) ? -1 : 1;
1943
1791
  }
1944
1792
 
1945
- ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec)
1946
- {
1947
- return X509_time_adj(s, offset_sec, NULL);
1793
+ ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec) {
1794
+ return X509_time_adj(s, offset_sec, NULL);
1948
1795
  }
1949
1796
 
1950
- ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
1951
- {
1952
- return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1797
+ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm) {
1798
+ return X509_time_adj_ex(s, 0, offset_sec, in_tm);
1953
1799
  }
1954
1800
 
1955
- ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
1956
- int offset_day, long offset_sec, time_t *in_tm)
1957
- {
1958
- time_t t = 0;
1801
+ ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec,
1802
+ time_t *in_tm) {
1803
+ int64_t t = 0;
1959
1804
 
1960
- if (in_tm) {
1961
- t = *in_tm;
1962
- } else {
1963
- time(&t);
1964
- }
1965
-
1966
- return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1967
- }
1968
-
1969
- /* Make a delta CRL as the diff between two full CRLs */
1970
-
1971
- X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
1972
- EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
1973
- {
1974
- X509_CRL *crl = NULL;
1975
- int i;
1976
- size_t j;
1977
- STACK_OF(X509_REVOKED) *revs = NULL;
1978
- /* CRLs can't be delta already */
1979
- if (base->base_crl_number || newer->base_crl_number) {
1980
- OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1981
- return NULL;
1982
- }
1983
- /* Base and new CRL must have a CRL number */
1984
- if (!base->crl_number || !newer->crl_number) {
1985
- OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
1986
- return NULL;
1987
- }
1988
- /* Issuer names must match */
1989
- if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
1990
- OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
1991
- return NULL;
1992
- }
1993
- /* AKID and IDP must match */
1994
- if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
1995
- OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
1996
- return NULL;
1997
- }
1998
- if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
1999
- OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
2000
- return NULL;
2001
- }
2002
- /* Newer CRL number must exceed full CRL number */
2003
- if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
2004
- OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
2005
- return NULL;
2006
- }
2007
- /* CRLs must verify */
2008
- if (skey && (X509_CRL_verify(base, skey) <= 0 ||
2009
- X509_CRL_verify(newer, skey) <= 0)) {
2010
- OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
2011
- return NULL;
2012
- }
2013
- /* Create new CRL */
2014
- crl = X509_CRL_new();
2015
- if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
2016
- goto memerr;
2017
- /* Set issuer name */
2018
- if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
2019
- goto memerr;
1805
+ if (in_tm) {
1806
+ t = *in_tm;
1807
+ } else {
1808
+ t = time(NULL);
1809
+ }
2020
1810
 
2021
- if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
2022
- goto memerr;
2023
- if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
2024
- goto memerr;
1811
+ return ASN1_TIME_adj(s, t, offset_day, offset_sec);
1812
+ }
2025
1813
 
2026
- /* Set base CRL number: must be critical */
1814
+ // Make a delta CRL as the diff between two full CRLs
2027
1815
 
2028
- if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
1816
+ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer, EVP_PKEY *skey,
1817
+ const EVP_MD *md, unsigned int flags) {
1818
+ X509_CRL *crl = NULL;
1819
+ int i;
1820
+ size_t j;
1821
+ STACK_OF(X509_REVOKED) *revs = NULL;
1822
+ // CRLs can't be delta already
1823
+ if (base->base_crl_number || newer->base_crl_number) {
1824
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_ALREADY_DELTA);
1825
+ return NULL;
1826
+ }
1827
+ // Base and new CRL must have a CRL number
1828
+ if (!base->crl_number || !newer->crl_number) {
1829
+ OPENSSL_PUT_ERROR(X509, X509_R_NO_CRL_NUMBER);
1830
+ return NULL;
1831
+ }
1832
+ // Issuer names must match
1833
+ if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
1834
+ OPENSSL_PUT_ERROR(X509, X509_R_ISSUER_MISMATCH);
1835
+ return NULL;
1836
+ }
1837
+ // AKID and IDP must match
1838
+ if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
1839
+ OPENSSL_PUT_ERROR(X509, X509_R_AKID_MISMATCH);
1840
+ return NULL;
1841
+ }
1842
+ if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
1843
+ OPENSSL_PUT_ERROR(X509, X509_R_IDP_MISMATCH);
1844
+ return NULL;
1845
+ }
1846
+ // Newer CRL number must exceed full CRL number
1847
+ if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
1848
+ OPENSSL_PUT_ERROR(X509, X509_R_NEWER_CRL_NOT_NEWER);
1849
+ return NULL;
1850
+ }
1851
+ // CRLs must verify
1852
+ if (skey &&
1853
+ (X509_CRL_verify(base, skey) <= 0 || X509_CRL_verify(newer, skey) <= 0)) {
1854
+ OPENSSL_PUT_ERROR(X509, X509_R_CRL_VERIFY_FAILURE);
1855
+ return NULL;
1856
+ }
1857
+ // Create new CRL
1858
+ crl = X509_CRL_new();
1859
+ if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2)) {
1860
+ goto memerr;
1861
+ }
1862
+ // Set issuer name
1863
+ if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer))) {
1864
+ goto memerr;
1865
+ }
1866
+
1867
+ if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer))) {
1868
+ goto memerr;
1869
+ }
1870
+ if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer))) {
1871
+ goto memerr;
1872
+ }
1873
+
1874
+ // Set base CRL number: must be critical
1875
+
1876
+ if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0)) {
1877
+ goto memerr;
1878
+ }
1879
+
1880
+ // Copy extensions across from newest CRL to delta: this will set CRL
1881
+ // number to correct value too.
1882
+
1883
+ for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
1884
+ const X509_EXTENSION *ext = X509_CRL_get_ext(newer, i);
1885
+ if (!X509_CRL_add_ext(crl, ext, -1)) {
1886
+ goto memerr;
1887
+ }
1888
+ }
1889
+
1890
+ // Go through revoked entries, copying as needed
1891
+
1892
+ revs = X509_CRL_get_REVOKED(newer);
1893
+
1894
+ for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
1895
+ X509_REVOKED *rvn, *rvtmp;
1896
+ rvn = sk_X509_REVOKED_value(revs, j);
1897
+ // Add only if not also in base. TODO: need something cleverer here
1898
+ // for some more complex CRLs covering multiple CAs.
1899
+ if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
1900
+ rvtmp = X509_REVOKED_dup(rvn);
1901
+ if (!rvtmp) {
2029
1902
  goto memerr;
2030
-
2031
- /*
2032
- * Copy extensions across from newest CRL to delta: this will set CRL
2033
- * number to correct value too.
2034
- */
2035
-
2036
- for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
2037
- X509_EXTENSION *ext;
2038
- ext = X509_CRL_get_ext(newer, i);
2039
- if (!X509_CRL_add_ext(crl, ext, -1))
2040
- goto memerr;
2041
- }
2042
-
2043
- /* Go through revoked entries, copying as needed */
2044
-
2045
- revs = X509_CRL_get_REVOKED(newer);
2046
-
2047
- for (j = 0; j < sk_X509_REVOKED_num(revs); j++) {
2048
- X509_REVOKED *rvn, *rvtmp;
2049
- rvn = sk_X509_REVOKED_value(revs, j);
2050
- /*
2051
- * Add only if not also in base. TODO: need something cleverer here
2052
- * for some more complex CRLs covering multiple CAs.
2053
- */
2054
- if (!X509_CRL_get0_by_serial(base, &rvtmp, rvn->serialNumber)) {
2055
- rvtmp = X509_REVOKED_dup(rvn);
2056
- if (!rvtmp)
2057
- goto memerr;
2058
- if (!X509_CRL_add0_revoked(crl, rvtmp)) {
2059
- X509_REVOKED_free(rvtmp);
2060
- goto memerr;
2061
- }
2062
- }
1903
+ }
1904
+ if (!X509_CRL_add0_revoked(crl, rvtmp)) {
1905
+ X509_REVOKED_free(rvtmp);
1906
+ goto memerr;
1907
+ }
2063
1908
  }
2064
- /* TODO: optionally prune deleted entries */
1909
+ }
1910
+ // TODO: optionally prune deleted entries
2065
1911
 
2066
- if (skey && md && !X509_CRL_sign(crl, skey, md))
2067
- goto memerr;
1912
+ if (skey && md && !X509_CRL_sign(crl, skey, md)) {
1913
+ goto memerr;
1914
+ }
2068
1915
 
2069
- return crl;
1916
+ return crl;
2070
1917
 
2071
- memerr:
2072
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2073
- if (crl)
2074
- X509_CRL_free(crl);
2075
- return NULL;
1918
+ memerr:
1919
+ if (crl) {
1920
+ X509_CRL_free(crl);
1921
+ }
1922
+ return NULL;
2076
1923
  }
2077
1924
 
2078
1925
  int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2079
- CRYPTO_EX_unused * unused,
1926
+ CRYPTO_EX_unused *unused,
2080
1927
  CRYPTO_EX_dup *dup_unused,
2081
- CRYPTO_EX_free *free_func)
2082
- {
2083
- /*
2084
- * This function is (usually) called only once, by
2085
- * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
2086
- */
2087
- int index;
2088
- if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
2089
- free_func)) {
2090
- return -1;
2091
- }
2092
- return index;
1928
+ CRYPTO_EX_free *free_func) {
1929
+ // This function is (usually) called only once, by
1930
+ // SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
1931
+ int index;
1932
+ if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp,
1933
+ free_func)) {
1934
+ return -1;
1935
+ }
1936
+ return index;
2093
1937
  }
2094
1938
 
2095
- int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
2096
- {
2097
- return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
1939
+ int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) {
1940
+ return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
2098
1941
  }
2099
1942
 
2100
- void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
2101
- {
2102
- return CRYPTO_get_ex_data(&ctx->ex_data, idx);
1943
+ void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) {
1944
+ return CRYPTO_get_ex_data(&ctx->ex_data, idx);
2103
1945
  }
2104
1946
 
2105
- int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
2106
- {
2107
- return ctx->error;
2108
- }
1947
+ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) { return ctx->error; }
2109
1948
 
2110
- void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
2111
- {
2112
- ctx->error = err;
1949
+ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) {
1950
+ ctx->error = err;
2113
1951
  }
2114
1952
 
2115
- int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
2116
- {
2117
- return ctx->error_depth;
1953
+ int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) {
1954
+ return ctx->error_depth;
2118
1955
  }
2119
1956
 
2120
- X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
2121
- {
2122
- return ctx->current_cert;
1957
+ X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) {
1958
+ return ctx->current_cert;
2123
1959
  }
2124
1960
 
2125
- STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
2126
- {
2127
- return ctx->chain;
1961
+ STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) {
1962
+ return ctx->chain;
2128
1963
  }
2129
1964
 
2130
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
2131
- {
2132
- return ctx->chain;
1965
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) {
1966
+ return ctx->chain;
2133
1967
  }
2134
1968
 
2135
- STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
2136
- {
2137
- if (!ctx->chain)
2138
- return NULL;
2139
- return X509_chain_up_ref(ctx->chain);
1969
+ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) {
1970
+ if (!ctx->chain) {
1971
+ return NULL;
1972
+ }
1973
+ return X509_chain_up_ref(ctx->chain);
2140
1974
  }
2141
1975
 
2142
- X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
2143
- {
2144
- return ctx->current_issuer;
1976
+ X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) {
1977
+ return ctx->current_issuer;
2145
1978
  }
2146
1979
 
2147
- X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
2148
- {
2149
- return ctx->current_crl;
1980
+ X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) {
1981
+ return ctx->current_crl;
2150
1982
  }
2151
1983
 
2152
- X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
2153
- {
2154
- return ctx->parent;
1984
+ X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) {
1985
+ return ctx->parent;
2155
1986
  }
2156
1987
 
2157
- void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
2158
- {
2159
- ctx->cert = x;
2160
- }
1988
+ void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) { ctx->cert = x; }
2161
1989
 
2162
- void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2163
- {
2164
- ctx->untrusted = sk;
1990
+ void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
1991
+ ctx->untrusted = sk;
2165
1992
  }
2166
1993
 
2167
- STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
2168
- {
2169
- return ctx->untrusted;
1994
+ STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) {
1995
+ return ctx->untrusted;
2170
1996
  }
2171
1997
 
2172
- void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
2173
- {
2174
- ctx->crls = sk;
1998
+ void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) {
1999
+ ctx->crls = sk;
2175
2000
  }
2176
2001
 
2177
- int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
2178
- {
2179
- return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2002
+ int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) {
2003
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
2180
2004
  }
2181
2005
 
2182
- int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
2183
- {
2184
- return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2006
+ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) {
2007
+ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
2185
2008
  }
2186
2009
 
2187
- /*
2188
- * This function is used to set the X509_STORE_CTX purpose and trust values.
2189
- * This is intended to be used when another structure has its own trust and
2190
- * purpose values which (if set) will be inherited by the ctx. If they aren't
2191
- * set then we will usually have a default purpose in mind which should then
2192
- * be used to set the trust value. An example of this is SSL use: an SSL
2193
- * structure will have its own purpose and trust settings which the
2194
- * application can set: if they aren't set then we use the default of SSL
2195
- * client/server.
2196
- */
2010
+ // This function is used to set the X509_STORE_CTX purpose and trust values.
2011
+ // This is intended to be used when another structure has its own trust and
2012
+ // purpose values which (if set) will be inherited by the ctx. If they aren't
2013
+ // set then we will usually have a default purpose in mind which should then
2014
+ // be used to set the trust value. An example of this is SSL use: an SSL
2015
+ // structure will have its own purpose and trust settings which the
2016
+ // application can set: if they aren't set then we use the default of SSL
2017
+ // client/server.
2197
2018
 
2198
2019
  int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
2199
- int purpose, int trust)
2200
- {
2201
- int idx;
2202
- /* If purpose not set use default */
2203
- if (!purpose)
2204
- purpose = def_purpose;
2205
- /* If we have a purpose then check it is valid */
2206
- if (purpose) {
2207
- X509_PURPOSE *ptmp;
2208
- idx = X509_PURPOSE_get_by_id(purpose);
2209
- if (idx == -1) {
2210
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2211
- return 0;
2212
- }
2213
- ptmp = X509_PURPOSE_get0(idx);
2214
- if (ptmp->trust == X509_TRUST_DEFAULT) {
2215
- idx = X509_PURPOSE_get_by_id(def_purpose);
2216
- if (idx == -1) {
2217
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2218
- return 0;
2219
- }
2220
- ptmp = X509_PURPOSE_get0(idx);
2221
- }
2222
- /* If trust not set then get from purpose default */
2223
- if (!trust)
2224
- trust = ptmp->trust;
2225
- }
2226
- if (trust) {
2227
- idx = X509_TRUST_get_by_id(trust);
2228
- if (idx == -1) {
2229
- OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2230
- return 0;
2231
- }
2232
- }
2233
-
2234
- if (purpose && !ctx->param->purpose)
2235
- ctx->param->purpose = purpose;
2236
- if (trust && !ctx->param->trust)
2237
- ctx->param->trust = trust;
2238
- return 1;
2239
- }
2240
-
2241
- X509_STORE_CTX *X509_STORE_CTX_new(void)
2242
- {
2243
- X509_STORE_CTX *ctx;
2244
- ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2245
- if (!ctx) {
2246
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2247
- return NULL;
2248
- }
2249
- X509_STORE_CTX_zero(ctx);
2250
- return ctx;
2020
+ int purpose, int trust) {
2021
+ int idx;
2022
+ // If purpose not set use default
2023
+ if (!purpose) {
2024
+ purpose = def_purpose;
2025
+ }
2026
+ // If we have a purpose then check it is valid
2027
+ if (purpose) {
2028
+ X509_PURPOSE *ptmp;
2029
+ idx = X509_PURPOSE_get_by_id(purpose);
2030
+ if (idx == -1) {
2031
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2032
+ return 0;
2033
+ }
2034
+ ptmp = X509_PURPOSE_get0(idx);
2035
+ if (ptmp->trust == X509_TRUST_DEFAULT) {
2036
+ idx = X509_PURPOSE_get_by_id(def_purpose);
2037
+ if (idx == -1) {
2038
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_PURPOSE_ID);
2039
+ return 0;
2040
+ }
2041
+ ptmp = X509_PURPOSE_get0(idx);
2042
+ }
2043
+ // If trust not set then get from purpose default
2044
+ if (!trust) {
2045
+ trust = ptmp->trust;
2046
+ }
2047
+ }
2048
+ if (trust) {
2049
+ idx = X509_TRUST_get_by_id(trust);
2050
+ if (idx == -1) {
2051
+ OPENSSL_PUT_ERROR(X509, X509_R_UNKNOWN_TRUST_ID);
2052
+ return 0;
2053
+ }
2054
+ }
2055
+
2056
+ if (purpose && !ctx->param->purpose) {
2057
+ ctx->param->purpose = purpose;
2058
+ }
2059
+ if (trust && !ctx->param->trust) {
2060
+ ctx->param->trust = trust;
2061
+ }
2062
+ return 1;
2063
+ }
2064
+
2065
+ X509_STORE_CTX *X509_STORE_CTX_new(void) {
2066
+ X509_STORE_CTX *ctx;
2067
+ ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
2068
+ if (!ctx) {
2069
+ return NULL;
2070
+ }
2071
+ X509_STORE_CTX_zero(ctx);
2072
+ return ctx;
2251
2073
  }
2252
2074
 
2253
- void X509_STORE_CTX_zero(X509_STORE_CTX *ctx)
2254
- {
2255
- OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2075
+ void X509_STORE_CTX_zero(X509_STORE_CTX *ctx) {
2076
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2256
2077
  }
2257
2078
 
2258
- void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
2259
- {
2260
- if (ctx == NULL) {
2261
- return;
2262
- }
2263
- X509_STORE_CTX_cleanup(ctx);
2264
- OPENSSL_free(ctx);
2079
+ void X509_STORE_CTX_free(X509_STORE_CTX *ctx) {
2080
+ if (ctx == NULL) {
2081
+ return;
2082
+ }
2083
+ X509_STORE_CTX_cleanup(ctx);
2084
+ OPENSSL_free(ctx);
2265
2085
  }
2266
2086
 
2267
2087
  int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
2268
- STACK_OF(X509) *chain)
2269
- {
2270
- X509_STORE_CTX_zero(ctx);
2271
- ctx->ctx = store;
2272
- ctx->cert = x509;
2273
- ctx->untrusted = chain;
2274
-
2275
- CRYPTO_new_ex_data(&ctx->ex_data);
2276
-
2277
- if (store == NULL) {
2278
- OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
2279
- goto err;
2280
- }
2281
-
2282
- ctx->param = X509_VERIFY_PARAM_new();
2283
- if (!ctx->param)
2284
- goto err;
2285
-
2286
- /*
2287
- * Inherit callbacks and flags from X509_STORE.
2288
- */
2289
-
2088
+ STACK_OF(X509) *chain) {
2089
+ X509_STORE_CTX_zero(ctx);
2090
+ ctx->ctx = store;
2091
+ ctx->cert = x509;
2092
+ ctx->untrusted = chain;
2093
+
2094
+ CRYPTO_new_ex_data(&ctx->ex_data);
2095
+
2096
+ if (store == NULL) {
2097
+ OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
2098
+ goto err;
2099
+ }
2100
+
2101
+ ctx->param = X509_VERIFY_PARAM_new();
2102
+ if (!ctx->param) {
2103
+ goto err;
2104
+ }
2105
+
2106
+ // Inherit callbacks and flags from X509_STORE.
2107
+
2108
+ ctx->verify_cb = store->verify_cb;
2109
+ ctx->cleanup = store->cleanup;
2110
+
2111
+ if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2112
+ !X509_VERIFY_PARAM_inherit(ctx->param,
2113
+ X509_VERIFY_PARAM_lookup("default"))) {
2114
+ goto err;
2115
+ }
2116
+
2117
+ if (store->check_issued) {
2118
+ ctx->check_issued = store->check_issued;
2119
+ } else {
2120
+ ctx->check_issued = check_issued;
2121
+ }
2122
+
2123
+ if (store->get_issuer) {
2124
+ ctx->get_issuer = store->get_issuer;
2125
+ } else {
2126
+ ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2127
+ }
2128
+
2129
+ if (store->verify_cb) {
2290
2130
  ctx->verify_cb = store->verify_cb;
2291
- ctx->cleanup = store->cleanup;
2292
-
2293
- if (!X509_VERIFY_PARAM_inherit(ctx->param, store->param) ||
2294
- !X509_VERIFY_PARAM_inherit(ctx->param,
2295
- X509_VERIFY_PARAM_lookup("default"))) {
2296
- goto err;
2297
- }
2298
-
2299
- if (store->check_issued)
2300
- ctx->check_issued = store->check_issued;
2301
- else
2302
- ctx->check_issued = check_issued;
2303
-
2304
- if (store->get_issuer)
2305
- ctx->get_issuer = store->get_issuer;
2306
- else
2307
- ctx->get_issuer = X509_STORE_CTX_get1_issuer;
2308
-
2309
- if (store->verify_cb)
2310
- ctx->verify_cb = store->verify_cb;
2311
- else
2312
- ctx->verify_cb = null_callback;
2131
+ } else {
2132
+ ctx->verify_cb = null_callback;
2133
+ }
2134
+
2135
+ if (store->verify) {
2136
+ ctx->verify = store->verify;
2137
+ } else {
2138
+ ctx->verify = internal_verify;
2139
+ }
2313
2140
 
2314
- if (store->verify)
2315
- ctx->verify = store->verify;
2316
- else
2317
- ctx->verify = internal_verify;
2141
+ if (store->check_revocation) {
2142
+ ctx->check_revocation = store->check_revocation;
2143
+ } else {
2144
+ ctx->check_revocation = check_revocation;
2145
+ }
2318
2146
 
2319
- if (store->check_revocation)
2320
- ctx->check_revocation = store->check_revocation;
2321
- else
2322
- ctx->check_revocation = check_revocation;
2147
+ if (store->get_crl) {
2148
+ ctx->get_crl = store->get_crl;
2149
+ } else {
2150
+ ctx->get_crl = NULL;
2151
+ }
2323
2152
 
2324
- if (store->get_crl)
2325
- ctx->get_crl = store->get_crl;
2326
- else
2327
- ctx->get_crl = NULL;
2153
+ if (store->check_crl) {
2154
+ ctx->check_crl = store->check_crl;
2155
+ } else {
2156
+ ctx->check_crl = check_crl;
2157
+ }
2328
2158
 
2329
- if (store->check_crl)
2330
- ctx->check_crl = store->check_crl;
2331
- else
2332
- ctx->check_crl = check_crl;
2159
+ if (store->cert_crl) {
2160
+ ctx->cert_crl = store->cert_crl;
2161
+ } else {
2162
+ ctx->cert_crl = cert_crl;
2163
+ }
2333
2164
 
2334
- if (store->cert_crl)
2335
- ctx->cert_crl = store->cert_crl;
2336
- else
2337
- ctx->cert_crl = cert_crl;
2165
+ if (store->lookup_certs) {
2166
+ ctx->lookup_certs = store->lookup_certs;
2167
+ } else {
2168
+ ctx->lookup_certs = X509_STORE_get1_certs;
2169
+ }
2338
2170
 
2339
- if (store->lookup_certs)
2340
- ctx->lookup_certs = store->lookup_certs;
2341
- else
2342
- ctx->lookup_certs = X509_STORE_get1_certs;
2171
+ if (store->lookup_crls) {
2172
+ ctx->lookup_crls = store->lookup_crls;
2173
+ } else {
2174
+ ctx->lookup_crls = X509_STORE_get1_crls;
2175
+ }
2343
2176
 
2344
- if (store->lookup_crls)
2345
- ctx->lookup_crls = store->lookup_crls;
2346
- else
2347
- ctx->lookup_crls = X509_STORE_get1_crls;
2177
+ ctx->check_policy = check_policy;
2348
2178
 
2349
- ctx->check_policy = check_policy;
2179
+ return 1;
2350
2180
 
2351
- return 1;
2352
-
2353
- err:
2354
- CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2355
- if (ctx->param != NULL) {
2356
- X509_VERIFY_PARAM_free(ctx->param);
2357
- }
2181
+ err:
2182
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &ctx->ex_data);
2183
+ if (ctx->param != NULL) {
2184
+ X509_VERIFY_PARAM_free(ctx->param);
2185
+ }
2358
2186
 
2359
- OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2360
- OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
2361
- return 0;
2187
+ OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
2188
+ return 0;
2362
2189
  }
2363
2190
 
2364
- /*
2365
- * Set alternative lookup method: just a STACK of trusted certificates. This
2366
- * avoids X509_STORE nastiness where it isn't needed.
2367
- */
2191
+ // Set alternative lookup method: just a STACK of trusted certificates. This
2192
+ // avoids X509_STORE nastiness where it isn't needed.
2368
2193
 
2369
- void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
2370
- {
2371
- ctx->other_ctx = sk;
2372
- ctx->get_issuer = get_issuer_sk;
2194
+ void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2195
+ STACK_OF(X509) *sk) {
2196
+ ctx->other_ctx = sk;
2197
+ ctx->get_issuer = get_issuer_sk;
2373
2198
  }
2374
2199
 
2375
- void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
2376
- {
2377
- /* We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2378
- * also calls this function. */
2379
- if (ctx->cleanup != NULL) {
2380
- ctx->cleanup(ctx);
2381
- ctx->cleanup = NULL;
2382
- }
2383
- if (ctx->param != NULL) {
2384
- if (ctx->parent == NULL)
2385
- X509_VERIFY_PARAM_free(ctx->param);
2386
- ctx->param = NULL;
2387
- }
2388
- if (ctx->tree != NULL) {
2389
- X509_policy_tree_free(ctx->tree);
2390
- ctx->tree = NULL;
2391
- }
2392
- if (ctx->chain != NULL) {
2393
- sk_X509_pop_free(ctx->chain, X509_free);
2394
- ctx->chain = NULL;
2395
- }
2396
- CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2397
- OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2200
+ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
2201
+ X509_STORE_CTX_set0_trusted_stack(ctx, sk);
2398
2202
  }
2399
2203
 
2400
- void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
2401
- {
2402
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2204
+ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) {
2205
+ // We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
2206
+ // also calls this function.
2207
+ if (ctx->cleanup != NULL) {
2208
+ ctx->cleanup(ctx);
2209
+ ctx->cleanup = NULL;
2210
+ }
2211
+ if (ctx->param != NULL) {
2212
+ if (ctx->parent == NULL) {
2213
+ X509_VERIFY_PARAM_free(ctx->param);
2214
+ }
2215
+ ctx->param = NULL;
2216
+ }
2217
+ if (ctx->chain != NULL) {
2218
+ sk_X509_pop_free(ctx->chain, X509_free);
2219
+ ctx->chain = NULL;
2220
+ }
2221
+ CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
2222
+ OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
2403
2223
  }
2404
2224
 
2405
- void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
2406
- {
2407
- X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2225
+ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) {
2226
+ X509_VERIFY_PARAM_set_depth(ctx->param, depth);
2408
2227
  }
2409
2228
 
2410
- void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2411
- time_t t)
2412
- {
2413
- X509_VERIFY_PARAM_set_time(ctx->param, t);
2229
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) {
2230
+ X509_VERIFY_PARAM_set_flags(ctx->param, flags);
2414
2231
  }
2415
2232
 
2416
- X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
2417
- {
2418
- return ctx->cert;
2233
+ void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx, unsigned long flags,
2234
+ int64_t t) {
2235
+ X509_VERIFY_PARAM_set_time_posix(ctx->param, t);
2419
2236
  }
2420
2237
 
2421
- void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2422
- int (*verify_cb) (int, X509_STORE_CTX *))
2423
- {
2424
- ctx->verify_cb = verify_cb;
2238
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
2239
+ time_t t) {
2240
+ X509_STORE_CTX_set_time_posix(ctx, flags, t);
2425
2241
  }
2426
2242
 
2427
- X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
2428
- {
2429
- return ctx->tree;
2243
+ X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) {
2244
+ return ctx->cert;
2430
2245
  }
2431
2246
 
2432
- int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
2433
- {
2434
- return ctx->explicit_policy;
2247
+ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
2248
+ int (*verify_cb)(int, X509_STORE_CTX *)) {
2249
+ ctx->verify_cb = verify_cb;
2435
2250
  }
2436
2251
 
2437
- int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
2438
- {
2439
- const X509_VERIFY_PARAM *param;
2440
- param = X509_VERIFY_PARAM_lookup(name);
2441
- if (!param)
2442
- return 0;
2443
- return X509_VERIFY_PARAM_inherit(ctx->param, param);
2252
+ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) {
2253
+ const X509_VERIFY_PARAM *param;
2254
+ param = X509_VERIFY_PARAM_lookup(name);
2255
+ if (!param) {
2256
+ return 0;
2257
+ }
2258
+ return X509_VERIFY_PARAM_inherit(ctx->param, param);
2444
2259
  }
2445
2260
 
2446
- X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
2447
- {
2448
- return ctx->param;
2261
+ X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) {
2262
+ return ctx->param;
2449
2263
  }
2450
2264
 
2451
- void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
2452
- {
2453
- if (ctx->param)
2454
- X509_VERIFY_PARAM_free(ctx->param);
2455
- ctx->param = param;
2265
+ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) {
2266
+ if (ctx->param) {
2267
+ X509_VERIFY_PARAM_free(ctx->param);
2268
+ }
2269
+ ctx->param = param;
2456
2270
  }