grpc 1.50.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (2554) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +453 -176
  3. data/include/grpc/byte_buffer.h +76 -1
  4. data/include/grpc/byte_buffer_reader.h +19 -1
  5. data/include/grpc/compression.h +2 -2
  6. data/include/grpc/event_engine/event_engine.h +83 -23
  7. data/include/grpc/event_engine/internal/memory_allocator_impl.h +1 -1
  8. data/include/grpc/event_engine/internal/slice_cast.h +67 -0
  9. data/include/grpc/event_engine/memory_allocator.h +1 -1
  10. data/include/grpc/event_engine/slice.h +24 -4
  11. data/include/grpc/event_engine/slice_buffer.h +44 -3
  12. data/include/grpc/fork.h +25 -1
  13. data/include/grpc/grpc.h +3 -13
  14. data/include/grpc/grpc_audit_logging.h +96 -0
  15. data/include/grpc/grpc_posix.h +1 -1
  16. data/include/grpc/grpc_security.h +4 -0
  17. data/include/grpc/impl/codegen/atm.h +3 -71
  18. data/include/grpc/impl/codegen/atm_gcc_atomic.h +3 -58
  19. data/include/grpc/impl/codegen/atm_gcc_sync.h +3 -59
  20. data/include/grpc/impl/codegen/atm_windows.h +3 -106
  21. data/include/grpc/impl/codegen/byte_buffer.h +4 -78
  22. data/include/grpc/impl/codegen/byte_buffer_reader.h +4 -19
  23. data/include/grpc/impl/codegen/compression_types.h +3 -82
  24. data/include/grpc/impl/codegen/connectivity_state.h +3 -20
  25. data/include/grpc/impl/codegen/fork.h +4 -25
  26. data/include/grpc/impl/codegen/gpr_types.h +2 -34
  27. data/include/grpc/impl/codegen/grpc_types.h +3 -791
  28. data/include/grpc/impl/codegen/log.h +3 -86
  29. data/include/grpc/impl/codegen/port_platform.h +3 -758
  30. data/include/grpc/impl/codegen/propagation_bits.h +3 -28
  31. data/include/grpc/impl/codegen/slice.h +3 -106
  32. data/include/grpc/impl/codegen/status.h +4 -131
  33. data/include/grpc/impl/codegen/sync.h +3 -42
  34. data/include/grpc/impl/codegen/sync_abseil.h +3 -12
  35. data/include/grpc/impl/codegen/sync_custom.h +3 -14
  36. data/include/grpc/impl/codegen/sync_generic.h +3 -25
  37. data/include/grpc/impl/codegen/sync_posix.h +3 -28
  38. data/include/grpc/impl/codegen/sync_windows.h +3 -16
  39. data/include/grpc/impl/compression_types.h +109 -0
  40. data/include/grpc/impl/connectivity_state.h +47 -0
  41. data/include/grpc/impl/grpc_types.h +838 -0
  42. data/include/grpc/impl/propagation_bits.h +54 -0
  43. data/include/grpc/impl/slice_type.h +112 -0
  44. data/include/grpc/load_reporting.h +1 -1
  45. data/include/grpc/module.modulemap +7 -1
  46. data/include/grpc/slice.h +1 -1
  47. data/include/grpc/status.h +131 -1
  48. data/include/grpc/support/atm.h +70 -1
  49. data/include/grpc/support/atm_gcc_atomic.h +59 -1
  50. data/include/grpc/support/atm_gcc_sync.h +58 -1
  51. data/include/grpc/support/atm_windows.h +105 -1
  52. data/include/grpc/support/json.h +218 -0
  53. data/include/grpc/support/log.h +87 -1
  54. data/include/grpc/support/log_windows.h +1 -1
  55. data/include/grpc/support/port_platform.h +767 -1
  56. data/include/grpc/support/string_util.h +1 -1
  57. data/include/grpc/support/sync.h +35 -2
  58. data/include/grpc/support/sync_abseil.h +11 -1
  59. data/include/grpc/support/sync_custom.h +13 -1
  60. data/include/grpc/support/sync_generic.h +24 -1
  61. data/include/grpc/support/sync_posix.h +27 -1
  62. data/include/grpc/support/sync_windows.h +15 -1
  63. data/include/grpc/support/time.h +31 -6
  64. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +164 -0
  65. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +52 -0
  66. data/src/core/ext/filters/backend_metrics/backend_metric_provider.h +29 -0
  67. data/src/core/ext/filters/census/grpc_context.cc +17 -18
  68. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +28 -22
  69. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +5 -4
  70. data/src/core/ext/filters/channel_idle/idle_filter_state.h +4 -4
  71. data/src/core/ext/filters/client_channel/backend_metric.cc +12 -1
  72. data/src/core/ext/filters/client_channel/backend_metric.h +3 -3
  73. data/src/core/ext/filters/client_channel/backup_poller.cc +26 -35
  74. data/src/core/ext/filters/client_channel/backup_poller.h +24 -27
  75. data/src/core/ext/filters/client_channel/channel_connectivity.cc +51 -28
  76. data/src/core/ext/filters/client_channel/client_channel.cc +1014 -1016
  77. data/src/core/ext/filters/client_channel/client_channel.h +155 -187
  78. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +36 -37
  79. data/src/core/ext/filters/client_channel/client_channel_channelz.h +22 -22
  80. data/src/core/ext/filters/client_channel/client_channel_factory.cc +17 -17
  81. data/src/core/ext/filters/client_channel/client_channel_factory.h +3 -3
  82. data/src/core/ext/filters/client_channel/client_channel_internal.h +77 -0
  83. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +18 -18
  84. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
  85. data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
  86. data/src/core/ext/filters/client_channel/config_selector.h +25 -55
  87. data/src/core/ext/filters/client_channel/connector.h +9 -5
  88. data/src/core/ext/filters/client_channel/dynamic_filters.cc +28 -55
  89. data/src/core/ext/filters/client_channel/dynamic_filters.h +10 -11
  90. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +21 -21
  91. data/src/core/ext/filters/client_channel/http_proxy.cc +74 -42
  92. data/src/core/ext/filters/client_channel/http_proxy.h +21 -21
  93. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
  94. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +3 -3
  95. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +29 -21
  96. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +7 -2
  97. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +3 -4
  98. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +66 -130
  99. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +40 -24
  100. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +156 -178
  101. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +26 -27
  102. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
  103. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +4 -6
  104. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +18 -20
  105. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +21 -22
  106. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +19 -20
  107. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +22 -23
  108. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  109. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  110. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  111. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +11 -94
  112. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +4 -4
  113. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +117 -0
  114. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +263 -242
  115. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +28 -7
  116. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +28 -26
  117. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +76 -112
  118. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +159 -168
  119. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +22 -5
  120. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +173 -171
  121. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +31 -25
  122. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +68 -31
  123. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +198 -0
  124. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.h +71 -0
  125. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +1002 -0
  126. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +76 -70
  127. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +103 -105
  128. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
  129. data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
  130. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +3 -3
  131. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +34 -41
  132. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +76 -113
  133. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +111 -185
  134. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +814 -0
  135. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +67 -0
  136. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +363 -0
  137. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +21 -21
  138. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -10
  139. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +59 -175
  140. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
  141. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +42 -43
  142. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +22 -23
  143. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +92 -87
  144. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +153 -153
  145. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +54 -55
  146. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +18 -18
  147. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +18 -18
  148. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +60 -0
  149. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.h +27 -0
  150. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +549 -0
  151. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
  152. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +97 -0
  153. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +32 -0
  154. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -39
  155. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +24 -0
  156. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
  157. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +4 -4
  158. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +85 -223
  159. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +45 -36
  160. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +12 -15
  161. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
  162. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +280 -189
  163. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +19 -4
  164. data/src/core/ext/filters/client_channel/retry_filter.cc +200 -264
  165. data/src/core/ext/filters/client_channel/retry_filter.h +3 -3
  166. data/src/core/ext/filters/client_channel/retry_service_config.cc +195 -236
  167. data/src/core/ext/filters/client_channel/retry_service_config.h +23 -26
  168. data/src/core/ext/filters/client_channel/retry_throttle.cc +27 -29
  169. data/src/core/ext/filters/client_channel/retry_throttle.h +29 -28
  170. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +17 -47
  171. data/src/core/ext/filters/client_channel/subchannel.cc +133 -337
  172. data/src/core/ext/filters/client_channel/subchannel.h +23 -86
  173. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +3 -3
  174. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +21 -21
  175. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +36 -38
  176. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +11 -8
  177. data/src/core/ext/filters/deadline/deadline_filter.cc +73 -64
  178. data/src/core/ext/filters/deadline/deadline_filter.h +6 -10
  179. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +3 -2
  180. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +3 -7
  181. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
  182. data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
  183. data/src/core/ext/filters/http/client/http_client_filter.cc +47 -43
  184. data/src/core/ext/filters/http/client/http_client_filter.h +20 -20
  185. data/src/core/ext/filters/http/client_authority_filter.cc +19 -19
  186. data/src/core/ext/filters/http/client_authority_filter.h +21 -21
  187. data/src/core/ext/filters/http/http_filters_plugin.cc +30 -57
  188. data/src/core/ext/filters/http/message_compress/compression_filter.cc +323 -0
  189. data/src/core/ext/filters/http/message_compress/compression_filter.h +139 -0
  190. data/src/core/ext/filters/http/server/http_server_filter.cc +54 -52
  191. data/src/core/ext/filters/http/server/http_server_filter.h +21 -21
  192. data/src/core/ext/filters/message_size/message_size_filter.cc +184 -297
  193. data/src/core/ext/filters/message_size/message_size_filter.h +72 -20
  194. data/src/core/ext/filters/rbac/rbac_filter.cc +16 -15
  195. data/src/core/ext/filters/rbac/rbac_filter.h +3 -3
  196. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +829 -538
  197. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +7 -6
  198. data/src/core/ext/filters/server_config_selector/server_config_selector.h +9 -11
  199. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +12 -16
  200. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.h +3 -3
  201. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +220 -0
  202. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +81 -0
  203. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.cc +82 -0
  204. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +93 -0
  205. data/src/core/ext/gcp/metadata_query.cc +137 -0
  206. data/src/core/ext/gcp/metadata_query.h +87 -0
  207. data/src/core/ext/transport/chttp2/alpn/alpn.cc +18 -18
  208. data/src/core/ext/transport/chttp2/alpn/alpn.h +24 -24
  209. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +68 -67
  210. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +30 -24
  211. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +149 -149
  212. data/src/core/ext/transport/chttp2/server/chttp2_server.h +21 -21
  213. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +22 -22
  214. data/src/core/ext/transport/chttp2/transport/bin_decoder.h +33 -33
  215. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +41 -37
  216. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +35 -31
  217. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +673 -455
  218. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +42 -22
  219. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +70 -0
  220. data/src/core/ext/transport/chttp2/transport/decode_huff.cc +0 -36
  221. data/src/core/ext/transport/chttp2/transport/decode_huff.h +38 -85
  222. data/src/core/ext/transport/chttp2/transport/flow_control.cc +130 -107
  223. data/src/core/ext/transport/chttp2/transport/flow_control.h +66 -39
  224. data/src/core/ext/transport/chttp2/transport/frame.h +21 -21
  225. data/src/core/ext/transport/chttp2/transport/frame_data.cc +35 -32
  226. data/src/core/ext/transport/chttp2/transport/frame_data.h +27 -27
  227. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +38 -36
  228. data/src/core/ext/transport/chttp2/transport/frame_goaway.h +20 -20
  229. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +27 -31
  230. data/src/core/ext/transport/chttp2/transport/frame_ping.h +21 -24
  231. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +30 -25
  232. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.h +21 -21
  233. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +39 -37
  234. data/src/core/ext/transport/chttp2/transport/frame_settings.h +22 -22
  235. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +24 -21
  236. data/src/core/ext/transport/chttp2/transport/frame_window_update.h +21 -21
  237. data/src/core/ext/transport/chttp2/transport/hpack_constants.h +3 -3
  238. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +201 -353
  239. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +328 -164
  240. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +4 -1
  241. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +5 -3
  242. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +498 -744
  243. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +30 -26
  244. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +41 -37
  245. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +30 -22
  246. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +21 -19
  247. data/src/core/ext/transport/chttp2/transport/http2_settings.h +39 -37
  248. data/src/core/ext/transport/chttp2/transport/http_trace.cc +19 -0
  249. data/src/core/ext/transport/chttp2/transport/http_trace.h +24 -0
  250. data/src/core/ext/transport/chttp2/transport/huffsyms.cc +20 -20
  251. data/src/core/ext/transport/chttp2/transport/huffsyms.h +21 -21
  252. data/src/core/ext/transport/chttp2/transport/internal.h +220 -192
  253. data/src/core/ext/transport/chttp2/transport/parsing.cc +263 -109
  254. data/src/core/ext/transport/chttp2/transport/stream_lists.cc +19 -19
  255. data/src/core/ext/transport/chttp2/transport/stream_map.cc +23 -23
  256. data/src/core/ext/transport/chttp2/transport/stream_map.h +33 -33
  257. data/src/core/ext/transport/chttp2/transport/varint.cc +19 -20
  258. data/src/core/ext/transport/chttp2/transport/varint.h +37 -34
  259. data/src/core/ext/transport/chttp2/transport/writing.cc +93 -72
  260. data/src/core/ext/transport/inproc/inproc_plugin.cc +17 -17
  261. data/src/core/ext/transport/inproc/inproc_transport.cc +143 -155
  262. data/src/core/ext/transport/inproc/inproc_transport.h +21 -21
  263. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +87 -52
  264. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +414 -181
  265. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -59
  266. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +485 -219
  267. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +90 -55
  268. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +415 -188
  269. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +377 -194
  270. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +1694 -666
  271. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +30 -17
  272. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +144 -47
  273. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +34 -21
  274. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +160 -62
  275. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +27 -14
  276. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +78 -38
  277. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +20 -11
  278. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +48 -26
  279. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +20 -11
  280. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +48 -26
  281. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +109 -62
  282. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +566 -244
  283. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +21 -12
  284. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +45 -30
  285. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +22 -19
  286. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +82 -29
  287. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +23 -16
  288. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +45 -30
  289. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +230 -143
  290. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +733 -404
  291. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +417 -258
  292. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1873 -867
  293. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -41
  294. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +286 -148
  295. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +537 -349
  296. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2038 -1178
  297. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -12
  298. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +45 -30
  299. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -52
  300. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +347 -232
  301. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +264 -165
  302. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +888 -476
  303. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +154 -72
  304. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +603 -213
  305. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +22 -13
  306. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +50 -36
  307. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +380 -221
  308. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1168 -611
  309. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +166 -94
  310. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +666 -292
  311. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +18 -11
  312. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +37 -26
  313. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +21 -12
  314. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +45 -30
  315. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +30 -17
  316. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +144 -47
  317. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +274 -167
  318. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +789 -440
  319. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +222 -128
  320. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1116 -485
  321. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -13
  322. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +60 -37
  323. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +350 -208
  324. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1088 -625
  325. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +44 -11
  326. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +175 -18
  327. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +34 -19
  328. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +118 -56
  329. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +48 -16
  330. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +189 -44
  331. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +31 -18
  332. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +143 -65
  333. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +22 -13
  334. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +51 -37
  335. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +78 -43
  336. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +265 -127
  337. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +147 -84
  338. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +454 -226
  339. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +115 -62
  340. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +559 -227
  341. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +18 -11
  342. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +35 -26
  343. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +187 -107
  344. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +969 -410
  345. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +172 -95
  346. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +864 -374
  347. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +49 -23
  348. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +182 -89
  349. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +39 -18
  350. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +74 -56
  351. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +28 -15
  352. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +71 -45
  353. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +131 -74
  354. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +489 -249
  355. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +135 -80
  356. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +505 -245
  357. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +257 -127
  358. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +1010 -387
  359. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +91 -41
  360. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +648 -183
  361. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1301 -751
  362. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5583 -2425
  363. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +49 -28
  364. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +164 -84
  365. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +228 -141
  366. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +738 -399
  367. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +20 -10
  368. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +53 -22
  369. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +21 -12
  370. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +45 -30
  371. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +32 -19
  372. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +70 -49
  373. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +27 -14
  374. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +110 -43
  375. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +46 -25
  376. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +259 -100
  377. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +21 -12
  378. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +49 -25
  379. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +18 -11
  380. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +35 -26
  381. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +42 -23
  382. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +108 -70
  383. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +7 -4
  384. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +21 -16
  385. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +43 -24
  386. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +110 -75
  387. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +30 -16
  388. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +100 -46
  389. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +16 -9
  390. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -23
  391. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +60 -37
  392. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +150 -108
  393. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +74 -43
  394. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +357 -167
  395. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +44 -25
  396. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +114 -80
  397. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +42 -18
  398. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +253 -67
  399. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +75 -0
  400. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +201 -0
  401. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +474 -289
  402. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2156 -1037
  403. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +53 -0
  404. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +107 -0
  405. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +69 -0
  406. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +246 -0
  407. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +138 -0
  408. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +499 -0
  409. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +36 -17
  410. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +144 -55
  411. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +18 -11
  412. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +35 -26
  413. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -4
  414. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +15 -10
  415. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +184 -96
  416. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +907 -360
  417. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +56 -33
  418. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +150 -101
  419. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +188 -109
  420. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +827 -408
  421. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +32 -19
  422. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +109 -53
  423. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +10 -7
  424. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +18 -14
  425. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +300 -175
  426. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +1297 -511
  427. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +42 -23
  428. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +188 -75
  429. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +130 -83
  430. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +510 -238
  431. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +22 -13
  432. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +55 -34
  433. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +39 -26
  434. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +124 -68
  435. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +56 -0
  436. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +130 -0
  437. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +60 -26
  438. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +130 -51
  439. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +37 -20
  440. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +133 -63
  441. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -13
  442. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +91 -40
  443. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -12
  444. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +50 -32
  445. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +18 -11
  446. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +37 -26
  447. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +46 -27
  448. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +101 -70
  449. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +46 -0
  450. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +117 -0
  451. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +40 -23
  452. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +161 -75
  453. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +31 -18
  454. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +114 -56
  455. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +46 -29
  456. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +139 -91
  457. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +65 -42
  458. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +200 -121
  459. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +80 -45
  460. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +208 -131
  461. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +34 -21
  462. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +74 -53
  463. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -4
  464. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +13 -8
  465. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +16 -9
  466. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +28 -18
  467. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +28 -15
  468. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +55 -34
  469. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +43 -22
  470. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +91 -53
  471. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +35 -20
  472. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +92 -57
  473. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +7 -4
  474. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +16 -9
  475. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -11
  476. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +48 -26
  477. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +23 -14
  478. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +61 -41
  479. data/src/core/ext/upb-generated/google/api/annotations.upb.c +14 -11
  480. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -20
  481. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +255 -154
  482. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +934 -450
  483. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +299 -180
  484. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +946 -483
  485. data/src/core/ext/upb-generated/google/api/http.upb.c +68 -35
  486. data/src/core/ext/upb-generated/google/api/http.upb.h +284 -120
  487. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +22 -13
  488. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +95 -37
  489. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -10
  490. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +38 -22
  491. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +1018 -424
  492. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +3851 -1412
  493. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -10
  494. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +38 -22
  495. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +10 -7
  496. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +18 -14
  497. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +62 -39
  498. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +207 -102
  499. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -10
  500. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +38 -22
  501. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +90 -51
  502. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +157 -107
  503. data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -13
  504. data/src/core/ext/upb-generated/google/rpc/status.upb.h +95 -37
  505. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +59 -34
  506. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +154 -92
  507. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +43 -24
  508. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +118 -60
  509. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +250 -145
  510. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +919 -415
  511. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +34 -19
  512. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +76 -51
  513. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +25 -14
  514. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +45 -30
  515. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +144 -81
  516. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +405 -217
  517. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +51 -26
  518. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +153 -61
  519. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +173 -102
  520. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +855 -298
  521. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +68 -49
  522. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +155 -104
  523. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +26 -17
  524. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +55 -34
  525. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +12 -9
  526. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +31 -14
  527. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +26 -17
  528. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +55 -34
  529. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +23 -16
  530. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +45 -30
  531. data/src/core/ext/upb-generated/validate/validate.upb.c +845 -455
  532. data/src/core/ext/upb-generated/validate/validate.upb.h +4347 -1908
  533. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +68 -49
  534. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +155 -104
  535. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +26 -17
  536. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +55 -34
  537. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +12 -9
  538. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +31 -14
  539. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +65 -44
  540. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +137 -91
  541. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +23 -16
  542. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +45 -30
  543. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +16 -9
  544. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +28 -18
  545. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +56 -0
  546. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +122 -0
  547. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +37 -22
  548. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +96 -63
  549. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +26 -17
  550. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +52 -29
  551. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +21 -12
  552. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +45 -30
  553. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +23 -14
  554. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +62 -42
  555. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +44 -25
  556. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +169 -79
  557. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +27 -14
  558. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +65 -38
  559. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +86 -30
  560. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +223 -54
  561. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +21 -13
  562. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +89 -34
  563. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +53 -0
  564. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +107 -0
  565. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +75 -0
  566. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +270 -0
  567. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +39 -0
  568. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +78 -0
  569. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +78 -0
  570. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +289 -0
  571. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +162 -101
  572. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +501 -293
  573. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +160 -0
  574. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +740 -0
  575. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +24 -15
  576. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +53 -37
  577. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +40 -23
  578. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +161 -75
  579. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +82 -0
  580. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +240 -0
  581. data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +85 -0
  582. data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +246 -0
  583. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +21 -13
  584. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +45 -30
  585. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +1 -1
  586. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +6 -5
  587. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +55 -54
  588. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +6 -5
  589. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +1 -1
  590. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +6 -5
  591. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +35 -14
  592. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +16 -5
  593. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +1 -1
  594. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +6 -5
  595. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +1 -1
  596. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +6 -5
  597. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +1 -1
  598. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +6 -5
  599. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +1 -1
  600. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +6 -5
  601. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +1 -1
  602. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +6 -5
  603. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +1 -1
  604. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +6 -5
  605. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +1 -1
  606. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +6 -5
  607. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +1 -1
  608. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +6 -5
  609. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +1 -1
  610. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +6 -5
  611. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +1 -1
  612. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +6 -5
  613. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +252 -241
  614. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +6 -5
  615. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +1 -1
  616. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +6 -5
  617. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +233 -225
  618. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +6 -10
  619. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +1 -1
  620. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +6 -5
  621. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +1 -1
  622. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +6 -5
  623. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +1 -1
  624. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +6 -5
  625. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +96 -76
  626. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +11 -5
  627. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +1 -1
  628. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +6 -5
  629. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +95 -94
  630. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +6 -5
  631. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +13 -12
  632. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +11 -5
  633. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +1 -1
  634. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +6 -5
  635. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +1 -1
  636. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +6 -5
  637. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +1 -1
  638. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +6 -5
  639. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +1 -1
  640. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +6 -5
  641. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +82 -76
  642. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +6 -5
  643. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +1 -1
  644. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +6 -5
  645. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +193 -188
  646. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +6 -5
  647. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +32 -16
  648. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +11 -5
  649. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +1 -1
  650. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +6 -5
  651. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +8 -4
  652. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +11 -5
  653. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +1 -1
  654. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +6 -5
  655. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +1 -1
  656. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +6 -5
  657. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +1 -1
  658. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +6 -5
  659. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +72 -67
  660. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +6 -5
  661. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +1 -1
  662. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +6 -5
  663. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +1 -1
  664. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +6 -5
  665. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +141 -134
  666. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +21 -5
  667. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +1 -1
  668. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +6 -5
  669. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +55 -42
  670. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +6 -5
  671. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +1 -1
  672. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +6 -5
  673. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +1 -1
  674. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +6 -5
  675. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +1 -1
  676. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +6 -5
  677. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +1 -1
  678. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +6 -5
  679. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +167 -138
  680. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +16 -5
  681. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +82 -71
  682. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +11 -5
  683. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +772 -739
  684. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +16 -5
  685. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +1 -1
  686. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +6 -5
  687. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +1 -1
  688. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +6 -5
  689. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +17 -15
  690. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +6 -5
  691. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +1 -1
  692. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +6 -5
  693. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +1 -1
  694. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +6 -5
  695. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +1 -1
  696. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +6 -5
  697. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +1 -1
  698. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +6 -5
  699. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +7 -9
  700. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +6 -5
  701. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +1 -1
  702. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +6 -5
  703. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +1 -1
  704. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +6 -5
  705. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +1 -1
  706. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +6 -5
  707. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +1 -1
  708. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +6 -5
  709. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +21 -19
  710. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +6 -5
  711. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +1 -1
  712. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +6 -5
  713. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +1 -1
  714. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +6 -5
  715. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +1 -1
  716. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +6 -5
  717. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +1 -1
  718. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +6 -5
  719. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +54 -43
  720. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +6 -5
  721. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +60 -0
  722. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +41 -0
  723. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +382 -364
  724. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +6 -5
  725. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +50 -0
  726. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +36 -0
  727. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +1 -1
  728. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +6 -5
  729. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +138 -136
  730. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +6 -5
  731. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +1 -1
  732. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +6 -5
  733. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +151 -147
  734. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +6 -5
  735. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +1 -1
  736. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +6 -5
  737. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +6 -6
  738. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +6 -5
  739. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +17 -14
  740. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +6 -5
  741. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +6 -6
  742. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +6 -5
  743. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +12 -13
  744. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +6 -5
  745. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +1 -1
  746. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +6 -5
  747. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +1 -1
  748. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +6 -5
  749. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +48 -0
  750. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +36 -0
  751. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +13 -10
  752. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +11 -5
  753. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +1 -1
  754. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +6 -5
  755. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +1 -1
  756. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +6 -5
  757. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +1 -1
  758. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +6 -5
  759. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +1 -1
  760. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +6 -5
  761. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +15 -15
  762. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +6 -5
  763. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +40 -0
  764. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +41 -0
  765. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +1 -1
  766. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +6 -5
  767. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +1 -1
  768. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +6 -5
  769. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +1 -1
  770. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +6 -5
  771. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +1 -1
  772. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +6 -5
  773. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +1 -1
  774. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +6 -5
  775. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +1 -1
  776. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +6 -5
  777. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +1 -1
  778. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +6 -5
  779. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +1 -1
  780. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +6 -5
  781. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +1 -1
  782. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +6 -5
  783. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +1 -1
  784. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +6 -5
  785. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +1 -1
  786. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +6 -5
  787. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +11 -10
  788. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +6 -5
  789. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +1 -1
  790. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +6 -5
  791. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +1 -1
  792. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +6 -5
  793. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +1 -1
  794. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +6 -5
  795. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +1 -1
  796. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +6 -5
  797. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +1 -1
  798. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +6 -5
  799. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +1 -1
  800. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +6 -5
  801. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +1 -1
  802. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +6 -5
  803. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +1 -1
  804. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +6 -5
  805. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +329 -273
  806. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +11 -5
  807. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +1 -1
  808. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +6 -5
  809. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +1 -1
  810. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +6 -5
  811. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +1 -1
  812. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +6 -5
  813. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +1 -1
  814. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +6 -5
  815. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +1 -1
  816. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +6 -5
  817. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +1 -1
  818. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +6 -5
  819. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +1 -1
  820. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +6 -5
  821. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +1 -1
  822. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +6 -5
  823. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +1 -1
  824. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +6 -5
  825. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +1 -1
  826. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +6 -5
  827. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +1 -1
  828. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +6 -5
  829. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +1 -1
  830. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +6 -5
  831. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +1 -1
  832. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +6 -5
  833. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +1 -1
  834. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +6 -5
  835. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +1 -1
  836. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +6 -5
  837. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +1 -1
  838. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +6 -5
  839. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +1 -1
  840. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +6 -5
  841. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +1 -1
  842. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +6 -5
  843. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +1 -1
  844. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +6 -5
  845. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +1 -1
  846. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +6 -5
  847. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +45 -0
  848. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +36 -0
  849. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +1 -1
  850. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +6 -5
  851. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +1 -1
  852. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +6 -5
  853. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +1 -1
  854. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +6 -5
  855. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +1 -1
  856. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +6 -5
  857. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +1 -1
  858. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +6 -5
  859. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +1 -1
  860. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +6 -5
  861. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +43 -0
  862. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +36 -0
  863. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +51 -0
  864. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +41 -0
  865. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +36 -0
  866. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +36 -0
  867. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +55 -0
  868. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +41 -0
  869. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +10 -10
  870. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +6 -5
  871. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +71 -0
  872. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +61 -0
  873. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +1 -1
  874. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +6 -5
  875. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +1 -1
  876. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +6 -5
  877. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +60 -0
  878. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +41 -0
  879. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +36 -0
  880. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +46 -0
  881. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +5 -8
  882. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +6 -5
  883. data/src/core/ext/xds/certificate_provider_store.cc +8 -13
  884. data/src/core/ext/xds/certificate_provider_store.h +4 -4
  885. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +32 -46
  886. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +17 -12
  887. data/src/core/ext/xds/upb_utils.h +4 -4
  888. data/src/core/ext/xds/xds_api.cc +61 -113
  889. data/src/core/ext/xds/xds_api.h +13 -15
  890. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  891. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  892. data/src/core/ext/xds/xds_bootstrap.cc +3 -3
  893. data/src/core/ext/xds/xds_bootstrap.h +3 -4
  894. data/src/core/ext/xds/xds_bootstrap_grpc.cc +37 -33
  895. data/src/core/ext/xds/xds_bootstrap_grpc.h +24 -4
  896. data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
  897. data/src/core/ext/xds/xds_certificate_provider.h +4 -4
  898. data/src/core/ext/xds/xds_channel_args.h +3 -3
  899. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -3
  900. data/src/core/ext/xds/xds_channel_stack_modifier.h +4 -4
  901. data/src/core/ext/xds/xds_client.cc +171 -104
  902. data/src/core/ext/xds/xds_client.h +17 -9
  903. data/src/core/ext/xds/xds_client_grpc.cc +30 -24
  904. data/src/core/ext/xds/xds_client_grpc.h +4 -4
  905. data/src/core/ext/xds/xds_client_stats.cc +46 -32
  906. data/src/core/ext/xds/xds_client_stats.h +46 -41
  907. data/src/core/ext/xds/xds_cluster.cc +358 -205
  908. data/src/core/ext/xds/xds_cluster.h +55 -39
  909. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +61 -74
  910. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +50 -26
  911. data/src/core/ext/xds/xds_common_types.cc +213 -141
  912. data/src/core/ext/xds/xds_common_types.h +22 -16
  913. data/src/core/ext/xds/xds_endpoint.cc +229 -132
  914. data/src/core/ext/xds/xds_endpoint.h +17 -12
  915. data/src/core/ext/xds/xds_health_status.cc +80 -0
  916. data/src/core/ext/xds/xds_health_status.h +109 -0
  917. data/src/core/ext/xds/xds_http_fault_filter.cc +68 -51
  918. data/src/core/ext/xds/xds_http_fault_filter.h +19 -26
  919. data/src/core/ext/xds/xds_http_filters.cc +65 -73
  920. data/src/core/ext/xds/xds_http_filters.h +76 -25
  921. data/src/core/ext/xds/xds_http_rbac_filter.cc +303 -272
  922. data/src/core/ext/xds/xds_http_rbac_filter.h +19 -21
  923. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +222 -0
  924. data/src/core/ext/xds/xds_http_stateful_session_filter.h +59 -0
  925. data/src/core/ext/xds/xds_lb_policy_registry.cc +211 -166
  926. data/src/core/ext/xds/xds_lb_policy_registry.h +13 -14
  927. data/src/core/ext/xds/xds_listener.cc +456 -420
  928. data/src/core/ext/xds/xds_listener.h +49 -51
  929. data/src/core/ext/xds/xds_resource_type.h +8 -16
  930. data/src/core/ext/xds/xds_resource_type_impl.h +13 -16
  931. data/src/core/ext/xds/xds_route_config.cc +566 -534
  932. data/src/core/ext/xds/xds_route_config.h +43 -32
  933. data/src/core/ext/xds/xds_routing.cc +4 -3
  934. data/src/core/ext/xds/xds_routing.h +5 -3
  935. data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -106
  936. data/src/core/ext/xds/xds_transport.h +3 -3
  937. data/src/core/ext/xds/xds_transport_grpc.cc +10 -9
  938. data/src/core/ext/xds/xds_transport_grpc.h +4 -4
  939. data/src/core/lib/address_utils/parse_address.cc +30 -29
  940. data/src/core/lib/address_utils/parse_address.h +35 -35
  941. data/src/core/lib/address_utils/sockaddr_utils.cc +30 -28
  942. data/src/core/lib/address_utils/sockaddr_utils.h +36 -36
  943. data/src/core/lib/avl/avl.h +12 -7
  944. data/src/core/lib/backoff/backoff.cc +17 -17
  945. data/src/core/lib/backoff/backoff.h +20 -20
  946. data/src/core/lib/backoff/random_early_detection.cc +31 -0
  947. data/src/core/lib/backoff/random_early_detection.h +59 -0
  948. data/src/core/lib/channel/call_finalization.h +4 -4
  949. data/src/core/lib/channel/call_tracer.cc +51 -0
  950. data/src/core/lib/channel/call_tracer.h +106 -34
  951. data/src/core/lib/channel/channel_args.cc +100 -42
  952. data/src/core/lib/channel/channel_args.h +104 -49
  953. data/src/core/lib/channel/channel_args_preconditioning.h +4 -4
  954. data/src/core/lib/channel/channel_fwd.h +3 -3
  955. data/src/core/lib/channel/channel_stack.cc +60 -57
  956. data/src/core/lib/channel/channel_stack.h +148 -135
  957. data/src/core/lib/channel/channel_stack_builder.cc +21 -24
  958. data/src/core/lib/channel/channel_stack_builder.h +17 -9
  959. data/src/core/lib/channel/channel_stack_builder_impl.cc +56 -25
  960. data/src/core/lib/channel/channel_stack_builder_impl.h +5 -3
  961. data/src/core/lib/channel/channel_trace.cc +37 -34
  962. data/src/core/lib/channel/channel_trace.h +22 -22
  963. data/src/core/lib/channel/channelz.cc +181 -154
  964. data/src/core/lib/channel/channelz.h +71 -64
  965. data/src/core/lib/channel/channelz_registry.cc +41 -37
  966. data/src/core/lib/channel/channelz_registry.h +21 -21
  967. data/src/core/lib/channel/connected_channel.cc +764 -67
  968. data/src/core/lib/channel/connected_channel.h +20 -24
  969. data/src/core/lib/channel/context.h +33 -22
  970. data/src/core/lib/channel/promise_based_filter.cc +1591 -278
  971. data/src/core/lib/channel/promise_based_filter.h +486 -104
  972. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  973. data/src/core/lib/channel/status_util.cc +35 -17
  974. data/src/core/lib/channel/status_util.h +29 -22
  975. data/src/core/lib/compression/compression.cc +19 -19
  976. data/src/core/lib/compression/compression_internal.cc +38 -48
  977. data/src/core/lib/compression/compression_internal.h +25 -25
  978. data/src/core/lib/compression/message_compress.cc +26 -26
  979. data/src/core/lib/compression/message_compress.h +27 -27
  980. data/src/core/lib/config/config_vars.cc +153 -0
  981. data/src/core/lib/config/config_vars.h +127 -0
  982. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  983. data/src/core/lib/config/core_configuration.h +3 -3
  984. data/src/core/lib/config/load_config.cc +79 -0
  985. data/src/core/lib/config/load_config.h +55 -0
  986. data/src/core/lib/debug/event_log.cc +88 -0
  987. data/src/core/lib/debug/event_log.h +81 -0
  988. data/src/core/lib/debug/histogram_view.cc +69 -0
  989. data/src/core/lib/debug/histogram_view.h +37 -0
  990. data/src/core/lib/debug/stats.cc +39 -136
  991. data/src/core/lib/debug/stats.h +49 -55
  992. data/src/core/lib/debug/stats_data.cc +240 -88
  993. data/src/core/lib/debug/stats_data.h +295 -145
  994. data/src/core/lib/debug/trace.cc +56 -79
  995. data/src/core/lib/debug/trace.h +37 -54
  996. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  997. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  998. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  999. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  1000. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  1001. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +5 -0
  1002. data/src/core/lib/event_engine/channel_args_endpoint_config.h +3 -3
  1003. data/src/core/lib/event_engine/common_closures.h +71 -0
  1004. data/src/core/lib/event_engine/default_event_engine.cc +56 -16
  1005. data/src/core/lib/event_engine/default_event_engine.h +44 -8
  1006. data/src/core/lib/event_engine/default_event_engine_factory.cc +16 -6
  1007. data/src/core/lib/event_engine/default_event_engine_factory.h +3 -3
  1008. data/src/core/lib/event_engine/event_engine.cc +60 -0
  1009. data/src/core/lib/event_engine/forkable.cc +11 -6
  1010. data/src/core/lib/event_engine/forkable.h +3 -3
  1011. data/src/core/lib/event_engine/handle_containers.h +12 -20
  1012. data/src/core/lib/event_engine/memory_allocator.cc +1 -1
  1013. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  1014. data/src/core/lib/event_engine/poller.h +13 -7
  1015. data/src/core/lib/event_engine/posix.h +162 -0
  1016. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +642 -0
  1017. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +139 -0
  1018. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +895 -0
  1019. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
  1020. data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
  1021. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +68 -0
  1022. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +33 -0
  1023. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
  1024. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
  1025. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +254 -0
  1026. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
  1027. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1338 -0
  1028. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +726 -0
  1029. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +523 -28
  1030. data/src/core/lib/event_engine/posix_engine/posix_engine.h +165 -27
  1031. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
  1032. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +292 -0
  1033. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +278 -0
  1034. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +379 -0
  1035. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.h +91 -0
  1036. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +867 -0
  1037. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +316 -0
  1038. data/src/core/lib/event_engine/posix_engine/timer.cc +49 -49
  1039. data/src/core/lib/event_engine/posix_engine/timer.h +90 -89
  1040. data/src/core/lib/event_engine/posix_engine/timer_heap.cc +27 -27
  1041. data/src/core/lib/event_engine/posix_engine/timer_heap.h +24 -24
  1042. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +76 -214
  1043. data/src/core/lib/event_engine/posix_engine/timer_manager.h +44 -72
  1044. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +332 -0
  1045. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +185 -0
  1046. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +127 -0
  1047. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
  1048. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +150 -0
  1049. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
  1050. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
  1051. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
  1052. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
  1053. data/src/core/lib/event_engine/resolved_address.cc +21 -1
  1054. data/src/core/lib/event_engine/{executor/executor.h → resolved_address_internal.h} +11 -15
  1055. data/src/core/lib/event_engine/shim.cc +64 -0
  1056. data/src/core/lib/event_engine/{executor/threaded_executor.cc → shim.h} +10 -13
  1057. data/src/core/lib/event_engine/slice.cc +8 -7
  1058. data/src/core/lib/event_engine/slice_buffer.cc +2 -2
  1059. data/src/core/lib/event_engine/tcp_socket_utils.cc +389 -0
  1060. data/src/core/lib/event_engine/tcp_socket_utils.h +90 -0
  1061. data/src/core/lib/event_engine/thread_local.cc +29 -0
  1062. data/src/core/lib/event_engine/thread_local.h +32 -0
  1063. data/src/core/lib/event_engine/thread_pool/original_thread_pool.cc +256 -0
  1064. data/src/core/lib/event_engine/thread_pool/original_thread_pool.h +137 -0
  1065. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  1066. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +40 -0
  1067. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  1068. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  1069. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  1070. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  1071. data/src/core/lib/event_engine/time_util.h +3 -3
  1072. data/src/core/lib/event_engine/trace.cc +7 -0
  1073. data/src/core/lib/event_engine/trace.h +22 -3
  1074. data/src/core/lib/event_engine/utils.cc +2 -2
  1075. data/src/core/lib/event_engine/utils.h +12 -4
  1076. data/src/core/lib/event_engine/windows/iocp.cc +39 -53
  1077. data/src/core/lib/event_engine/windows/iocp.h +7 -7
  1078. data/src/core/lib/event_engine/windows/win_socket.cc +69 -47
  1079. data/src/core/lib/event_engine/windows/win_socket.h +38 -29
  1080. data/src/core/lib/event_engine/windows/windows_endpoint.cc +379 -0
  1081. data/src/core/lib/event_engine/windows/windows_endpoint.h +120 -0
  1082. data/src/core/lib/event_engine/windows/windows_engine.cc +285 -33
  1083. data/src/core/lib/event_engine/windows/windows_engine.h +70 -26
  1084. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  1085. data/src/core/lib/event_engine/windows/windows_listener.h +156 -0
  1086. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  1087. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  1088. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  1089. data/src/core/lib/experiments/config.cc +56 -17
  1090. data/src/core/lib/experiments/config.h +29 -3
  1091. data/src/core/lib/experiments/experiments.cc +92 -29
  1092. data/src/core/lib/experiments/experiments.h +101 -23
  1093. data/src/core/lib/gpr/alloc.cc +19 -17
  1094. data/src/core/lib/gpr/alloc.h +20 -20
  1095. data/src/core/lib/gpr/{log_android.cc → android/log.cc} +22 -20
  1096. data/src/core/lib/gpr/atm.cc +17 -17
  1097. data/src/core/lib/gpr/iphone/cpu.cc +44 -0
  1098. data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +28 -23
  1099. data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +24 -24
  1100. data/src/core/lib/gpr/log.cc +42 -47
  1101. data/src/core/lib/gpr/log_internal.h +55 -0
  1102. data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +21 -20
  1103. data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +23 -22
  1104. data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +20 -19
  1105. data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +24 -24
  1106. data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +23 -21
  1107. data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +40 -30
  1108. data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +22 -20
  1109. data/src/core/lib/gpr/spinlock.h +20 -20
  1110. data/src/core/lib/gpr/string.cc +25 -24
  1111. data/src/core/lib/gpr/string.h +61 -61
  1112. data/src/core/lib/gpr/sync.cc +25 -25
  1113. data/src/core/lib/gpr/sync_abseil.cc +37 -27
  1114. data/src/core/lib/gpr/time.cc +23 -21
  1115. data/src/core/lib/gpr/time_precise.cc +22 -22
  1116. data/src/core/lib/gpr/time_precise.h +20 -21
  1117. data/src/core/lib/gpr/tmpfile.h +24 -24
  1118. data/src/core/lib/gpr/useful.h +43 -30
  1119. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc → lib/gpr/windows/cpu.cc} +16 -11
  1120. data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +25 -24
  1121. data/src/core/lib/gpr/windows/string.cc +69 -0
  1122. data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +22 -22
  1123. data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +29 -27
  1124. data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +25 -22
  1125. data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +23 -22
  1126. data/src/core/lib/gpr/wrap_memcpy.cc +23 -23
  1127. data/src/core/lib/gprpp/atomic_utils.h +20 -20
  1128. data/src/core/lib/gprpp/bitset.h +27 -3
  1129. data/src/core/lib/gprpp/chunked_vector.h +3 -3
  1130. data/src/core/lib/gprpp/construct_destruct.h +3 -3
  1131. data/src/core/lib/gprpp/cpp_impl_of.h +3 -3
  1132. data/src/core/lib/gprpp/crash.cc +43 -0
  1133. data/src/core/lib/gprpp/crash.h +37 -0
  1134. data/src/core/lib/gprpp/debug_location.h +20 -23
  1135. data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
  1136. data/src/core/lib/gprpp/env.h +23 -23
  1137. data/src/core/lib/gprpp/examine_stack.cc +17 -17
  1138. data/src/core/lib/gprpp/examine_stack.h +21 -21
  1139. data/src/core/lib/gprpp/fork.cc +49 -39
  1140. data/src/core/lib/gprpp/fork.h +29 -27
  1141. data/src/core/lib/gprpp/host_port.cc +28 -26
  1142. data/src/core/lib/gprpp/host_port.h +32 -31
  1143. data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +21 -21
  1144. data/src/core/lib/gprpp/load_file.cc +75 -0
  1145. data/src/core/lib/gprpp/load_file.h +33 -0
  1146. data/src/core/lib/gprpp/manual_constructor.h +22 -21
  1147. data/src/core/lib/gprpp/match.h +3 -3
  1148. data/src/core/lib/gprpp/memory.h +21 -21
  1149. data/src/core/lib/gprpp/mpscq.cc +17 -17
  1150. data/src/core/lib/gprpp/mpscq.h +21 -21
  1151. data/src/core/lib/gprpp/no_destruct.h +4 -3
  1152. data/src/core/lib/gprpp/notification.h +3 -3
  1153. data/src/core/lib/gprpp/orphanable.h +25 -24
  1154. data/src/core/lib/gprpp/overload.h +3 -3
  1155. data/src/core/lib/gprpp/packed_table.h +3 -3
  1156. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  1157. data/src/core/lib/gprpp/per_cpu.h +75 -0
  1158. data/src/core/lib/gprpp/posix/env.cc +47 -0
  1159. data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +5 -4
  1160. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +75 -64
  1161. data/src/core/lib/gprpp/ref_counted.h +54 -55
  1162. data/src/core/lib/gprpp/ref_counted_ptr.h +22 -21
  1163. data/src/core/lib/gprpp/single_set_ptr.h +3 -3
  1164. data/src/core/lib/gprpp/sorted_pack.h +3 -3
  1165. data/src/core/lib/gprpp/stat.h +3 -3
  1166. data/src/core/lib/gprpp/status_helper.cc +6 -5
  1167. data/src/core/lib/gprpp/status_helper.h +4 -6
  1168. data/src/core/lib/gprpp/strerror.cc +43 -0
  1169. data/src/core/lib/gprpp/strerror.h +29 -0
  1170. data/src/core/lib/gprpp/sync.h +23 -23
  1171. data/src/core/lib/gprpp/table.h +4 -3
  1172. data/src/core/lib/gprpp/tchar.h +3 -3
  1173. data/src/core/lib/gprpp/thd.h +39 -23
  1174. data/src/core/lib/gprpp/time.cc +18 -10
  1175. data/src/core/lib/gprpp/time.h +16 -6
  1176. data/src/core/lib/gprpp/time_averaged_stats.cc +20 -20
  1177. data/src/core/lib/gprpp/time_averaged_stats.h +50 -50
  1178. data/src/core/lib/gprpp/time_util.h +4 -4
  1179. data/src/core/lib/gprpp/unique_type_name.h +21 -21
  1180. data/src/core/lib/gprpp/validation_errors.cc +8 -3
  1181. data/src/core/lib/gprpp/validation_errors.h +37 -13
  1182. data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +18 -18
  1183. data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +4 -2
  1184. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +28 -28
  1185. data/src/core/lib/gprpp/work_serializer.h +3 -3
  1186. data/src/core/lib/handshaker/proxy_mapper.h +21 -21
  1187. data/src/core/lib/handshaker/proxy_mapper_registry.cc +17 -17
  1188. data/src/core/lib/handshaker/proxy_mapper_registry.h +21 -21
  1189. data/src/core/lib/http/format_request.cc +19 -18
  1190. data/src/core/lib/http/format_request.h +20 -20
  1191. data/src/core/lib/http/httpcli.cc +58 -61
  1192. data/src/core/lib/http/httpcli.h +29 -29
  1193. data/src/core/lib/http/httpcli_security_connector.cc +22 -25
  1194. data/src/core/lib/http/httpcli_ssl_credentials.h +3 -3
  1195. data/src/core/lib/http/parser.cc +76 -87
  1196. data/src/core/lib/http/parser.h +35 -35
  1197. data/src/core/lib/iomgr/block_annotate.h +23 -23
  1198. data/src/core/lib/iomgr/buffer_list.cc +156 -136
  1199. data/src/core/lib/iomgr/buffer_list.h +122 -101
  1200. data/src/core/lib/iomgr/call_combiner.cc +32 -30
  1201. data/src/core/lib/iomgr/call_combiner.h +26 -27
  1202. data/src/core/lib/iomgr/cfstream_handle.cc +34 -37
  1203. data/src/core/lib/iomgr/cfstream_handle.h +25 -25
  1204. data/src/core/lib/iomgr/closure.cc +27 -0
  1205. data/src/core/lib/iomgr/closure.h +95 -48
  1206. data/src/core/lib/iomgr/combiner.cc +20 -19
  1207. data/src/core/lib/iomgr/combiner.h +20 -20
  1208. data/src/core/lib/iomgr/dualstack_socket_posix.cc +21 -21
  1209. data/src/core/lib/iomgr/dynamic_annotations.h +22 -22
  1210. data/src/core/lib/iomgr/endpoint.cc +17 -17
  1211. data/src/core/lib/iomgr/endpoint.h +49 -49
  1212. data/src/core/lib/iomgr/endpoint_cfstream.cc +58 -53
  1213. data/src/core/lib/iomgr/endpoint_cfstream.h +32 -32
  1214. data/src/core/lib/iomgr/endpoint_pair.h +22 -22
  1215. data/src/core/lib/iomgr/endpoint_pair_posix.cc +22 -21
  1216. data/src/core/lib/iomgr/endpoint_pair_windows.cc +29 -20
  1217. data/src/core/lib/iomgr/error.cc +49 -61
  1218. data/src/core/lib/iomgr/error.h +45 -176
  1219. data/src/core/lib/iomgr/error_cfstream.cc +18 -18
  1220. data/src/core/lib/iomgr/error_cfstream.h +21 -21
  1221. data/src/core/lib/iomgr/ev_apple.cc +33 -33
  1222. data/src/core/lib/iomgr/ev_apple.h +21 -21
  1223. data/src/core/lib/iomgr/ev_epoll1_linux.cc +218 -198
  1224. data/src/core/lib/iomgr/ev_epoll1_linux.h +20 -20
  1225. data/src/core/lib/iomgr/ev_poll_posix.cc +212 -205
  1226. data/src/core/lib/iomgr/ev_poll_posix.h +20 -20
  1227. data/src/core/lib/iomgr/ev_posix.cc +47 -79
  1228. data/src/core/lib/iomgr/ev_posix.h +88 -87
  1229. data/src/core/lib/iomgr/ev_windows.cc +18 -18
  1230. data/src/core/lib/iomgr/event_engine_shims/closure.cc +62 -0
  1231. data/src/core/lib/{event_engine/executor/threaded_executor.h → iomgr/event_engine_shims/closure.h} +11 -16
  1232. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +471 -0
  1233. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +43 -0
  1234. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +91 -0
  1235. data/src/core/lib/iomgr/event_engine_shims/tcp_client.h +44 -0
  1236. data/src/core/lib/iomgr/exec_ctx.cc +34 -34
  1237. data/src/core/lib/iomgr/exec_ctx.h +144 -144
  1238. data/src/core/lib/iomgr/executor.cc +21 -21
  1239. data/src/core/lib/iomgr/executor.h +27 -27
  1240. data/src/core/lib/iomgr/fork_posix.cc +29 -26
  1241. data/src/core/lib/iomgr/fork_windows.cc +21 -21
  1242. data/src/core/lib/iomgr/gethostname.h +20 -20
  1243. data/src/core/lib/iomgr/gethostname_fallback.cc +17 -17
  1244. data/src/core/lib/iomgr/gethostname_host_name_max.cc +17 -17
  1245. data/src/core/lib/iomgr/gethostname_sysconf.cc +17 -17
  1246. data/src/core/lib/iomgr/grpc_if_nametoindex.h +22 -22
  1247. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +20 -19
  1248. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +20 -19
  1249. data/src/core/lib/iomgr/internal_errqueue.cc +4 -2
  1250. data/src/core/lib/iomgr/internal_errqueue.h +83 -83
  1251. data/src/core/lib/iomgr/iocp_windows.cc +46 -24
  1252. data/src/core/lib/iomgr/iocp_windows.h +32 -21
  1253. data/src/core/lib/iomgr/iomgr.cc +23 -26
  1254. data/src/core/lib/iomgr/iomgr.h +35 -35
  1255. data/src/core/lib/iomgr/iomgr_fwd.h +3 -3
  1256. data/src/core/lib/iomgr/iomgr_internal.cc +17 -17
  1257. data/src/core/lib/iomgr/iomgr_internal.h +28 -28
  1258. data/src/core/lib/iomgr/iomgr_posix.cc +20 -20
  1259. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +21 -20
  1260. data/src/core/lib/iomgr/iomgr_windows.cc +32 -24
  1261. data/src/core/lib/iomgr/load_file.cc +24 -27
  1262. data/src/core/lib/iomgr/load_file.h +22 -22
  1263. data/src/core/lib/iomgr/lockfree_event.cc +114 -114
  1264. data/src/core/lib/iomgr/lockfree_event.h +23 -23
  1265. data/src/core/lib/iomgr/nameser.h +86 -86
  1266. data/src/core/lib/iomgr/polling_entity.cc +25 -21
  1267. data/src/core/lib/iomgr/polling_entity.h +29 -29
  1268. data/src/core/lib/iomgr/pollset.cc +17 -17
  1269. data/src/core/lib/iomgr/pollset.h +54 -54
  1270. data/src/core/lib/iomgr/pollset_set.cc +17 -17
  1271. data/src/core/lib/iomgr/pollset_set.h +25 -25
  1272. data/src/core/lib/iomgr/pollset_set_windows.cc +27 -27
  1273. data/src/core/lib/iomgr/pollset_set_windows.h +20 -20
  1274. data/src/core/lib/iomgr/pollset_windows.cc +33 -32
  1275. data/src/core/lib/iomgr/pollset_windows.h +24 -24
  1276. data/src/core/lib/iomgr/port.h +31 -31
  1277. data/src/core/lib/iomgr/python_util.h +24 -24
  1278. data/src/core/lib/iomgr/resolve_address.cc +26 -20
  1279. data/src/core/lib/iomgr/resolve_address.h +24 -25
  1280. data/src/core/lib/iomgr/resolve_address_impl.h +4 -4
  1281. data/src/core/lib/iomgr/resolve_address_posix.cc +35 -45
  1282. data/src/core/lib/iomgr/resolve_address_posix.h +4 -5
  1283. data/src/core/lib/iomgr/resolve_address_windows.cc +18 -20
  1284. data/src/core/lib/iomgr/resolve_address_windows.h +4 -5
  1285. data/src/core/lib/iomgr/resolved_address.h +3 -3
  1286. data/src/core/lib/iomgr/sockaddr.h +23 -23
  1287. data/src/core/lib/iomgr/sockaddr_posix.h +21 -21
  1288. data/src/core/lib/iomgr/sockaddr_utils_posix.cc +18 -17
  1289. data/src/core/lib/iomgr/sockaddr_windows.h +21 -21
  1290. data/src/core/lib/iomgr/socket_factory_posix.cc +18 -18
  1291. data/src/core/lib/iomgr/socket_factory_posix.h +32 -32
  1292. data/src/core/lib/iomgr/socket_mutator.cc +19 -18
  1293. data/src/core/lib/iomgr/socket_mutator.h +39 -39
  1294. data/src/core/lib/iomgr/socket_utils.h +27 -27
  1295. data/src/core/lib/iomgr/socket_utils_common_posix.cc +87 -70
  1296. data/src/core/lib/iomgr/socket_utils_linux.cc +18 -17
  1297. data/src/core/lib/iomgr/socket_utils_posix.cc +25 -20
  1298. data/src/core/lib/iomgr/socket_utils_posix.h +84 -81
  1299. data/src/core/lib/iomgr/socket_utils_windows.cc +20 -19
  1300. data/src/core/lib/iomgr/socket_windows.cc +97 -42
  1301. data/src/core/lib/iomgr/socket_windows.h +68 -61
  1302. data/src/core/lib/iomgr/systemd_utils.cc +116 -0
  1303. data/src/core/lib/iomgr/systemd_utils.h +33 -0
  1304. data/src/core/lib/iomgr/tcp_client.cc +17 -17
  1305. data/src/core/lib/iomgr/tcp_client.h +28 -28
  1306. data/src/core/lib/iomgr/tcp_client_cfstream.cc +39 -31
  1307. data/src/core/lib/iomgr/tcp_client_posix.cc +86 -73
  1308. data/src/core/lib/iomgr/tcp_client_posix.h +45 -45
  1309. data/src/core/lib/iomgr/tcp_client_windows.cc +51 -42
  1310. data/src/core/lib/iomgr/tcp_posix.cc +270 -301
  1311. data/src/core/lib/iomgr/tcp_posix.h +29 -29
  1312. data/src/core/lib/iomgr/tcp_server.cc +30 -22
  1313. data/src/core/lib/iomgr/tcp_server.h +71 -65
  1314. data/src/core/lib/iomgr/tcp_server_posix.cc +373 -98
  1315. data/src/core/lib/iomgr/tcp_server_utils_posix.h +67 -54
  1316. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +90 -55
  1317. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +40 -40
  1318. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +19 -19
  1319. data/src/core/lib/iomgr/tcp_server_windows.cc +277 -119
  1320. data/src/core/lib/iomgr/tcp_windows.cc +121 -101
  1321. data/src/core/lib/iomgr/tcp_windows.h +34 -34
  1322. data/src/core/lib/iomgr/timer.cc +17 -17
  1323. data/src/core/lib/iomgr/timer.h +68 -68
  1324. data/src/core/lib/iomgr/timer_generic.cc +132 -138
  1325. data/src/core/lib/iomgr/timer_generic.h +21 -21
  1326. data/src/core/lib/iomgr/timer_heap.cc +25 -25
  1327. data/src/core/lib/iomgr/timer_heap.h +22 -22
  1328. data/src/core/lib/iomgr/timer_manager.cc +30 -29
  1329. data/src/core/lib/iomgr/timer_manager.h +27 -27
  1330. data/src/core/lib/iomgr/unix_sockets_posix.cc +20 -21
  1331. data/src/core/lib/iomgr/unix_sockets_posix.h +21 -21
  1332. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +19 -17
  1333. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +23 -21
  1334. data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +23 -23
  1335. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +29 -26
  1336. data/src/core/lib/iomgr/wakeup_fd_pipe.h +20 -20
  1337. data/src/core/lib/iomgr/wakeup_fd_posix.cc +18 -18
  1338. data/src/core/lib/iomgr/wakeup_fd_posix.h +52 -52
  1339. data/src/core/lib/json/json.h +5 -221
  1340. data/src/core/lib/json/json_args.h +3 -3
  1341. data/src/core/lib/json/json_channel_args.h +42 -0
  1342. data/src/core/lib/json/json_object_loader.cc +39 -25
  1343. data/src/core/lib/json/json_object_loader.h +69 -21
  1344. data/src/core/lib/json/json_reader.cc +98 -70
  1345. data/src/core/lib/json/json_reader.h +34 -0
  1346. data/src/core/lib/json/json_util.cc +14 -19
  1347. data/src/core/lib/json/json_util.h +12 -11
  1348. data/src/core/lib/json/json_writer.cc +80 -81
  1349. data/src/core/{ext/xds/xds_resource_type.cc → lib/json/json_writer.h} +11 -11
  1350. data/src/core/lib/load_balancing/lb_policy.cc +36 -31
  1351. data/src/core/lib/load_balancing/lb_policy.h +32 -10
  1352. data/src/core/lib/load_balancing/lb_policy_factory.h +3 -3
  1353. data/src/core/lib/load_balancing/lb_policy_registry.cc +10 -8
  1354. data/src/core/lib/load_balancing/lb_policy_registry.h +3 -3
  1355. data/src/core/lib/load_balancing/subchannel_interface.h +9 -14
  1356. data/src/core/lib/matchers/matchers.cc +10 -9
  1357. data/src/core/lib/matchers/matchers.h +5 -4
  1358. data/src/core/lib/promise/activity.cc +43 -6
  1359. data/src/core/lib/promise/activity.h +143 -79
  1360. data/src/core/lib/promise/arena_promise.h +84 -54
  1361. data/src/core/lib/promise/cancel_callback.h +77 -0
  1362. data/src/core/lib/promise/context.h +17 -9
  1363. data/src/core/lib/promise/detail/basic_join.h +197 -0
  1364. data/src/core/lib/promise/detail/basic_seq.h +20 -45
  1365. data/src/core/lib/promise/detail/promise_factory.h +67 -14
  1366. data/src/core/lib/promise/detail/promise_like.h +3 -3
  1367. data/src/core/lib/promise/detail/status.h +31 -3
  1368. data/src/core/lib/promise/detail/switch.h +1455 -0
  1369. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +23 -15
  1370. data/src/core/lib/promise/for_each.h +176 -0
  1371. data/src/core/lib/promise/if.h +204 -0
  1372. data/src/core/lib/promise/interceptor_list.h +329 -0
  1373. data/src/core/lib/promise/latch.h +197 -23
  1374. data/src/core/lib/promise/loop.h +22 -16
  1375. data/src/core/lib/promise/map.h +12 -6
  1376. data/src/core/lib/promise/party.cc +304 -0
  1377. data/src/core/lib/promise/party.h +508 -0
  1378. data/src/core/lib/promise/pipe.h +762 -0
  1379. data/src/core/lib/promise/poll.h +177 -11
  1380. data/src/core/lib/promise/prioritized_race.h +95 -0
  1381. data/src/core/lib/promise/promise.h +6 -7
  1382. data/src/core/lib/promise/race.h +6 -9
  1383. data/src/core/lib/promise/seq.h +7 -8
  1384. data/src/core/lib/promise/sleep.cc +7 -5
  1385. data/src/core/lib/promise/sleep.h +4 -5
  1386. data/src/core/lib/promise/trace.cc +20 -0
  1387. data/src/core/lib/promise/trace.h +24 -0
  1388. data/src/core/lib/promise/try_join.h +82 -0
  1389. data/src/core/lib/promise/try_seq.h +14 -16
  1390. data/src/core/lib/resolver/resolver.cc +17 -17
  1391. data/src/core/lib/resolver/resolver.h +3 -3
  1392. data/src/core/lib/resolver/resolver_factory.h +4 -4
  1393. data/src/core/lib/resolver/resolver_registry.cc +15 -0
  1394. data/src/core/lib/resolver/resolver_registry.h +3 -3
  1395. data/src/core/lib/resolver/server_address.cc +19 -25
  1396. data/src/core/lib/resolver/server_address.h +22 -30
  1397. data/src/core/lib/resource_quota/api.cc +0 -1
  1398. data/src/core/lib/resource_quota/api.h +4 -4
  1399. data/src/core/lib/resource_quota/arena.cc +82 -20
  1400. data/src/core/lib/resource_quota/arena.h +287 -22
  1401. data/src/core/lib/resource_quota/memory_quota.cc +141 -44
  1402. data/src/core/lib/resource_quota/memory_quota.h +87 -26
  1403. data/src/core/lib/resource_quota/periodic_update.h +3 -3
  1404. data/src/core/lib/resource_quota/resource_quota.h +4 -4
  1405. data/src/core/lib/resource_quota/thread_quota.h +3 -3
  1406. data/src/core/lib/resource_quota/trace.h +3 -3
  1407. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  1408. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  1409. data/src/core/lib/security/authorization/authorization_engine.h +3 -3
  1410. data/src/core/lib/security/authorization/authorization_policy_provider.h +4 -4
  1411. data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +0 -1
  1412. data/src/core/lib/security/authorization/evaluate_args.h +3 -3
  1413. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -4
  1414. data/src/core/lib/security/authorization/grpc_authorization_engine.h +21 -4
  1415. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
  1416. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +3 -3
  1417. data/src/core/lib/security/authorization/matchers.cc +25 -22
  1418. data/src/core/lib/security/authorization/matchers.h +3 -3
  1419. data/src/core/lib/security/authorization/rbac_policy.cc +39 -7
  1420. data/src/core/lib/security/authorization/rbac_policy.h +22 -5
  1421. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  1422. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  1423. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +11 -7
  1424. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  1425. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +17 -11
  1426. data/src/core/lib/security/context/security_context.cc +22 -23
  1427. data/src/core/lib/security/context/security_context.h +43 -33
  1428. data/src/core/lib/security/credentials/alts/alts_credentials.cc +17 -17
  1429. data/src/core/lib/security/credentials/alts/alts_credentials.h +53 -53
  1430. data/src/core/lib/security/credentials/alts/check_gcp_environment.cc +19 -19
  1431. data/src/core/lib/security/credentials/alts/check_gcp_environment.h +43 -43
  1432. data/src/core/lib/security/credentials/alts/check_gcp_environment_linux.cc +17 -17
  1433. data/src/core/lib/security/credentials/alts/check_gcp_environment_no_op.cc +18 -17
  1434. data/src/core/lib/security/credentials/alts/check_gcp_environment_windows.cc +18 -17
  1435. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_client_options.cc +19 -19
  1436. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.cc +18 -18
  1437. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_options.h +38 -39
  1438. data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +18 -18
  1439. data/src/core/lib/security/credentials/call_creds_util.h +3 -3
  1440. data/src/core/lib/security/credentials/channel_creds_registry.h +3 -3
  1441. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
  1442. data/src/core/lib/security/credentials/composite/composite_credentials.cc +22 -22
  1443. data/src/core/lib/security/credentials/composite/composite_credentials.h +23 -24
  1444. data/src/core/lib/security/credentials/credentials.cc +19 -18
  1445. data/src/core/lib/security/credentials/credentials.h +37 -36
  1446. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +113 -108
  1447. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -3
  1448. data/src/core/lib/security/credentials/external/aws_request_signer.cc +5 -3
  1449. data/src/core/lib/security/credentials/external/aws_request_signer.h +3 -3
  1450. data/src/core/lib/security/credentials/external/external_account_credentials.cc +105 -115
  1451. data/src/core/lib/security/credentials/external/external_account_credentials.h +3 -3
  1452. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +39 -41
  1453. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +3 -3
  1454. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +51 -52
  1455. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +3 -3
  1456. data/src/core/lib/security/credentials/fake/fake_credentials.cc +20 -19
  1457. data/src/core/lib/security/credentials/fake/fake_credentials.h +37 -38
  1458. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +17 -17
  1459. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +72 -126
  1460. data/src/core/lib/security/credentials/google_default/google_default_credentials.h +21 -22
  1461. data/src/core/lib/security/credentials/iam/iam_credentials.cc +19 -17
  1462. data/src/core/lib/security/credentials/iam/iam_credentials.h +20 -20
  1463. data/src/core/lib/security/credentials/insecure/insecure_credentials.h +3 -3
  1464. data/src/core/lib/security/credentials/jwt/json_token.cc +43 -41
  1465. data/src/core/lib/security/credentials/jwt/json_token.h +35 -35
  1466. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +27 -22
  1467. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +22 -22
  1468. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +115 -113
  1469. data/src/core/lib/security/credentials/jwt/jwt_verifier.h +46 -46
  1470. data/src/core/lib/security/credentials/local/local_credentials.cc +17 -17
  1471. data/src/core/lib/security/credentials/local/local_credentials.h +23 -23
  1472. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +80 -80
  1473. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +24 -23
  1474. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +24 -23
  1475. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +25 -25
  1476. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +19 -20
  1477. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +20 -20
  1478. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +20 -28
  1479. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +7 -14
  1480. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +44 -44
  1481. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +5 -3
  1482. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
  1483. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.h +3 -3
  1484. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +18 -18
  1485. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +3 -3
  1486. data/src/core/lib/security/credentials/tls/tls_credentials.cc +18 -19
  1487. data/src/core/lib/security/credentials/tls/tls_credentials.h +21 -21
  1488. data/src/core/lib/security/credentials/tls/tls_utils.h +3 -3
  1489. data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -2
  1490. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  1491. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +33 -43
  1492. data/src/core/lib/security/security_connector/alts/alts_security_connector.h +43 -44
  1493. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +33 -41
  1494. data/src/core/lib/security/security_connector/fake/fake_security_connector.h +22 -23
  1495. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  1496. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +5 -10
  1497. data/src/core/lib/security/security_connector/load_system_roots.h +20 -20
  1498. data/src/core/lib/security/security_connector/load_system_roots_fallback.cc +18 -18
  1499. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +24 -31
  1500. data/src/core/lib/security/security_connector/load_system_roots_supported.h +22 -23
  1501. data/src/core/lib/security/security_connector/local/local_security_connector.cc +30 -34
  1502. data/src/core/lib/security/security_connector/local/local_security_connector.h +42 -43
  1503. data/src/core/lib/security/security_connector/security_connector.cc +17 -17
  1504. data/src/core/lib/security/security_connector/security_connector.h +35 -36
  1505. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +35 -39
  1506. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +40 -41
  1507. data/src/core/lib/security/security_connector/ssl_utils.cc +48 -64
  1508. data/src/core/lib/security/security_connector/ssl_utils.h +35 -35
  1509. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +54 -48
  1510. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +21 -21
  1511. data/src/core/lib/security/transport/auth_filters.h +45 -23
  1512. data/src/core/lib/security/transport/client_auth_filter.cc +21 -21
  1513. data/src/core/lib/security/transport/secure_endpoint.cc +58 -58
  1514. data/src/core/lib/security/transport/secure_endpoint.h +25 -25
  1515. data/src/core/lib/security/transport/security_handshaker.cc +79 -70
  1516. data/src/core/lib/security/transport/security_handshaker.h +22 -22
  1517. data/src/core/lib/security/transport/server_auth_filter.cc +160 -274
  1518. data/src/core/lib/security/transport/tsi_error.cc +23 -20
  1519. data/src/core/lib/security/transport/tsi_error.h +20 -20
  1520. data/src/core/lib/security/util/json_util.cc +27 -27
  1521. data/src/core/lib/security/util/json_util.h +20 -20
  1522. data/src/core/lib/service_config/service_config.h +4 -4
  1523. data/src/core/lib/service_config/service_config_call_data.h +54 -19
  1524. data/src/core/lib/service_config/service_config_impl.cc +118 -158
  1525. data/src/core/lib/service_config/service_config_impl.h +16 -19
  1526. data/src/core/lib/service_config/service_config_parser.cc +14 -31
  1527. data/src/core/lib/service_config/service_config_parser.h +16 -12
  1528. data/src/core/lib/slice/b64.cc +26 -26
  1529. data/src/core/lib/slice/b64.h +32 -32
  1530. data/src/core/lib/slice/percent_encoding.cc +17 -17
  1531. data/src/core/lib/slice/percent_encoding.h +28 -28
  1532. data/src/core/lib/slice/slice.cc +48 -42
  1533. data/src/core/lib/slice/slice.h +59 -18
  1534. data/src/core/lib/slice/slice_buffer.cc +63 -59
  1535. data/src/core/lib/slice/slice_buffer.h +35 -4
  1536. data/src/core/lib/slice/slice_internal.h +34 -42
  1537. data/src/core/lib/slice/slice_refcount.cc +3 -18
  1538. data/src/core/lib/slice/slice_refcount.h +53 -18
  1539. data/src/core/lib/slice/slice_string_helpers.cc +17 -17
  1540. data/src/core/lib/slice/slice_string_helpers.h +21 -21
  1541. data/src/core/lib/surface/api_trace.cc +17 -17
  1542. data/src/core/lib/surface/api_trace.h +25 -25
  1543. data/src/core/lib/surface/builtins.cc +2 -0
  1544. data/src/core/lib/surface/builtins.h +3 -3
  1545. data/src/core/lib/surface/byte_buffer.cc +22 -23
  1546. data/src/core/lib/surface/byte_buffer_reader.cc +23 -23
  1547. data/src/core/lib/surface/call.cc +2297 -535
  1548. data/src/core/lib/surface/call.h +123 -42
  1549. data/src/core/lib/surface/call_details.cc +20 -21
  1550. data/src/core/lib/surface/call_log_batch.cc +19 -18
  1551. data/src/core/lib/surface/call_test_only.h +33 -33
  1552. data/src/core/lib/surface/call_trace.cc +123 -0
  1553. data/src/core/{ext/filters/http/message_compress/message_decompress_filter.h → lib/surface/call_trace.h} +10 -12
  1554. data/src/core/lib/surface/channel.cc +62 -67
  1555. data/src/core/lib/surface/channel.h +43 -35
  1556. data/src/core/lib/surface/channel_init.cc +17 -17
  1557. data/src/core/lib/surface/channel_init.h +20 -20
  1558. data/src/core/lib/surface/channel_ping.cc +19 -19
  1559. data/src/core/lib/surface/channel_stack_type.cc +21 -17
  1560. data/src/core/lib/surface/channel_stack_type.h +22 -20
  1561. data/src/core/lib/surface/completion_queue.cc +182 -194
  1562. data/src/core/lib/surface/completion_queue.h +36 -36
  1563. data/src/core/lib/surface/completion_queue_factory.cc +28 -28
  1564. data/src/core/lib/surface/completion_queue_factory.h +22 -22
  1565. data/src/core/lib/surface/event_string.cc +18 -17
  1566. data/src/core/lib/surface/event_string.h +22 -22
  1567. data/src/core/lib/surface/init.cc +30 -59
  1568. data/src/core/lib/surface/init.h +20 -20
  1569. data/src/core/lib/surface/init_internally.cc +1 -0
  1570. data/src/core/lib/surface/init_internally.h +12 -3
  1571. data/src/core/lib/surface/lame_client.cc +31 -26
  1572. data/src/core/lib/surface/lame_client.h +21 -21
  1573. data/src/core/lib/surface/metadata_array.cc +17 -18
  1574. data/src/core/lib/surface/server.cc +363 -111
  1575. data/src/core/lib/surface/server.h +10 -9
  1576. data/src/core/lib/surface/validate_metadata.cc +60 -60
  1577. data/src/core/lib/surface/validate_metadata.h +30 -21
  1578. data/src/core/lib/surface/version.cc +21 -21
  1579. data/src/core/lib/transport/batch_builder.cc +182 -0
  1580. data/src/core/lib/transport/batch_builder.h +480 -0
  1581. data/src/core/lib/transport/bdp_estimator.cc +24 -24
  1582. data/src/core/lib/transport/bdp_estimator.h +31 -28
  1583. data/src/core/lib/transport/connectivity_state.cc +19 -19
  1584. data/src/core/lib/transport/connectivity_state.h +22 -22
  1585. data/src/core/lib/transport/custom_metadata.h +30 -0
  1586. data/src/core/lib/transport/error_utils.cc +51 -45
  1587. data/src/core/lib/transport/error_utils.h +24 -24
  1588. data/src/core/lib/transport/handshaker.cc +60 -46
  1589. data/src/core/lib/transport/handshaker.h +47 -42
  1590. data/src/core/lib/transport/handshaker_factory.h +47 -21
  1591. data/src/core/lib/transport/handshaker_registry.cc +25 -19
  1592. data/src/core/lib/transport/handshaker_registry.h +23 -24
  1593. data/src/core/lib/transport/http2_errors.h +22 -22
  1594. data/src/core/lib/transport/http_connect_handshaker.cc +40 -41
  1595. data/src/core/lib/transport/http_connect_handshaker.h +21 -21
  1596. data/src/core/lib/transport/metadata_batch.cc +24 -7
  1597. data/src/core/lib/transport/metadata_batch.h +193 -53
  1598. data/src/core/lib/transport/metadata_compression_traits.h +67 -0
  1599. data/src/core/lib/transport/parsed_metadata.cc +2 -6
  1600. data/src/core/lib/transport/parsed_metadata.h +23 -12
  1601. data/src/core/lib/transport/pid_controller.cc +20 -20
  1602. data/src/core/lib/transport/pid_controller.h +27 -27
  1603. data/src/core/lib/transport/simple_slice_based_metadata.h +48 -0
  1604. data/src/core/lib/transport/status_conversion.cc +22 -22
  1605. data/src/core/lib/transport/status_conversion.h +22 -22
  1606. data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -21
  1607. data/src/core/lib/transport/tcp_connect_handshaker.h +3 -3
  1608. data/src/core/lib/transport/timeout_encoding.cc +28 -23
  1609. data/src/core/lib/transport/timeout_encoding.h +20 -20
  1610. data/src/core/lib/transport/transport.cc +113 -43
  1611. data/src/core/lib/transport/transport.h +275 -210
  1612. data/src/core/lib/transport/transport_fwd.h +3 -3
  1613. data/src/core/lib/transport/transport_impl.h +53 -46
  1614. data/src/core/lib/transport/transport_op_string.cc +75 -63
  1615. data/src/core/lib/uri/uri_parser.cc +1 -1
  1616. data/src/core/lib/uri/uri_parser.h +3 -3
  1617. data/src/core/plugin_registry/grpc_plugin_registry.cc +34 -35
  1618. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +9 -14
  1619. data/src/core/tsi/alts/crypt/aes_gcm.cc +20 -20
  1620. data/src/core/tsi/alts/crypt/gsec.cc +26 -26
  1621. data/src/core/tsi/alts/crypt/gsec.h +336 -336
  1622. data/src/core/tsi/alts/frame_protector/alts_counter.cc +23 -23
  1623. data/src/core/tsi/alts/frame_protector/alts_counter.h +68 -68
  1624. data/src/core/tsi/alts/frame_protector/alts_crypter.cc +19 -19
  1625. data/src/core/tsi/alts/frame_protector/alts_crypter.h +209 -209
  1626. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +73 -71
  1627. data/src/core/tsi/alts/frame_protector/alts_frame_protector.h +40 -40
  1628. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.cc +18 -18
  1629. data/src/core/tsi/alts/frame_protector/alts_record_protocol_crypter_common.h +82 -83
  1630. data/src/core/tsi/alts/frame_protector/alts_seal_privacy_integrity_crypter.cc +22 -22
  1631. data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +22 -22
  1632. data/src/core/tsi/alts/frame_protector/frame_handler.cc +26 -25
  1633. data/src/core/tsi/alts/frame_protector/frame_handler.h +169 -169
  1634. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +98 -80
  1635. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +107 -102
  1636. data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +18 -17
  1637. data/src/core/tsi/alts/handshaker/alts_shared_resource.h +43 -44
  1638. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +38 -37
  1639. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +60 -60
  1640. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +23 -23
  1641. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +21 -20
  1642. data/src/core/tsi/alts/handshaker/alts_tsi_utils.h +38 -38
  1643. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +19 -19
  1644. data/src/core/tsi/alts/handshaker/transport_security_common_api.h +105 -104
  1645. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +45 -44
  1646. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.h +40 -41
  1647. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +38 -36
  1648. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.h +35 -36
  1649. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol.h +67 -68
  1650. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +32 -31
  1651. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.h +55 -56
  1652. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.cc +54 -53
  1653. data/src/core/tsi/alts/zero_copy_frame_protector/alts_iovec_record_protocol.h +141 -142
  1654. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +58 -57
  1655. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +43 -44
  1656. data/src/core/tsi/fake_transport_security.cc +80 -79
  1657. data/src/core/tsi/fake_transport_security.h +33 -33
  1658. data/src/core/tsi/local_transport_security.cc +34 -33
  1659. data/src/core/tsi/local_transport_security.h +33 -33
  1660. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +9 -4
  1661. data/src/core/tsi/ssl/key_logging/ssl_key_logging.h +3 -3
  1662. data/src/core/tsi/ssl/session_cache/ssl_session.h +21 -21
  1663. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +19 -19
  1664. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +18 -17
  1665. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +22 -22
  1666. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +25 -20
  1667. data/src/core/tsi/ssl_transport_security.cc +256 -349
  1668. data/src/core/tsi/ssl_transport_security.h +206 -203
  1669. data/src/core/tsi/ssl_transport_security_utils.cc +250 -0
  1670. data/src/core/tsi/ssl_transport_security_utils.h +147 -0
  1671. data/src/core/tsi/ssl_types.h +27 -27
  1672. data/src/core/tsi/transport_security.cc +26 -26
  1673. data/src/core/tsi/transport_security.h +47 -47
  1674. data/src/core/tsi/transport_security_grpc.cc +20 -20
  1675. data/src/core/tsi/transport_security_grpc.h +41 -41
  1676. data/src/core/tsi/transport_security_interface.h +333 -333
  1677. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.clang +2 -0
  1678. data/src/ruby/ext/grpc/ext-export-with-ruby-abi-version.gcc +7 -0
  1679. data/src/ruby/ext/grpc/ext-export.clang +0 -1
  1680. data/src/ruby/ext/grpc/ext-export.gcc +1 -2
  1681. data/src/ruby/ext/grpc/extconf.rb +55 -11
  1682. data/src/ruby/ext/grpc/rb_call.c +1 -0
  1683. data/src/ruby/ext/grpc/rb_channel.c +1 -0
  1684. data/src/ruby/ext/grpc/rb_channel_args.c +1 -0
  1685. data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
  1686. data/src/ruby/ext/grpc/rb_grpc.c +1 -0
  1687. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +38 -38
  1688. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +59 -59
  1689. data/src/ruby/lib/grpc/generic/bidi_call.rb +2 -0
  1690. data/src/ruby/lib/grpc/version.rb +1 -1
  1691. data/src/ruby/pb/generate_proto_ruby.sh +0 -6
  1692. data/src/ruby/spec/channel_spec.rb +0 -43
  1693. data/src/ruby/spec/client_server_spec.rb +20 -8
  1694. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  1695. data/third_party/abseil-cpp/absl/algorithm/container.h +56 -57
  1696. data/third_party/abseil-cpp/absl/base/attributes.h +39 -19
  1697. data/third_party/abseil-cpp/absl/base/config.h +45 -4
  1698. data/third_party/abseil-cpp/absl/base/internal/cycleclock.h +3 -18
  1699. data/third_party/abseil-cpp/absl/base/internal/cycleclock_config.h +55 -0
  1700. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +2 -1
  1701. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +3 -3
  1702. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +2 -2
  1703. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +1 -1
  1704. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +10 -6
  1705. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +23 -24
  1706. data/third_party/abseil-cpp/absl/base/internal/spinlock.cc +3 -3
  1707. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +2 -6
  1708. data/third_party/abseil-cpp/absl/base/internal/spinlock_win32.inc +4 -1
  1709. data/third_party/abseil-cpp/absl/base/internal/strerror.cc +4 -4
  1710. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +14 -10
  1711. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +9 -0
  1712. data/third_party/abseil-cpp/absl/base/internal/thread_identity.h +4 -0
  1713. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock.h +3 -40
  1714. data/third_party/abseil-cpp/absl/base/internal/unscaledcycleclock_config.h +62 -0
  1715. data/third_party/abseil-cpp/absl/base/macros.h +4 -21
  1716. data/third_party/abseil-cpp/absl/base/optimization.h +58 -6
  1717. data/third_party/abseil-cpp/absl/base/options.h +1 -7
  1718. data/third_party/abseil-cpp/absl/base/policy_checks.h +15 -13
  1719. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
  1720. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
  1721. data/third_party/abseil-cpp/absl/container/fixed_array.h +7 -5
  1722. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -7
  1723. data/third_party/abseil-cpp/absl/container/inlined_vector.h +66 -18
  1724. data/third_party/abseil-cpp/absl/container/internal/common.h +3 -3
  1725. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +132 -0
  1726. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -1
  1727. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +4 -55
  1728. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +50 -5
  1729. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +14 -46
  1730. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +110 -32
  1731. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +155 -4
  1732. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +661 -341
  1733. data/third_party/abseil-cpp/absl/crc/crc32c.cc +99 -0
  1734. data/third_party/abseil-cpp/absl/crc/crc32c.h +183 -0
  1735. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +256 -0
  1736. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +57 -0
  1737. data/third_party/abseil-cpp/absl/crc/internal/crc.cc +468 -0
  1738. data/third_party/abseil-cpp/absl/crc/internal/crc.h +91 -0
  1739. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +269 -0
  1740. data/third_party/abseil-cpp/absl/crc/internal/crc32c.h +39 -0
  1741. data/third_party/abseil-cpp/absl/crc/internal/crc32c_inline.h +72 -0
  1742. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.cc +130 -0
  1743. data/third_party/abseil-cpp/absl/crc/internal/crc_cord_state.h +159 -0
  1744. data/third_party/abseil-cpp/absl/crc/internal/crc_internal.h +179 -0
  1745. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +119 -0
  1746. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +75 -0
  1747. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_x86_64.cc +434 -0
  1748. data/third_party/abseil-cpp/absl/crc/internal/crc_non_temporal_memcpy.cc +93 -0
  1749. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +725 -0
  1750. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_arm_intrinsics.h +79 -0
  1751. data/third_party/abseil-cpp/absl/crc/internal/non_temporal_memcpy.h +180 -0
  1752. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +1 -1
  1753. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +67 -38
  1754. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +1 -1
  1755. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +12 -13
  1756. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +11 -9
  1757. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +1 -1
  1758. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_riscv-inl.inc +40 -85
  1759. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +5 -4
  1760. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +33 -8
  1761. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +3 -2
  1762. data/third_party/abseil-cpp/absl/debugging/symbolize_darwin.inc +3 -2
  1763. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +118 -94
  1764. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +7 -6
  1765. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  1766. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  1767. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  1768. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  1769. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  1770. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  1771. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc +26 -0
  1772. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  1773. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  1774. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  1775. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  1776. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  1777. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  1778. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  1779. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  1780. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  1781. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  1782. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  1783. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  1784. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  1785. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  1786. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  1787. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  1788. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  1789. data/third_party/abseil-cpp/absl/functional/any_invocable.h +5 -2
  1790. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +47 -26
  1791. data/third_party/abseil-cpp/absl/hash/internal/city.cc +10 -10
  1792. data/third_party/abseil-cpp/absl/hash/internal/hash.h +18 -4
  1793. data/third_party/abseil-cpp/absl/hash/internal/low_level_hash.cc +3 -14
  1794. data/third_party/abseil-cpp/absl/memory/memory.h +26 -447
  1795. data/third_party/abseil-cpp/absl/meta/type_traits.h +104 -12
  1796. data/third_party/abseil-cpp/absl/numeric/bits.h +2 -3
  1797. data/third_party/abseil-cpp/absl/numeric/int128.cc +10 -8
  1798. data/third_party/abseil-cpp/absl/profiling/internal/sample_recorder.h +14 -6
  1799. data/third_party/abseil-cpp/absl/random/internal/fast_uniform_bits.h +2 -1
  1800. data/third_party/abseil-cpp/absl/random/internal/nonsecure_base.h +1 -1
  1801. data/third_party/abseil-cpp/absl/random/internal/pcg_engine.h +2 -23
  1802. data/third_party/abseil-cpp/absl/random/internal/pool_urbg.cc +9 -9
  1803. data/third_party/abseil-cpp/absl/random/internal/seed_material.cc +2 -2
  1804. data/third_party/abseil-cpp/absl/random/random.h +6 -6
  1805. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +1 -0
  1806. data/third_party/abseil-cpp/absl/status/status.cc +19 -12
  1807. data/third_party/abseil-cpp/absl/status/status.h +2 -2
  1808. data/third_party/abseil-cpp/absl/strings/ascii.cc +5 -5
  1809. data/third_party/abseil-cpp/absl/strings/charconv.cc +534 -96
  1810. data/third_party/abseil-cpp/absl/strings/cord.cc +92 -40
  1811. data/third_party/abseil-cpp/absl/strings/cord.h +71 -80
  1812. data/third_party/abseil-cpp/absl/strings/cord_buffer.h +8 -5
  1813. data/third_party/abseil-cpp/absl/strings/escaping.cc +73 -62
  1814. data/third_party/abseil-cpp/absl/strings/escaping.h +24 -19
  1815. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +14 -12
  1816. data/third_party/abseil-cpp/absl/strings/internal/charconv_bigint.cc +4 -4
  1817. data/third_party/abseil-cpp/absl/strings/internal/charconv_parse.cc +2 -2
  1818. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +330 -70
  1819. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.cc +8 -4
  1820. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h +26 -14
  1821. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree_navigator.cc +5 -5
  1822. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.cc +9 -7
  1823. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_crc.h +5 -4
  1824. data/third_party/abseil-cpp/absl/strings/internal/cordz_functions.h +7 -15
  1825. data/third_party/abseil-cpp/absl/strings/internal/cordz_handle.h +3 -3
  1826. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +8 -5
  1827. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.h +7 -7
  1828. data/third_party/abseil-cpp/absl/strings/internal/cordz_statistics.h +4 -4
  1829. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.cc +93 -0
  1830. data/third_party/abseil-cpp/absl/strings/internal/damerau_levenshtein_distance.h +34 -0
  1831. data/third_party/abseil-cpp/absl/strings/internal/escaping.cc +12 -10
  1832. data/third_party/abseil-cpp/absl/strings/internal/escaping.h +7 -9
  1833. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +55 -0
  1834. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +9 -6
  1835. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.cc +14 -7
  1836. data/third_party/abseil-cpp/absl/strings/internal/ostringstream.h +35 -10
  1837. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +113 -46
  1838. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +126 -29
  1839. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +3 -2
  1840. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +4 -3
  1841. data/third_party/abseil-cpp/absl/strings/internal/str_format/checker.h +49 -287
  1842. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +351 -0
  1843. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.cc +2 -1
  1844. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +4 -2
  1845. data/third_party/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc +215 -181
  1846. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.cc +10 -209
  1847. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +10 -101
  1848. data/third_party/abseil-cpp/absl/strings/internal/str_split_internal.h +2 -1
  1849. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.cc +28 -0
  1850. data/third_party/abseil-cpp/absl/strings/internal/stringify_sink.h +57 -0
  1851. data/third_party/abseil-cpp/absl/strings/numbers.cc +34 -31
  1852. data/third_party/abseil-cpp/absl/strings/str_cat.cc +9 -6
  1853. data/third_party/abseil-cpp/absl/strings/str_cat.h +50 -3
  1854. data/third_party/abseil-cpp/absl/strings/str_format.h +71 -9
  1855. data/third_party/abseil-cpp/absl/strings/string_view.cc +6 -6
  1856. data/third_party/abseil-cpp/absl/strings/string_view.h +3 -10
  1857. data/third_party/abseil-cpp/absl/strings/substitute.cc +8 -6
  1858. data/third_party/abseil-cpp/absl/strings/substitute.h +46 -20
  1859. data/third_party/abseil-cpp/absl/synchronization/internal/futex.h +20 -17
  1860. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +37 -31
  1861. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +22 -8
  1862. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +104 -55
  1863. data/third_party/abseil-cpp/absl/synchronization/mutex.h +85 -46
  1864. data/third_party/abseil-cpp/absl/synchronization/notification.cc +0 -1
  1865. data/third_party/abseil-cpp/absl/synchronization/notification.h +0 -1
  1866. data/third_party/abseil-cpp/absl/time/civil_time.cc +26 -0
  1867. data/third_party/abseil-cpp/absl/time/civil_time.h +25 -0
  1868. data/third_party/abseil-cpp/absl/time/clock.cc +17 -11
  1869. data/third_party/abseil-cpp/absl/time/duration.cc +7 -7
  1870. data/third_party/abseil-cpp/absl/time/format.cc +2 -1
  1871. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  1872. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +26 -5
  1873. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_lookup.cc +7 -6
  1874. data/third_party/abseil-cpp/absl/time/internal/cctz/src/zone_info_source.cc +36 -35
  1875. data/third_party/abseil-cpp/absl/time/time.cc +2 -2
  1876. data/third_party/abseil-cpp/absl/time/time.h +253 -158
  1877. data/third_party/abseil-cpp/absl/types/internal/span.h +30 -19
  1878. data/third_party/abseil-cpp/absl/types/internal/variant.h +28 -40
  1879. data/third_party/abseil-cpp/absl/types/span.h +29 -7
  1880. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  1881. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  1882. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  1883. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  1884. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  1885. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  1886. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  1887. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  1888. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +177 -196
  1889. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  1890. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  1891. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  1892. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  1893. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  1894. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  1895. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  1896. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  1897. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  1898. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  1899. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  1900. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  1901. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +135 -90
  1902. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  1903. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +797 -793
  1904. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +529 -526
  1905. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  1906. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  1907. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  1908. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  1909. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  1910. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +17 -11
  1911. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +37 -51
  1912. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  1913. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +13 -9
  1914. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +22 -19
  1915. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +5 -5
  1916. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  1917. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  1918. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  1919. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +40 -27
  1920. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  1921. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  1922. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  1923. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  1924. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  1925. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  1926. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  1927. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  1928. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  1929. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  1930. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  1931. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  1932. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  1933. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  1934. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  1935. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  1936. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +34 -37
  1937. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +22 -11
  1938. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  1939. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  1940. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  1941. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  1942. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  1943. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  1944. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  1945. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  1946. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  1947. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  1948. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  1949. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  1950. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  1951. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  1952. data/third_party/boringssl-with-bazel/src/crypto/{cpu-ppc64le.c → cpu_arm_openbsd.c} +10 -17
  1953. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  1954. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  1955. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +22 -31
  1956. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  1957. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  1958. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  1959. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  1960. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  1961. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  1962. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  1963. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  1964. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +43 -16
  1965. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  1966. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  1967. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  1968. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +229 -102
  1969. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +31 -7
  1970. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  1971. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  1972. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  1973. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  1974. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  1975. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  1976. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  1977. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  1978. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  1979. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  1980. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  1981. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  1982. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  1983. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +6 -6
  1984. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  1985. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  1986. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  1987. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  1988. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  1989. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  1990. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  1991. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  1992. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  1993. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  1994. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  1995. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  1996. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +36 -27
  1997. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  1998. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  1999. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  2000. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  2001. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  2002. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  2003. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  2004. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  2005. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  2006. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  2007. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  2008. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  2009. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  2010. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  2011. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  2012. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  2013. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  2014. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  2015. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  2016. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  2017. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  2018. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  2019. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  2020. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  2021. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  2022. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  2023. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  2024. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +24 -6
  2025. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  2026. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  2027. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  2028. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +49 -49
  2029. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +92 -18
  2030. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +12 -12
  2031. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +108 -86
  2032. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +55 -25
  2033. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +55 -71
  2034. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  2035. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +72 -65
  2036. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  2037. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +62 -51
  2038. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  2039. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  2040. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +12 -17
  2041. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +25 -26
  2042. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -14
  2043. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +9 -1
  2044. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +44 -16
  2045. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  2046. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  2047. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  2048. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -23
  2049. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  2050. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +3 -8
  2051. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +170 -160
  2052. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  2053. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +69 -61
  2054. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -12
  2055. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  2056. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  2057. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  2058. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  2059. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  2060. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  2061. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  2062. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +22 -68
  2063. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  2064. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +43 -16
  2065. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +42 -314
  2066. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +244 -139
  2067. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +144 -205
  2068. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  2069. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +593 -421
  2070. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  2071. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  2072. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  2073. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  2074. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  2075. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  2076. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  2077. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +52 -6
  2078. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +192 -18
  2079. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  2080. data/third_party/boringssl-with-bazel/src/crypto/internal.h +391 -18
  2081. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +91 -0
  2082. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +204 -0
  2083. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +833 -0
  2084. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  2085. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  2086. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  2087. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +9 -4
  2088. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  2089. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  2090. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +633 -613
  2091. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  2092. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  2093. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  2094. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  2095. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  2096. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  2097. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  2098. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  2099. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  2100. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  2101. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  2102. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  2103. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  2104. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  2105. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  2106. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +6 -17
  2107. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  2108. data/third_party/boringssl-with-bazel/src/crypto/{asn1/a_print.c → rsa_extra/internal.h} +15 -21
  2109. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  2110. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  2111. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  2112. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  2113. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  2114. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +128 -34
  2115. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +418 -133
  2116. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +116 -284
  2117. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +701 -87
  2118. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  2119. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +63 -55
  2120. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  2121. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  2122. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  2123. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +285 -331
  2124. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  2125. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  2126. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +68 -50
  2127. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +132 -151
  2128. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +790 -0
  2129. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  2130. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  2131. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  2132. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +220 -254
  2133. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  2134. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  2135. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +136 -270
  2136. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  2137. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  2138. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  2139. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  2140. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +528 -616
  2141. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  2142. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +164 -181
  2143. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  2144. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +186 -203
  2145. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  2146. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  2147. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1864 -2050
  2148. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +380 -480
  2149. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  2150. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +266 -265
  2151. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  2152. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  2153. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  2154. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  2155. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  2156. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +329 -416
  2157. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  2158. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  2159. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  2160. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  2161. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  2162. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  2163. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  2164. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  2165. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  2166. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  2167. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  2168. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  2169. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +79 -171
  2170. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  2171. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  2172. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  2173. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  2174. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  2175. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +294 -344
  2176. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +342 -365
  2177. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  2178. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  2179. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  2180. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  2181. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  2182. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +120 -125
  2183. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  2184. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +228 -265
  2185. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  2186. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  2187. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  2188. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  2189. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +130 -135
  2190. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +652 -691
  2191. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +90 -75
  2192. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1063 -1145
  2193. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -11
  2194. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  2195. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +217 -191
  2196. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  2197. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +50 -14
  2198. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +29 -14
  2199. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  2200. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  2201. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  2202. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  2203. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  2204. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  2205. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  2206. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  2207. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  2208. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  2209. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  2210. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  2211. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  2212. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  2213. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  2214. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -33
  2215. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  2216. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  2217. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +69 -16
  2218. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  2219. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +128 -0
  2220. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  2221. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +7 -3
  2222. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +8 -1
  2223. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  2224. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -18
  2225. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  2226. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  2227. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +98 -5
  2228. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  2229. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -21
  2230. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +285 -92
  2231. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  2232. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +381 -287
  2233. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +9 -6
  2234. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  2235. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +22 -7
  2236. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +57 -23
  2237. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  2238. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2075 -1407
  2239. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +242 -214
  2240. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  2241. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  2242. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  2243. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  2244. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  2245. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +45 -26
  2246. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +64 -35
  2247. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  2248. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  2249. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +53 -34
  2250. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  2251. data/third_party/boringssl-with-bazel/src/ssl/internal.h +200 -121
  2252. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -12
  2253. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  2254. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  2255. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  2256. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +47 -69
  2257. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  2258. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  2259. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +217 -226
  2260. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +78 -101
  2261. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +106 -142
  2262. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +244 -35
  2263. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +167 -64
  2264. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +41 -32
  2265. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  2266. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  2267. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  2268. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +7 -44
  2269. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  2270. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +7 -23
  2271. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +25 -34
  2272. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  2273. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  2274. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  2275. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  2276. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  2277. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  2278. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  2279. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  2280. data/third_party/cares/cares/include/ares.h +23 -1
  2281. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  2282. data/third_party/cares/cares/include/ares_rules.h +2 -2
  2283. data/third_party/cares/cares/include/ares_version.h +3 -3
  2284. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  2285. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  2286. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  2287. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  2288. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  2289. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  2290. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  2291. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  2292. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  2293. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  2294. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  2295. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  2296. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  2297. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  2298. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  2299. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  2300. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  2301. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  2302. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  2303. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  2304. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  2305. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  2306. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  2307. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  2308. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  2309. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  2310. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  2311. data/third_party/re2/re2/bitstate.cc +3 -3
  2312. data/third_party/re2/re2/dfa.cc +13 -13
  2313. data/third_party/re2/re2/nfa.cc +4 -4
  2314. data/third_party/re2/re2/onepass.cc +2 -2
  2315. data/third_party/re2/re2/prefilter_tree.cc +27 -59
  2316. data/third_party/re2/re2/prefilter_tree.h +3 -2
  2317. data/third_party/re2/re2/prog.cc +11 -2
  2318. data/third_party/re2/re2/prog.h +17 -5
  2319. data/third_party/re2/re2/re2.cc +6 -11
  2320. data/third_party/re2/re2/re2.h +1 -1
  2321. data/third_party/re2/re2/regexp.cc +1 -2
  2322. data/third_party/re2/re2/stringpiece.h +10 -7
  2323. data/third_party/re2/re2/unicode_casefold.cc +25 -11
  2324. data/third_party/re2/re2/unicode_groups.cc +319 -151
  2325. data/third_party/re2/re2/walker-inl.h +3 -2
  2326. data/third_party/re2/util/mutex.h +4 -4
  2327. data/third_party/upb/upb/{table_internal.h → alloc.h} +6 -6
  2328. data/third_party/upb/upb/arena.h +4 -193
  2329. data/third_party/upb/upb/array.h +4 -51
  2330. data/third_party/upb/upb/base/descriptor_constants.h +104 -0
  2331. data/third_party/upb/upb/base/log2.h +57 -0
  2332. data/third_party/upb/upb/{status.c → base/status.c} +2 -7
  2333. data/third_party/upb/upb/base/status.h +66 -0
  2334. data/third_party/upb/upb/base/string_view.h +75 -0
  2335. data/third_party/upb/upb/{array.c → collections/array.c} +67 -36
  2336. data/third_party/upb/upb/collections/array.h +85 -0
  2337. data/third_party/upb/upb/collections/array_internal.h +135 -0
  2338. data/third_party/upb/upb/{map.c → collections/map.c} +53 -26
  2339. data/third_party/upb/upb/collections/map.h +135 -0
  2340. data/third_party/upb/upb/collections/map_gencode_util.h +78 -0
  2341. data/third_party/upb/upb/collections/map_internal.h +170 -0
  2342. data/third_party/upb/upb/collections/map_sorter.c +166 -0
  2343. data/third_party/upb/upb/collections/map_sorter_internal.h +109 -0
  2344. data/third_party/upb/upb/{message_value.h → collections/message_value.h} +12 -13
  2345. data/third_party/upb/upb/decode.h +3 -62
  2346. data/third_party/upb/upb/def.h +4 -384
  2347. data/third_party/upb/upb/def.hpp +3 -411
  2348. data/third_party/upb/upb/encode.h +3 -48
  2349. data/third_party/upb/upb/extension_registry.h +3 -52
  2350. data/third_party/upb/upb/{table.c → hash/common.c} +52 -110
  2351. data/third_party/upb/upb/hash/common.h +199 -0
  2352. data/third_party/upb/upb/hash/int_table.h +102 -0
  2353. data/third_party/upb/upb/hash/str_table.h +161 -0
  2354. data/third_party/upb/upb/{json_decode.c → json/decode.c} +63 -98
  2355. data/third_party/upb/upb/json/decode.h +52 -0
  2356. data/third_party/upb/upb/{json_encode.c → json/encode.c} +69 -45
  2357. data/third_party/upb/upb/json/encode.h +70 -0
  2358. data/third_party/upb/upb/json_decode.h +4 -15
  2359. data/third_party/upb/upb/json_encode.h +4 -33
  2360. data/third_party/upb/upb/lex/atoi.c +68 -0
  2361. data/third_party/upb/upb/lex/atoi.h +53 -0
  2362. data/third_party/upb/upb/{upb.c → lex/round_trip.c} +2 -11
  2363. data/third_party/upb/upb/{internal/upb.h → lex/round_trip.h} +17 -30
  2364. data/third_party/upb/upb/lex/strtod.c +97 -0
  2365. data/third_party/upb/upb/lex/strtod.h +46 -0
  2366. data/third_party/upb/upb/lex/unicode.c +57 -0
  2367. data/third_party/upb/upb/lex/unicode.h +77 -0
  2368. data/third_party/upb/upb/map.h +4 -85
  2369. data/third_party/upb/upb/mem/alloc.c +47 -0
  2370. data/third_party/upb/upb/mem/alloc.h +98 -0
  2371. data/third_party/upb/upb/mem/arena.c +367 -0
  2372. data/third_party/upb/upb/mem/arena.h +160 -0
  2373. data/third_party/upb/upb/mem/arena_internal.h +114 -0
  2374. data/third_party/upb/upb/message/accessors.c +68 -0
  2375. data/third_party/upb/upb/message/accessors.h +379 -0
  2376. data/third_party/upb/upb/message/accessors_internal.h +325 -0
  2377. data/third_party/upb/upb/message/extension_internal.h +83 -0
  2378. data/third_party/upb/upb/message/internal.h +135 -0
  2379. data/third_party/upb/upb/message/message.c +180 -0
  2380. data/third_party/upb/upb/message/message.h +69 -0
  2381. data/third_party/upb/upb/mini_table/common.c +128 -0
  2382. data/third_party/upb/upb/mini_table/common.h +170 -0
  2383. data/third_party/upb/upb/mini_table/common_internal.h +111 -0
  2384. data/third_party/upb/upb/{mini_table.c → mini_table/decode.c} +513 -533
  2385. data/third_party/upb/upb/mini_table/decode.h +179 -0
  2386. data/third_party/upb/upb/mini_table/encode.c +300 -0
  2387. data/third_party/upb/upb/mini_table/encode_internal.h +111 -0
  2388. data/third_party/upb/upb/{mini_table.hpp → mini_table/encode_internal.hpp} +32 -8
  2389. data/third_party/upb/upb/mini_table/enum_internal.h +88 -0
  2390. data/third_party/upb/upb/mini_table/extension_internal.h +47 -0
  2391. data/third_party/upb/upb/{extension_registry.c → mini_table/extension_registry.c} +27 -24
  2392. data/third_party/upb/upb/mini_table/extension_registry.h +104 -0
  2393. data/third_party/upb/upb/mini_table/field_internal.h +192 -0
  2394. data/third_party/upb/upb/mini_table/file_internal.h +47 -0
  2395. data/third_party/upb/upb/mini_table/message_internal.h +136 -0
  2396. data/third_party/upb/upb/mini_table/sub_internal.h +38 -0
  2397. data/third_party/upb/upb/mini_table/types.h +40 -0
  2398. data/third_party/upb/upb/mini_table.h +4 -157
  2399. data/third_party/upb/upb/msg.h +3 -38
  2400. data/third_party/upb/upb/port/atomic.h +101 -0
  2401. data/third_party/upb/upb/{port_def.inc → port/def.inc} +94 -27
  2402. data/third_party/upb/upb/{port_undef.inc → port/undef.inc} +13 -3
  2403. data/third_party/upb/upb/{internal → port}/vsnprintf_compat.h +5 -7
  2404. data/third_party/upb/upb/reflection/common.h +67 -0
  2405. data/third_party/upb/upb/reflection/def.h +42 -0
  2406. data/third_party/upb/upb/reflection/def.hpp +610 -0
  2407. data/third_party/upb/upb/reflection/def_builder.c +357 -0
  2408. data/third_party/upb/upb/reflection/def_builder_internal.h +157 -0
  2409. data/third_party/upb/upb/reflection/def_pool.c +462 -0
  2410. data/third_party/upb/upb/reflection/def_pool.h +108 -0
  2411. data/third_party/upb/upb/reflection/def_pool_internal.h +77 -0
  2412. data/third_party/upb/upb/reflection/def_type.c +50 -0
  2413. data/third_party/upb/upb/reflection/def_type.h +81 -0
  2414. data/third_party/upb/upb/reflection/desc_state.c +53 -0
  2415. data/third_party/upb/upb/reflection/desc_state_internal.h +64 -0
  2416. data/third_party/upb/upb/reflection/enum_def.c +310 -0
  2417. data/third_party/upb/upb/reflection/enum_def.h +80 -0
  2418. data/third_party/upb/upb/reflection/enum_def_internal.h +56 -0
  2419. data/third_party/upb/upb/reflection/enum_reserved_range.c +84 -0
  2420. data/third_party/upb/upb/reflection/enum_reserved_range.h +51 -0
  2421. data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +55 -0
  2422. data/third_party/upb/upb/reflection/enum_value_def.c +144 -0
  2423. data/third_party/upb/upb/reflection/enum_value_def.h +57 -0
  2424. data/third_party/upb/upb/reflection/enum_value_def_internal.h +57 -0
  2425. data/third_party/upb/upb/reflection/extension_range.c +93 -0
  2426. data/third_party/upb/upb/reflection/extension_range.h +55 -0
  2427. data/third_party/upb/upb/reflection/extension_range_internal.h +54 -0
  2428. data/third_party/upb/upb/reflection/field_def.c +930 -0
  2429. data/third_party/upb/upb/reflection/field_def.h +91 -0
  2430. data/third_party/upb/upb/reflection/field_def_internal.h +76 -0
  2431. data/third_party/upb/upb/reflection/file_def.c +370 -0
  2432. data/third_party/upb/upb/reflection/file_def.h +77 -0
  2433. data/third_party/upb/upb/reflection/file_def_internal.h +57 -0
  2434. data/third_party/upb/upb/reflection/message.c +233 -0
  2435. data/third_party/upb/upb/reflection/message.h +102 -0
  2436. data/third_party/upb/upb/reflection/message.hpp +37 -0
  2437. data/third_party/upb/upb/reflection/message_def.c +718 -0
  2438. data/third_party/upb/upb/reflection/message_def.h +174 -0
  2439. data/third_party/upb/upb/reflection/message_def_internal.h +63 -0
  2440. data/third_party/upb/upb/reflection/message_reserved_range.c +81 -0
  2441. data/third_party/upb/upb/reflection/message_reserved_range.h +51 -0
  2442. data/third_party/upb/upb/reflection/message_reserved_range_internal.h +55 -0
  2443. data/third_party/upb/upb/reflection/method_def.c +124 -0
  2444. data/third_party/upb/upb/reflection/method_def.h +59 -0
  2445. data/third_party/upb/upb/reflection/method_def_internal.h +53 -0
  2446. data/third_party/upb/upb/reflection/oneof_def.c +226 -0
  2447. data/third_party/upb/upb/reflection/oneof_def.h +66 -0
  2448. data/third_party/upb/upb/reflection/oneof_def_internal.h +57 -0
  2449. data/third_party/upb/upb/reflection/service_def.c +128 -0
  2450. data/third_party/upb/upb/reflection/service_def.h +60 -0
  2451. data/third_party/upb/upb/reflection/service_def_internal.h +53 -0
  2452. data/third_party/upb/upb/reflection.h +4 -78
  2453. data/third_party/upb/upb/reflection.hpp +3 -7
  2454. data/third_party/upb/upb/status.h +4 -34
  2455. data/third_party/upb/upb/{collections.h → string_view.h} +7 -7
  2456. data/third_party/upb/upb/{text_encode.c → text/encode.c} +74 -70
  2457. data/third_party/upb/upb/text/encode.h +69 -0
  2458. data/third_party/upb/upb/text_encode.h +4 -32
  2459. data/third_party/upb/upb/upb.h +6 -151
  2460. data/third_party/upb/upb/upb.hpp +10 -18
  2461. data/third_party/upb/upb/wire/common.h +44 -0
  2462. data/third_party/upb/upb/wire/common_internal.h +50 -0
  2463. data/third_party/upb/upb/wire/decode.c +1343 -0
  2464. data/third_party/upb/upb/wire/decode.h +108 -0
  2465. data/third_party/upb/upb/{decode_fast.c → wire/decode_fast.c} +184 -225
  2466. data/third_party/upb/upb/{decode_fast.h → wire/decode_fast.h} +21 -7
  2467. data/third_party/upb/upb/{internal/decode.h → wire/decode_internal.h} +44 -92
  2468. data/third_party/upb/upb/{encode.c → wire/encode.c} +114 -95
  2469. data/third_party/upb/upb/wire/encode.h +92 -0
  2470. data/third_party/upb/upb/wire/eps_copy_input_stream.c +39 -0
  2471. data/third_party/upb/upb/wire/eps_copy_input_stream.h +425 -0
  2472. data/third_party/upb/upb/wire/reader.c +67 -0
  2473. data/third_party/upb/upb/wire/reader.h +227 -0
  2474. data/third_party/upb/upb/wire/swap_internal.h +63 -0
  2475. data/third_party/upb/upb/wire/types.h +41 -0
  2476. data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-neon.c +1 -1
  2477. data/third_party/{upb/third_party/utf8_range → utf8_range}/utf8_range.h +12 -0
  2478. data/third_party/zlib/compress.c +3 -3
  2479. data/third_party/zlib/crc32.c +21 -12
  2480. data/third_party/zlib/deflate.c +112 -106
  2481. data/third_party/zlib/deflate.h +2 -2
  2482. data/third_party/zlib/gzlib.c +1 -1
  2483. data/third_party/zlib/gzread.c +3 -5
  2484. data/third_party/zlib/gzwrite.c +1 -1
  2485. data/third_party/zlib/infback.c +10 -7
  2486. data/third_party/zlib/inflate.c +5 -2
  2487. data/third_party/zlib/inftrees.c +2 -2
  2488. data/third_party/zlib/inftrees.h +1 -1
  2489. data/third_party/zlib/trees.c +61 -62
  2490. data/third_party/zlib/uncompr.c +2 -2
  2491. data/third_party/zlib/zconf.h +16 -3
  2492. data/third_party/zlib/zlib.h +10 -10
  2493. data/third_party/zlib/zutil.c +9 -7
  2494. data/third_party/zlib/zutil.h +1 -0
  2495. metadata +509 -152
  2496. data/include/grpc/impl/codegen/gpr_slice.h +0 -71
  2497. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -176
  2498. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  2499. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.h +0 -30
  2500. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
  2501. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
  2502. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +0 -332
  2503. data/src/core/ext/filters/http/message_compress/message_compress_filter.h +0 -52
  2504. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +0 -322
  2505. data/src/core/ext/filters/server_config_selector/server_config_selector.cc +0 -62
  2506. data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
  2507. data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
  2508. data/src/core/lib/event_engine/socket_notifier.h +0 -55
  2509. data/src/core/lib/event_engine/thread_pool.cc +0 -195
  2510. data/src/core/lib/event_engine/thread_pool.h +0 -114
  2511. data/src/core/lib/gpr/cpu_iphone.cc +0 -44
  2512. data/src/core/lib/gpr/cpu_windows.cc +0 -33
  2513. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  2514. data/src/core/lib/gpr/murmur_hash.h +0 -29
  2515. data/src/core/lib/gpr/string_windows.cc +0 -69
  2516. data/src/core/lib/gpr/tls.h +0 -156
  2517. data/src/core/lib/gprpp/env_posix.cc +0 -47
  2518. data/src/core/lib/gprpp/global_config.h +0 -93
  2519. data/src/core/lib/gprpp/global_config_custom.h +0 -29
  2520. data/src/core/lib/gprpp/global_config_env.cc +0 -139
  2521. data/src/core/lib/gprpp/global_config_env.h +0 -133
  2522. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  2523. data/src/core/lib/promise/call_push_pull.h +0 -148
  2524. data/src/core/lib/promise/intra_activity_waiter.h +0 -49
  2525. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  2526. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -30
  2527. data/src/core/lib/slice/slice_api.cc +0 -39
  2528. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  2529. data/src/core/lib/slice/slice_refcount_base.h +0 -60
  2530. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  2531. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  2532. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  2533. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  2534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  2535. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  2536. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  2537. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  2538. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  2539. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  2540. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  2541. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  2542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  2543. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
  2544. data/third_party/upb/upb/arena.c +0 -277
  2545. data/third_party/upb/upb/decode.c +0 -1221
  2546. data/third_party/upb/upb/def.c +0 -3269
  2547. data/third_party/upb/upb/internal/table.h +0 -385
  2548. data/third_party/upb/upb/msg.c +0 -368
  2549. data/third_party/upb/upb/msg_internal.h +0 -837
  2550. data/third_party/upb/upb/reflection.c +0 -323
  2551. /data/src/ruby/ext/grpc/{ext-export-truffleruby.clang → ext-export-truffleruby-with-ruby-abi-version.clang} +0 -0
  2552. /data/src/ruby/ext/grpc/{ext-export-truffleruby.gcc → ext-export-truffleruby-with-ruby-abi-version.gcc} +0 -0
  2553. /data/third_party/{upb/third_party/utf8_range → utf8_range}/naive.c +0 -0
  2554. /data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-sse.c +0 -0
@@ -60,8 +60,8 @@
60
60
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
61
61
  */
62
62
 
63
- #ifndef HEADER_X509_H
64
- #define HEADER_X509_H
63
+ #ifndef OPENSSL_HEADER_X509_H
64
+ #define OPENSSL_HEADER_X509_H
65
65
 
66
66
  #include <openssl/asn1.h>
67
67
  #include <openssl/base.h>
@@ -90,379 +90,434 @@ extern "C" {
90
90
  // Legacy X.509 library.
91
91
  //
92
92
  // This header is part of OpenSSL's X.509 implementation. It is retained for
93
- // compatibility but otherwise underdocumented and not actively maintained. In
94
- // the future, a replacement library will be available. Meanwhile, minimize
93
+ // compatibility but should not be used by new code. The functions are difficult
94
+ // to use correctly, and have buggy or non-standard behaviors. They are thus
95
+ // particularly prone to behavior changes and API removals, as BoringSSL
96
+ // iterates on these issues.
97
+ //
98
+ // In the future, a replacement library will be available. Meanwhile, minimize
95
99
  // dependencies on this header where possible.
100
+ //
101
+ // TODO(https://crbug.com/boringssl/426): Documentation for this library is
102
+ // still in progress. Some functions have not yet been documented, and some
103
+ // functions have not yet been grouped into sections.
96
104
 
97
105
 
98
- #define X509_FILETYPE_PEM 1
99
- #define X509_FILETYPE_ASN1 2
100
- #define X509_FILETYPE_DEFAULT 3
106
+ // Certificates.
107
+ //
108
+ // An |X509| object represents an X.509 certificate, defined in RFC 5280.
109
+ //
110
+ // Although an |X509| is a mutable object, mutating an |X509| can give incorrect
111
+ // results. Callers typically obtain |X509|s by parsing some input with
112
+ // |d2i_X509|, etc. Such objects carry information such as the serialized
113
+ // TBSCertificate and decoded extensions, which will become inconsistent when
114
+ // mutated.
115
+ //
116
+ // Instead, mutation functions should only be used when issuing new
117
+ // certificates, as described in a later section.
101
118
 
102
- #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
103
- #define X509v3_KU_NON_REPUDIATION 0x0040
104
- #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
105
- #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
106
- #define X509v3_KU_KEY_AGREEMENT 0x0008
107
- #define X509v3_KU_KEY_CERT_SIGN 0x0004
108
- #define X509v3_KU_CRL_SIGN 0x0002
109
- #define X509v3_KU_ENCIPHER_ONLY 0x0001
110
- #define X509v3_KU_DECIPHER_ONLY 0x8000
111
- #define X509v3_KU_UNDEF 0xffff
119
+ DEFINE_STACK_OF(X509)
112
120
 
113
- struct X509_algor_st {
114
- ASN1_OBJECT *algorithm;
115
- ASN1_TYPE *parameter;
116
- } /* X509_ALGOR */;
121
+ // X509 is an |ASN1_ITEM| whose ASN.1 type is X.509 Certificate (RFC 5280) and C
122
+ // type is |X509*|.
123
+ DECLARE_ASN1_ITEM(X509)
117
124
 
118
- DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
125
+ // X509_up_ref adds one to the reference count of |x509| and returns one.
126
+ OPENSSL_EXPORT int X509_up_ref(X509 *x509);
119
127
 
120
- DEFINE_STACK_OF(X509_ALGOR)
128
+ // X509_chain_up_ref returns a newly-allocated |STACK_OF(X509)| containing a
129
+ // shallow copy of |chain|, or NULL on error. That is, the return value has the
130
+ // same contents as |chain|, and each |X509|'s reference count is incremented by
131
+ // one.
132
+ OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
121
133
 
122
- typedef STACK_OF(X509_ALGOR) X509_ALGORS;
134
+ // X509_dup returns a newly-allocated copy of |x509|, or NULL on error. This
135
+ // function works by serializing the structure, so auxiliary properties (see
136
+ // |i2d_X509_AUX|) are not preserved. Additionally, if |x509| is incomplete,
137
+ // this function may fail.
138
+ //
139
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
140
+ // thread-safe but is currently neither in some cases, notably if |crl| was
141
+ // mutated.
142
+ OPENSSL_EXPORT X509 *X509_dup(X509 *x509);
123
143
 
124
- DEFINE_STACK_OF(X509_NAME_ENTRY)
144
+ // X509_free decrements |x509|'s reference count and, if zero, releases memory
145
+ // associated with |x509|.
146
+ OPENSSL_EXPORT void X509_free(X509 *x509);
125
147
 
126
- DEFINE_STACK_OF(X509_NAME)
148
+ // d2i_X509 parses up to |len| bytes from |*inp| as a DER-encoded X.509
149
+ // Certificate (RFC 5280), as described in |d2i_SAMPLE|.
150
+ OPENSSL_EXPORT X509 *d2i_X509(X509 **out, const uint8_t **inp, long len);
127
151
 
128
- typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
152
+ // X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
153
+ // fresh X509 or NULL on error. There must not be any trailing data in |buf|.
154
+ // The returned structure (if any) holds a reference to |buf| rather than
155
+ // copying parts of it as a normal |d2i_X509| call would do.
156
+ OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf);
129
157
 
130
- DEFINE_STACK_OF(X509_EXTENSION)
158
+ // i2d_X509 marshals |x509| as a DER-encoded X.509 Certificate (RFC 5280), as
159
+ // described in |i2d_SAMPLE|.
160
+ //
161
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
162
+ // thread-safe but is currently neither in some cases, notably if |x509| was
163
+ // mutated.
164
+ OPENSSL_EXPORT int i2d_X509(X509 *x509, uint8_t **outp);
131
165
 
132
- DEFINE_STACK_OF(X509_ATTRIBUTE)
166
+ // X509_VERSION_* are X.509 version numbers. Note the numerical values of all
167
+ // defined X.509 versions are one less than the named version.
168
+ #define X509_VERSION_1 0
169
+ #define X509_VERSION_2 1
170
+ #define X509_VERSION_3 2
133
171
 
134
- // This stuff is certificate "auxiliary info"
135
- // it contains details which are useful in certificate
136
- // stores and databases. When used this is tagged onto
137
- // the end of the certificate itself
172
+ // X509_get_version returns the numerical value of |x509|'s version, which will
173
+ // be one of the |X509_VERSION_*| constants.
174
+ OPENSSL_EXPORT long X509_get_version(const X509 *x509);
138
175
 
139
- DECLARE_STACK_OF(DIST_POINT)
140
- DECLARE_STACK_OF(GENERAL_NAME)
176
+ // X509_get0_serialNumber returns |x509|'s serial number.
177
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
141
178
 
142
- DEFINE_STACK_OF(X509)
179
+ // X509_get0_notBefore returns |x509|'s notBefore time.
180
+ OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
143
181
 
144
- // This is used for a table of trust checking functions
182
+ // X509_get0_notAfter returns |x509|'s notAfter time.
183
+ OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
145
184
 
146
- struct x509_trust_st {
147
- int trust;
148
- int flags;
149
- int (*check_trust)(struct x509_trust_st *, X509 *, int);
150
- char *name;
151
- int arg1;
152
- void *arg2;
153
- } /* X509_TRUST */;
185
+ // X509_get_issuer_name returns |x509|'s issuer.
186
+ OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509);
154
187
 
155
- DEFINE_STACK_OF(X509_TRUST)
188
+ // X509_get_subject_name returns |x509|'s subject.
189
+ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
156
190
 
157
- // standard trust ids
191
+ // X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is
192
+ // not const-correct for legacy reasons. Callers should not modify the returned
193
+ // object.
194
+ OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
158
195
 
159
- #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
196
+ // X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
197
+ // public key was unsupported or could not be decoded. This function returns a
198
+ // reference to the |EVP_PKEY|. The caller must release the result with
199
+ // |EVP_PKEY_free| when done.
200
+ OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
160
201
 
161
- #define X509_TRUST_COMPAT 1
162
- #define X509_TRUST_SSL_CLIENT 2
163
- #define X509_TRUST_SSL_SERVER 3
164
- #define X509_TRUST_EMAIL 4
165
- #define X509_TRUST_OBJECT_SIGN 5
166
- #define X509_TRUST_OCSP_SIGN 6
167
- #define X509_TRUST_OCSP_REQUEST 7
168
- #define X509_TRUST_TSA 8
202
+ // X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
203
+ // key. Note this does not contain the AlgorithmIdentifier portion.
204
+ //
205
+ // WARNING: This function returns a non-const pointer for OpenSSL compatibility,
206
+ // but the caller must not modify the resulting object. Doing so will break
207
+ // internal invariants in |x509|.
208
+ OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
169
209
 
170
- // Keep these up to date!
171
- #define X509_TRUST_MIN 1
172
- #define X509_TRUST_MAX 8
210
+ // X509_get0_uids sets |*out_issuer_uid| to a non-owning pointer to the
211
+ // issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
212
+ // outputs |x509|'s subjectUID field to |*out_subject_uid|.
213
+ //
214
+ // Callers may pass NULL to either |out_issuer_uid| or |out_subject_uid| to
215
+ // ignore the corresponding field.
216
+ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
217
+ const ASN1_BIT_STRING **out_issuer_uid,
218
+ const ASN1_BIT_STRING **out_subject_uid);
173
219
 
220
+ // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
221
+ // it.
222
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
223
+ const X509 *x509);
174
224
 
175
- // trust_flags values
176
- #define X509_TRUST_DYNAMIC 1
177
- #define X509_TRUST_DYNAMIC_NAME 2
225
+ // X509_get_ext_count returns the number of extensions in |x|.
226
+ OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
178
227
 
179
- // check_trust return codes
228
+ // X509_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
229
+ // extensions in |x|.
230
+ OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
180
231
 
181
- #define X509_TRUST_TRUSTED 1
182
- #define X509_TRUST_REJECTED 2
183
- #define X509_TRUST_UNTRUSTED 3
232
+ // X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
233
+ // extensions in |x|.
234
+ OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
235
+ int lastpos);
184
236
 
185
- // Flags for X509_print_ex()
237
+ // X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
238
+ // searches for extensions in |x|.
239
+ OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
240
+ int lastpos);
186
241
 
187
- #define X509_FLAG_COMPAT 0
188
- #define X509_FLAG_NO_HEADER 1L
189
- #define X509_FLAG_NO_VERSION (1L << 1)
190
- #define X509_FLAG_NO_SERIAL (1L << 2)
191
- #define X509_FLAG_NO_SIGNAME (1L << 3)
192
- #define X509_FLAG_NO_ISSUER (1L << 4)
193
- #define X509_FLAG_NO_VALIDITY (1L << 5)
194
- #define X509_FLAG_NO_SUBJECT (1L << 6)
195
- #define X509_FLAG_NO_PUBKEY (1L << 7)
196
- #define X509_FLAG_NO_EXTENSIONS (1L << 8)
197
- #define X509_FLAG_NO_SIGDUMP (1L << 9)
198
- #define X509_FLAG_NO_AUX (1L << 10)
199
- #define X509_FLAG_NO_ATTRIBUTES (1L << 11)
200
- #define X509_FLAG_NO_IDS (1L << 12)
242
+ // X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is
243
+ // out of bounds. This function returns a non-const pointer for OpenSSL
244
+ // compatibility, but callers should not mutate the result.
245
+ OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
201
246
 
202
- // Flags specific to X509_NAME_print_ex()
247
+ // X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
248
+ // TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
249
+ //
250
+ // Certificates with mismatched signature algorithms will successfully parse,
251
+ // but they will be rejected when verifying.
252
+ OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x509);
203
253
 
204
- // The field separator information
254
+ // X509_get0_signature sets |*out_sig| and |*out_alg| to the signature and
255
+ // signature algorithm of |x509|, respectively. Either output pointer may be
256
+ // NULL to ignore the value.
257
+ //
258
+ // This function outputs the outer signature algorithm. For the one in the
259
+ // TBSCertificate, see |X509_get0_tbs_sigalg|. Certificates with mismatched
260
+ // signature algorithms will successfully parse, but they will be rejected when
261
+ // verifying.
262
+ OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **out_sig,
263
+ const X509_ALGOR **out_alg,
264
+ const X509 *x509);
205
265
 
206
- #define XN_FLAG_SEP_MASK (0xf << 16)
266
+ // X509_get_signature_nid returns the NID corresponding to |x509|'s signature
267
+ // algorithm, or |NID_undef| if the signature algorithm does not correspond to
268
+ // a known NID.
269
+ OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x509);
207
270
 
208
- #define XN_FLAG_COMPAT 0 // Traditional SSLeay: use old X509_NAME_print
209
- #define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC 2253 ,+
210
- #define XN_FLAG_SEP_CPLUS_SPC (2 << 16) // ,+ spaced: more readable
211
- #define XN_FLAG_SEP_SPLUS_SPC (3 << 16) // ;+ spaced
212
- #define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field
271
+ // i2d_X509_tbs serializes the TBSCertificate portion of |x509|, as described in
272
+ // |i2d_SAMPLE|.
273
+ //
274
+ // This function preserves the original encoding of the TBSCertificate and may
275
+ // not reflect modifications made to |x509|. It may be used to manually verify
276
+ // the signature of an existing certificate. To generate certificates, use
277
+ // |i2d_re_X509_tbs| instead.
278
+ OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
213
279
 
214
- #define XN_FLAG_DN_REV (1 << 20) // Reverse DN order
280
+ // X509_verify checks that |x509| has a valid signature by |pkey|. It returns
281
+ // one if the signature is valid and zero otherwise. Note this function only
282
+ // checks the signature itself and does not perform a full certificate
283
+ // validation.
284
+ OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
215
285
 
216
- // How the field name is shown
217
286
 
218
- #define XN_FLAG_FN_MASK (0x3 << 21)
287
+ // Issuing certificates.
288
+ //
289
+ // An |X509| object may also represent an incomplete certificate. Callers may
290
+ // construct empty |X509| objects, fill in fields individually, and finally sign
291
+ // the result. The following functions may be used for this purpose.
219
292
 
220
- #define XN_FLAG_FN_SN 0 // Object short name
221
- #define XN_FLAG_FN_LN (1 << 21) // Object long name
222
- #define XN_FLAG_FN_OID (2 << 21) // Always use OIDs
223
- #define XN_FLAG_FN_NONE (3 << 21) // No field names
293
+ // X509_new returns a newly-allocated, empty |X509| object, or NULL on error.
294
+ // This produces an incomplete certificate which may be filled in to issue a new
295
+ // certificate.
296
+ OPENSSL_EXPORT X509 *X509_new(void);
224
297
 
225
- #define XN_FLAG_SPC_EQ (1 << 23) // Put spaces round '='
298
+ // X509_set_version sets |x509|'s version to |version|, which should be one of
299
+ // the |X509V_VERSION_*| constants. It returns one on success and zero on error.
300
+ //
301
+ // If unsure, use |X509_VERSION_3|.
302
+ OPENSSL_EXPORT int X509_set_version(X509 *x509, long version);
226
303
 
227
- // This determines if we dump fields we don't recognise:
228
- // RFC 2253 requires this.
304
+ // X509_set_serialNumber sets |x509|'s serial number to |serial|. It returns one
305
+ // on success and zero on error.
306
+ OPENSSL_EXPORT int X509_set_serialNumber(X509 *x509,
307
+ const ASN1_INTEGER *serial);
229
308
 
230
- #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
309
+ // X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
310
+ // success and zero on error.
311
+ OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
231
312
 
232
- #define XN_FLAG_FN_ALIGN (1 << 25) // Align field names to 20 characters
313
+ // X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
314
+ // success and zero on error.
315
+ OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
233
316
 
234
- // Complete set of RFC 2253 flags
317
+ // X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time.
318
+ OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509);
235
319
 
236
- #define XN_FLAG_RFC2253 \
237
- (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \
238
- XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS)
320
+ // X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time.
321
+ OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
239
322
 
240
- // readable oneline form
323
+ // X509_set_issuer_name sets |x509|'s issuer to a copy of |name|. It returns one
324
+ // on success and zero on error.
325
+ OPENSSL_EXPORT int X509_set_issuer_name(X509 *x509, X509_NAME *name);
241
326
 
242
- #define XN_FLAG_ONELINE \
243
- (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \
244
- XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
327
+ // X509_set_subject_name sets |x509|'s subject to a copy of |name|. It returns
328
+ // one on success and zero on error.
329
+ OPENSSL_EXPORT int X509_set_subject_name(X509 *x509, X509_NAME *name);
245
330
 
246
- // readable multiline form
331
+ // X509_set_pubkey sets |x509|'s public key to |pkey|. It returns one on success
332
+ // and zero on error. This function does not take ownership of |pkey| and
333
+ // internally copies and updates reference counts as needed.
334
+ OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey);
247
335
 
248
- #define XN_FLAG_MULTILINE \
249
- (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | \
250
- XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN)
336
+ // X509_delete_ext removes the extension in |x| at index |loc| and returns the
337
+ // removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
338
+ // caller must release the result with |X509_EXTENSION_free|.
339
+ OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
251
340
 
252
- struct x509_revoked_st {
253
- ASN1_INTEGER *serialNumber;
254
- ASN1_TIME *revocationDate;
255
- STACK_OF(X509_EXTENSION) /* optional */ *extensions;
256
- // Set up if indirect CRL
257
- STACK_OF(GENERAL_NAME) *issuer;
258
- // Revocation reason
259
- int reason;
260
- int sequence; // load sequence
261
- };
341
+ // X509_add_ext adds a copy of |ex| to |x|. It returns one on success and zero
342
+ // on failure. The caller retains ownership of |ex| and can release it
343
+ // independently of |x|.
344
+ //
345
+ // The new extension is inserted at index |loc|, shifting extensions to the
346
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
347
+ // list.
348
+ OPENSSL_EXPORT int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
262
349
 
263
- DEFINE_STACK_OF(X509_REVOKED)
350
+ // X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
351
+ // signature fields. It returns the length of the signature on success and zero
352
+ // on error. This function uses digest algorithm |md|, or |pkey|'s default if
353
+ // NULL. Other signing parameters use |pkey|'s defaults. To customize them, use
354
+ // |X509_sign_ctx|.
355
+ OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
264
356
 
265
- DECLARE_STACK_OF(GENERAL_NAMES)
357
+ // X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm
358
+ // and signature fields. It returns the length of the signature on success and
359
+ // zero on error. The signature algorithm and parameters come from |ctx|, which
360
+ // must have been initialized with |EVP_DigestSignInit|. The caller should
361
+ // configure the corresponding |EVP_PKEY_CTX| before calling this function.
362
+ OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
266
363
 
267
- DEFINE_STACK_OF(X509_CRL)
364
+ // i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
365
+ // in |i2d_SAMPLE|.
366
+ //
367
+ // This function re-encodes the TBSCertificate and may not reflect |x509|'s
368
+ // original encoding. It may be used to manually generate a signature for a new
369
+ // certificate. To verify certificates, use |i2d_X509_tbs| instead.
370
+ OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp);
268
371
 
269
- struct private_key_st {
270
- int version;
271
- // The PKCS#8 data types
272
- X509_ALGOR *enc_algor;
273
- ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
274
-
275
- // When decrypted, the following will not be NULL
276
- EVP_PKEY *dec_pkey;
277
-
278
- // used to encrypt and decrypt
279
- int key_length;
280
- char *key_data;
281
- int key_free; // true if we should auto free key_data
282
-
283
- // expanded version of 'enc_algor'
284
- EVP_CIPHER_INFO cipher;
285
- } /* X509_PKEY */;
286
-
287
- struct X509_info_st {
288
- X509 *x509;
289
- X509_CRL *crl;
290
- X509_PKEY *x_pkey;
291
-
292
- EVP_CIPHER_INFO enc_cipher;
293
- int enc_len;
294
- char *enc_data;
295
-
296
- } /* X509_INFO */;
297
-
298
- DEFINE_STACK_OF(X509_INFO)
299
-
300
- // The next 2 structures and their 8 routines were sent to me by
301
- // Pat Richard <patr@x509.com> and are used to manipulate
302
- // Netscapes spki structures - useful if you are writing a CA web page
303
- struct Netscape_spkac_st {
304
- X509_PUBKEY *pubkey;
305
- ASN1_IA5STRING *challenge; // challenge sent in atlas >= PR2
306
- } /* NETSCAPE_SPKAC */;
307
-
308
- struct Netscape_spki_st {
309
- NETSCAPE_SPKAC *spkac; // signed public key and challenge
310
- X509_ALGOR *sig_algor;
311
- ASN1_BIT_STRING *signature;
312
- } /* NETSCAPE_SPKI */;
313
-
314
- // TODO(davidben): Document remaining functions, reorganize them, and define
315
- // supported patterns for using |X509| objects in general. In particular, when
316
- // it is safe to call mutating functions is a little tricky due to various
317
- // internal caches.
318
-
319
- // X509_VERSION_* are X.509 version numbers. Note the numerical values of all
320
- // defined X.509 versions are one less than the named version.
321
- #define X509_VERSION_1 0
322
- #define X509_VERSION_2 1
323
- #define X509_VERSION_3 2
324
-
325
- // X509_get_version returns the numerical value of |x509|'s version. Callers may
326
- // compare the result to the |X509_VERSION_*| constants. Unknown versions are
327
- // rejected by the parser, but a manually-created |X509| object may encode
328
- // invalid versions. In that case, the function will return the invalid version,
329
- // or -1 on overflow.
330
- OPENSSL_EXPORT long X509_get_version(const X509 *x509);
372
+ // X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and
373
+ // returns one on success or zero on error. It updates both the signature field
374
+ // of the TBSCertificate structure, and the signatureAlgorithm field of the
375
+ // Certificate.
376
+ OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo);
331
377
 
332
- // X509_set_version sets |x509|'s version to |version|, which should be one of
333
- // the |X509V_VERSION_*| constants. It returns one on success and zero on error.
378
+ // X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len|
379
+ // bytes pointed by |sig|. It returns one on success and zero on error.
334
380
  //
335
- // If unsure, use |X509_VERSION_3|.
336
- OPENSSL_EXPORT int X509_set_version(X509 *x509, long version);
337
-
338
- // X509_get0_serialNumber returns |x509|'s serial number.
339
- OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509);
340
-
341
- // X509_set_serialNumber sets |x509|'s serial number to |serial|. It returns one
342
- // on success and zero on error.
343
- OPENSSL_EXPORT int X509_set_serialNumber(X509 *x509,
344
- const ASN1_INTEGER *serial);
345
-
346
- // X509_get0_notBefore returns |x509|'s notBefore time.
347
- OPENSSL_EXPORT const ASN1_TIME *X509_get0_notBefore(const X509 *x509);
348
-
349
- // X509_get0_notAfter returns |x509|'s notAfter time.
350
- OPENSSL_EXPORT const ASN1_TIME *X509_get0_notAfter(const X509 *x509);
351
-
352
- // X509_set1_notBefore sets |x509|'s notBefore time to |tm|. It returns one on
353
- // success and zero on error.
354
- OPENSSL_EXPORT int X509_set1_notBefore(X509 *x509, const ASN1_TIME *tm);
355
-
356
- // X509_set1_notAfter sets |x509|'s notAfter time to |tm|. it returns one on
357
- // success and zero on error.
358
- OPENSSL_EXPORT int X509_set1_notAfter(X509 *x509, const ASN1_TIME *tm);
359
-
360
- // X509_getm_notBefore returns a mutable pointer to |x509|'s notBefore time.
361
- OPENSSL_EXPORT ASN1_TIME *X509_getm_notBefore(X509 *x509);
362
-
363
- // X509_getm_notAfter returns a mutable pointer to |x509|'s notAfter time.
364
- OPENSSL_EXPORT ASN1_TIME *X509_getm_notAfter(X509 *x);
381
+ // Due to a specification error, X.509 certificates store signatures in ASN.1
382
+ // BIT STRINGs, but signature algorithms return byte strings rather than bit
383
+ // strings. This function creates a BIT STRING containing a whole number of
384
+ // bytes, with the bit order matching the DER encoding. This matches the
385
+ // encoding used by all X.509 signature algorithms.
386
+ OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
387
+ size_t sig_len);
365
388
 
366
- // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
367
- // const-correct for legacy reasons. Use |X509_get0_notBefore| or
368
- // |X509_getm_notBefore| instead.
369
- OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
370
389
 
371
- // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
372
- // const-correct for legacy reasons. Use |X509_get0_notAfter| or
373
- // |X509_getm_notAfter| instead.
374
- OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
390
+ // Auxiliary certificate properties.
391
+ //
392
+ // |X509| objects optionally maintain auxiliary properties. These are not part
393
+ // of the certificates themselves, and thus are not covered by signatures or
394
+ // preserved by the standard serialization. They are used as inputs or outputs
395
+ // to other functions in this library.
396
+
397
+ // i2d_X509_AUX marshals |x509| as a DER-encoded X.509 Certificate (RFC 5280),
398
+ // followed optionally by a separate, OpenSSL-specific structure with auxiliary
399
+ // properties. It behaves as described in |i2d_SAMPLE|.
400
+ //
401
+ // Unlike similarly-named functions, this function does not output a single
402
+ // ASN.1 element. Directly embedding the output in a larger ASN.1 structure will
403
+ // not behave correctly.
404
+ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
405
+
406
+ // d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509
407
+ // Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific
408
+ // structure with auxiliary properties. It behaves as described in |d2i_SAMPLE|.
409
+ //
410
+ // Some auxiliary properties affect trust decisions, so this function should not
411
+ // be used with untrusted input.
412
+ //
413
+ // Unlike similarly-named functions, this function does not parse a single
414
+ // ASN.1 element. Trying to parse data directly embedded in a larger ASN.1
415
+ // structure will not behave correctly.
416
+ OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp,
417
+ long length);
375
418
 
376
- // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
377
- // instead.
378
- OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
419
+ // X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is
420
+ // NULL, the alias is cleared instead. Aliases are not part of the certificate
421
+ // itself and will not be serialized by |i2d_X509|.
422
+ OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name,
423
+ ossl_ssize_t len);
424
+
425
+ // X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is
426
+ // NULL, the key ID is cleared instead. Key IDs are not part of the certificate
427
+ // itself and will not be serialized by |i2d_X509|.
428
+ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
429
+ ossl_ssize_t len);
430
+
431
+ // X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the
432
+ // alias's length and returns a pointer to a buffer containing the contents. If
433
+ // not found, it outputs the empty string by returning NULL and setting
434
+ // |*out_len| to zero.
435
+ //
436
+ // If |x509| was parsed from a PKCS#12 structure (see
437
+ // |PKCS12_get_key_and_certs|), the alias will reflect the friendlyName
438
+ // attribute (RFC 2985).
439
+ //
440
+ // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
441
+ // missing. Callers that target both OpenSSL and BoringSSL should set the value
442
+ // to zero before calling this function.
443
+ OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
444
+
445
+ // X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the
446
+ // key ID's length and returns a pointer to a buffer containing the contents. If
447
+ // not found, it outputs the empty string by returning NULL and setting
448
+ // |*out_len| to zero.
449
+ //
450
+ // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
451
+ // missing. Callers that target both OpenSSL and BoringSSL should set the value
452
+ // to zero before calling this function.
453
+ OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
379
454
 
380
- // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
381
- // instead.
382
- OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
383
455
 
384
- // X509_get0_uids sets |*out_issuer_uid| to a non-owning pointer to the
385
- // issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
386
- // outputs |x509|'s subjectUID field to |*out_subject_uid|.
456
+ // Certificate revocation lists.
387
457
  //
388
- // Callers may pass NULL to either |out_issuer_uid| or |out_subject_uid| to
389
- // ignore the corresponding field.
390
- OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
391
- const ASN1_BIT_STRING **out_issuer_uid,
392
- const ASN1_BIT_STRING **out_subject_uid);
458
+ // An |X509_CRL| object represents an X.509 certificate revocation list (CRL),
459
+ // defined in RFC 5280. A CRL is a signed list of certificates which are no
460
+ // longer considered valid.
461
+ //
462
+ // Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| can give
463
+ // incorrect results. Callers typically obtain |X509_CRL|s by parsing some input
464
+ // with |d2i_X509_CRL|, etc. Such objects carry information such as the
465
+ // serialized TBSCertList and decoded extensions, which will become inconsistent
466
+ // when mutated.
467
+ //
468
+ // Instead, mutation functions should only be used when issuing new CRLs, as
469
+ // described in a later section.
393
470
 
394
- // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
395
- // |X509_get_pubkey| instead.
396
- #define X509_extract_key(x) X509_get_pubkey(x)
471
+ DEFINE_STACK_OF(X509_CRL)
397
472
 
398
- // X509_get_pathlen returns path length constraint from the basic constraints
399
- // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
400
- // constraint is not present, or if some extension in |x509| was invalid.
401
- //
402
- // Note that decoding an |X509| object will not check for invalid extensions. To
403
- // detect the error case, call |X509_get_extensions_flags| and check the
404
- // |EXFLAG_INVALID| bit.
405
- OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
473
+ // X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
474
+ // 5280) and C type is |X509_CRL*|.
475
+ DECLARE_ASN1_ITEM(X509_CRL)
406
476
 
407
- // X509_REQ_VERSION_1 is the version constant for |X509_REQ| objects. Note no
408
- // other versions are defined.
409
- #define X509_REQ_VERSION_1 0
477
+ // X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
478
+ OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
410
479
 
411
- // X509_REQ_get_version returns the numerical value of |req|'s version. This
412
- // will be |X509_REQ_VERSION_1| for valid certificate requests. If |req| is
413
- // invalid, it may return another value, or -1 on overflow.
480
+ // X509_CRL_dup returns a newly-allocated copy of |crl|, or NULL on error. This
481
+ // function works by serializing the structure, so if |crl| is incomplete, it
482
+ // may fail.
414
483
  //
415
- // TODO(davidben): Enforce the version number in the parser.
416
- OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
484
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
485
+ // thread-safe but is currently neither in some cases, notably if |crl| was
486
+ // mutated.
487
+ OPENSSL_EXPORT X509_CRL *X509_CRL_dup(X509_CRL *crl);
417
488
 
418
- // X509_REQ_get_subject_name returns |req|'s subject name. Note this function is
419
- // not const-correct for legacy reasons.
420
- OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
489
+ // X509_CRL_free decrements |crl|'s reference count and, if zero, releases
490
+ // memory associated with |crl|.
491
+ OPENSSL_EXPORT void X509_CRL_free(X509_CRL *crl);
421
492
 
422
- // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
423
- #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
493
+ // d2i_X509_CRL parses up to |len| bytes from |*inp| as a DER-encoded X.509
494
+ // CertificateList (RFC 5280), as described in |d2i_SAMPLE|.
495
+ OPENSSL_EXPORT X509_CRL *d2i_X509_CRL(X509_CRL **out, const uint8_t **inp,
496
+ long len);
424
497
 
425
- // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
426
- #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
498
+ // i2d_X509_CRL marshals |crl| as a X.509 CertificateList (RFC 5280), as
499
+ // described in |i2d_SAMPLE|.
500
+ //
501
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
502
+ // thread-safe but is currently neither in some cases, notably if |crl| was
503
+ // mutated.
504
+ OPENSSL_EXPORT int i2d_X509_CRL(X509_CRL *crl, uint8_t **outp);
427
505
 
428
506
  #define X509_CRL_VERSION_1 0
429
507
  #define X509_CRL_VERSION_2 1
430
508
 
431
- // X509_CRL_get_version returns the numerical value of |crl|'s version. Callers
432
- // may compare the result to |X509_CRL_VERSION_*| constants. If |crl| is
433
- // invalid, it may return another value, or -1 on overflow.
434
- //
435
- // TODO(davidben): Enforce the version number in the parser.
509
+ // X509_CRL_get_version returns the numerical value of |crl|'s version, which
510
+ // will be one of the |X509_CRL_VERSION_*| constants.
436
511
  OPENSSL_EXPORT long X509_CRL_get_version(const X509_CRL *crl);
437
512
 
438
- // X509_CRL_get0_lastUpdate returns |crl|'s lastUpdate time.
513
+ // X509_CRL_get0_lastUpdate returns |crl|'s thisUpdate time. The OpenSSL API
514
+ // refers to this field as lastUpdate.
439
515
  OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
440
516
 
441
517
  // X509_CRL_get0_nextUpdate returns |crl|'s nextUpdate time, or NULL if |crl|
442
518
  // has none.
443
519
  OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
444
520
 
445
- // X509_CRL_set1_lastUpdate sets |crl|'s lastUpdate time to |tm|. It returns one
446
- // on success and zero on error.
447
- OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
448
-
449
- // X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
450
- // on success and zero on error.
451
- OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
452
-
453
- // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
454
- #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
455
- #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
456
-
457
- // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s lastUpdate time.
458
- // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
459
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
460
-
461
- // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
462
- // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
463
- // |X509_CRL_set1_nextUpdate| instead.
464
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
465
-
466
521
  // X509_CRL_get_issuer returns |crl|'s issuer name. Note this function is not
467
522
  // const-correct for legacy reasons.
468
523
  OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
@@ -480,146 +535,1330 @@ OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
480
535
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(
481
536
  const X509_CRL *crl);
482
537
 
483
- // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
484
- // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
485
- // |out_digest| may be NULL to skip those fields.
486
- OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
487
- const X509_ALGOR **out_alg,
488
- const ASN1_OCTET_STRING **out_digest);
538
+ // X509_CRL_get_ext_count returns the number of extensions in |x|.
539
+ OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
489
540
 
490
- // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
491
- OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
492
- ASN1_OCTET_STRING **out_digest);
541
+ // X509_CRL_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
542
+ // extensions in |x|.
543
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
544
+ int lastpos);
493
545
 
494
- OPENSSL_EXPORT void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
495
- OPENSSL_EXPORT X509_CRL_METHOD *X509_CRL_METHOD_new(
496
- int (*crl_init)(X509_CRL *crl), int (*crl_free)(X509_CRL *crl),
497
- int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *ser,
498
- X509_NAME *issuer),
499
- int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk));
500
- OPENSSL_EXPORT void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
546
+ // X509_CRL_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
547
+ // extensions in |x|.
548
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
549
+ const ASN1_OBJECT *obj, int lastpos);
501
550
 
502
- OPENSSL_EXPORT void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
503
- OPENSSL_EXPORT void *X509_CRL_get_meth_data(X509_CRL *crl);
551
+ // X509_CRL_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
552
+ // searches for extensions in |x|.
553
+ OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
554
+ int lastpos);
504
555
 
505
- // X509_get_X509_PUBKEY returns the public key of |x509|. Note this function is
506
- // not const-correct for legacy reasons. Callers should not modify the returned
507
- // object.
508
- OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
556
+ // X509_CRL_get_ext returns the extension in |x| at index |loc|, or NULL if
557
+ // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
558
+ // compatibility, but callers should not mutate the result.
559
+ OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
509
560
 
510
- // X509_verify_cert_error_string returns |err| as a human-readable string, where
511
- // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
512
- // a default description.
513
- OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
561
+ // X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
562
+ // signature algorithm of |crl|, respectively. Either output pointer may be NULL
563
+ // to ignore the value.
564
+ //
565
+ // This function outputs the outer signature algorithm, not the one in the
566
+ // TBSCertList. CRLs with mismatched signature algorithms will successfully
567
+ // parse, but they will be rejected when verifying.
568
+ OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
569
+ const ASN1_BIT_STRING **out_sig,
570
+ const X509_ALGOR **out_alg);
514
571
 
515
- // X509_verify checks that |x509| has a valid signature by |pkey|. It returns
516
- // one if the signature is valid and zero otherwise. Note this function only
517
- // checks the signature itself and does not perform a full certificate
518
- // validation.
519
- OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
572
+ // X509_CRL_get_signature_nid returns the NID corresponding to |crl|'s signature
573
+ // algorithm, or |NID_undef| if the signature algorithm does not correspond to
574
+ // a known NID.
575
+ OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
520
576
 
521
- // X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns
522
- // one if the signature is valid and zero otherwise.
523
- OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
577
+ // i2d_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described in
578
+ // |i2d_SAMPLE|.
579
+ //
580
+ // This function preserves the original encoding of the TBSCertList and may not
581
+ // reflect modifications made to |crl|. It may be used to manually verify the
582
+ // signature of an existing CRL. To generate CRLs, use |i2d_re_X509_CRL_tbs|
583
+ // instead.
584
+ OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
524
585
 
525
586
  // X509_CRL_verify checks that |crl| has a valid signature by |pkey|. It returns
526
587
  // one if the signature is valid and zero otherwise.
527
588
  OPENSSL_EXPORT int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey);
528
589
 
529
- // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
530
- // returns one if the signature is valid and zero otherwise.
531
- OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
532
-
533
- // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
534
- // Netscape signed public key and challenge (SPKAC) structure. It returns a
535
- // newly-allocated |NETSCAPE_SPKI| structure with the result, or NULL on error.
536
- // If |len| is 0 or negative, the length is calculated with |strlen| and |str|
537
- // must be a NUL-terminated C string.
538
- OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
539
- int len);
540
590
 
541
- // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded Netscape signed
542
- // public key and challenge (SPKAC) structure. It returns a newly-allocated
543
- // NUL-terminated C string with the result, or NULL on error. The caller must
544
- // release the memory with |OPENSSL_free| when done.
545
- OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
591
+ // Issuing certificate revocation lists.
592
+ //
593
+ // An |X509_CRL| object may also represent an incomplete CRL. Callers may
594
+ // construct empty |X509_CRL| objects, fill in fields individually, and finally
595
+ // sign the result. The following functions may be used for this purpose.
546
596
 
547
- // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
548
- // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
549
- // pointer and must call |EVP_PKEY_free| when done.
550
- OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
597
+ // X509_CRL_new returns a newly-allocated, empty |X509_CRL| object, or NULL on
598
+ // error. This object may be filled in and then signed to construct a CRL.
599
+ OPENSSL_EXPORT X509_CRL *X509_CRL_new(void);
551
600
 
552
- // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
553
- // on success or zero on error. This function does not take ownership of |pkey|,
554
- // so the caller may continue to manage its lifetime independently of |spki|.
555
- OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
556
- EVP_PKEY *pkey);
601
+ // X509_CRL_set_version sets |crl|'s version to |version|, which should be one
602
+ // of the |X509_CRL_VERSION_*| constants. It returns one on success and zero on
603
+ // error.
604
+ //
605
+ // If unsure, use |X509_CRL_VERSION_2|. Note that, unlike certificates, CRL
606
+ // versions are only defined up to v2. Callers should not use |X509_VERSION_3|.
607
+ OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *crl, long version);
557
608
 
558
- // X509_signature_dump writes a human-readable representation of |sig| to |bio|,
559
- // indented with |indent| spaces. It returns one on success and zero on error.
560
- OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
561
- int indent);
609
+ // X509_CRL_set_issuer_name sets |crl|'s issuer to a copy of |name|. It returns
610
+ // one on success and zero on error.
611
+ OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *crl, X509_NAME *name);
612
+
613
+ // X509_CRL_set1_lastUpdate sets |crl|'s thisUpdate time to |tm|. It returns one
614
+ // on success and zero on error. The OpenSSL API refers to this field as
615
+ // lastUpdate.
616
+ OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
617
+
618
+ // X509_CRL_set1_nextUpdate sets |crl|'s nextUpdate time to |tm|. It returns one
619
+ // on success and zero on error.
620
+ OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
621
+
622
+ // X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
623
+ // the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
624
+ // caller must release the result with |X509_EXTENSION_free|.
625
+ OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
626
+
627
+ // X509_CRL_add_ext adds a copy of |ex| to |x|. It returns one on success and
628
+ // zero on failure. The caller retains ownership of |ex| and can release it
629
+ // independently of |x|.
630
+ //
631
+ // The new extension is inserted at index |loc|, shifting extensions to the
632
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
633
+ // list.
634
+ OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex,
635
+ int loc);
636
+
637
+ // X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
638
+ // and signature fields. It returns the length of the signature on success and
639
+ // zero on error. This function uses digest algorithm |md|, or |pkey|'s default
640
+ // if NULL. Other signing parameters use |pkey|'s defaults. To customize them,
641
+ // use |X509_CRL_sign_ctx|.
642
+ OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
643
+ const EVP_MD *md);
644
+
645
+ // X509_CRL_sign_ctx signs |crl| with |ctx| and replaces the signature algorithm
646
+ // and signature fields. It returns the length of the signature on success and
647
+ // zero on error. The signature algorithm and parameters come from |ctx|, which
648
+ // must have been initialized with |EVP_DigestSignInit|. The caller should
649
+ // configure the corresponding |EVP_PKEY_CTX| before calling this function.
650
+ OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
651
+
652
+ // i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
653
+ // in |i2d_SAMPLE|.
654
+ //
655
+ // This function re-encodes the TBSCertList and may not reflect |crl|'s original
656
+ // encoding. It may be used to manually generate a signature for a new CRL. To
657
+ // verify CRLs, use |i2d_X509_CRL_tbs| instead.
658
+ OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
659
+
660
+ // X509_CRL_set1_signature_algo sets |crl|'s signature algorithm to |algo| and
661
+ // returns one on success or zero on error. It updates both the signature field
662
+ // of the TBSCertList structure, and the signatureAlgorithm field of the CRL.
663
+ OPENSSL_EXPORT int X509_CRL_set1_signature_algo(X509_CRL *crl,
664
+ const X509_ALGOR *algo);
665
+
666
+ // X509_CRL_set1_signature_value sets |crl|'s signature to a copy of the
667
+ // |sig_len| bytes pointed by |sig|. It returns one on success and zero on
668
+ // error.
669
+ //
670
+ // Due to a specification error, X.509 CRLs store signatures in ASN.1 BIT
671
+ // STRINGs, but signature algorithms return byte strings rather than bit
672
+ // strings. This function creates a BIT STRING containing a whole number of
673
+ // bytes, with the bit order matching the DER encoding. This matches the
674
+ // encoding used by all X.509 signature algorithms.
675
+ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
676
+ const uint8_t *sig,
677
+ size_t sig_len);
678
+
679
+
680
+ // Certificate requests.
681
+ //
682
+ // An |X509_REQ| represents a PKCS #10 certificate request (RFC 2986). These are
683
+ // also referred to as certificate signing requests or CSRs. CSRs are a common
684
+ // format used to request a certificate from a CA.
685
+ //
686
+ // Although an |X509_REQ| is a mutable object, mutating an |X509_REQ| can give
687
+ // incorrect results. Callers typically obtain |X509_REQ|s by parsing some input
688
+ // with |d2i_X509_REQ|, etc. Such objects carry information such as the
689
+ // serialized CertificationRequestInfo, which will become inconsistent when
690
+ // mutated.
691
+ //
692
+ // Instead, mutation functions should only be used when issuing new CRLs, as
693
+ // described in a later section.
694
+
695
+ // X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
696
+ // and C type is |X509_REQ*|.
697
+ DECLARE_ASN1_ITEM(X509_REQ)
698
+
699
+ // X509_REQ_dup returns a newly-allocated copy of |req|, or NULL on error. This
700
+ // function works by serializing the structure, so if |req| is incomplete, it
701
+ // may fail.
702
+ //
703
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
704
+ // thread-safe but is currently neither in some cases, notably if |req| was
705
+ // mutated.
706
+ OPENSSL_EXPORT X509_REQ *X509_REQ_dup(X509_REQ *req);
707
+
708
+ // X509_REQ_free releases memory associated with |req|.
709
+ OPENSSL_EXPORT void X509_REQ_free(X509_REQ *req);
710
+
711
+ // d2i_X509_REQ parses up to |len| bytes from |*inp| as a DER-encoded
712
+ // CertificateRequest (RFC 2986), as described in |d2i_SAMPLE|.
713
+ OPENSSL_EXPORT X509_REQ *d2i_X509_REQ(X509_REQ **out, const uint8_t **inp,
714
+ long len);
715
+
716
+ // i2d_X509_REQ marshals |req| as a CertificateRequest (RFC 2986), as described
717
+ // in |i2d_SAMPLE|.
718
+ //
719
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
720
+ // thread-safe but is currently neither in some cases, notably if |req| was
721
+ // mutated.
722
+ OPENSSL_EXPORT int i2d_X509_REQ(X509_REQ *req, uint8_t **outp);
723
+
724
+ // X509_REQ_VERSION_1 is the version constant for |X509_REQ| objects. No other
725
+ // versions are defined.
726
+ #define X509_REQ_VERSION_1 0
727
+
728
+ // X509_REQ_get_version returns the numerical value of |req|'s version. This
729
+ // will always be |X509_REQ_VERSION_1| for valid CSRs. For compatibility,
730
+ // |d2i_X509_REQ| also accepts some invalid version numbers, in which case this
731
+ // function may return other values.
732
+ OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
733
+
734
+ // X509_REQ_get_subject_name returns |req|'s subject name. Note this function is
735
+ // not const-correct for legacy reasons.
736
+ OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
737
+
738
+ // X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
739
+ // the public key was unsupported or could not be decoded. This function returns
740
+ // a reference to the |EVP_PKEY|. The caller must release the result with
741
+ // |EVP_PKEY_free| when done.
742
+ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
743
+
744
+ // X509_REQ_get_attr_count returns the number of attributes in |req|.
745
+ OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
746
+
747
+ // X509_REQ_get_attr returns the attribute at index |loc| in |req|, or NULL if
748
+ // out of bounds.
749
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
750
+
751
+ // X509_REQ_get_attr_by_NID returns the index of the attribute in |req| of type
752
+ // |nid|, or a negative number if not found. If found, callers can use
753
+ // |X509_REQ_get_attr| to look up the attribute by index.
754
+ //
755
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
756
+ // can thus loop over all matching attributes by first passing -1 and then
757
+ // passing the previously-returned value until no match is returned.
758
+ OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
759
+ int lastpos);
760
+
761
+ // X509_REQ_get_attr_by_OBJ behaves like |X509_REQ_get_attr_by_NID| but looks
762
+ // for attributes of type |obj|.
763
+ OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req,
764
+ const ASN1_OBJECT *obj,
765
+ int lastpos);
766
+
767
+ // X509_REQ_extension_nid returns one if |nid| is a supported CSR attribute type
768
+ // for carrying extensions and zero otherwise. The supported types are
769
+ // |NID_ext_req| (pkcs-9-at-extensionRequest from RFC 2985) and |NID_ms_ext_req|
770
+ // (a Microsoft szOID_CERT_EXTENSIONS variant).
771
+ OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
772
+
773
+ // X509_REQ_get_extensions decodes the list of requested extensions in |req| and
774
+ // returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result.
775
+ // It returns NULL on error, or if |req| did not request extensions.
776
+ //
777
+ // CSRs do not store extensions directly. Instead there are attribute types
778
+ // which are defined to hold extensions. See |X509_REQ_extension_nid|. This
779
+ // function supports both pkcs-9-at-extensionRequest from RFC 2985 and the
780
+ // Microsoft szOID_CERT_EXTENSIONS variant. If both are present,
781
+ // pkcs-9-at-extensionRequest is preferred.
782
+ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
783
+
784
+ // X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
785
+ // signature algorithm of |req|, respectively. Either output pointer may be NULL
786
+ // to ignore the value.
787
+ OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
788
+ const ASN1_BIT_STRING **out_sig,
789
+ const X509_ALGOR **out_alg);
790
+
791
+ // X509_REQ_get_signature_nid returns the NID corresponding to |req|'s signature
792
+ // algorithm, or |NID_undef| if the signature algorithm does not correspond to
793
+ // a known NID.
794
+ OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
795
+
796
+ // X509_REQ_verify checks that |req| has a valid signature by |pkey|. It returns
797
+ // one if the signature is valid and zero otherwise.
798
+ OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
799
+
800
+
801
+ // Issuing certificate requests.
802
+ //
803
+ // An |X509_REQ| object may also represent an incomplete CSR. Callers may
804
+ // construct empty |X509_REQ| objects, fill in fields individually, and finally
805
+ // sign the result. The following functions may be used for this purpose.
806
+
807
+ // X509_REQ_new returns a newly-allocated, empty |X509_REQ| object, or NULL on
808
+ // error. This object may be filled in and then signed to construct a CSR.
809
+ OPENSSL_EXPORT X509_REQ *X509_REQ_new(void);
810
+
811
+ // X509_REQ_set_version sets |req|'s version to |version|, which should be
812
+ // |X509_REQ_VERSION_1|. It returns one on success and zero on error.
813
+ //
814
+ // The only defined CSR version is |X509_REQ_VERSION_1|, so there is no need to
815
+ // call this function.
816
+ OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *req, long version);
817
+
818
+ // X509_REQ_set_subject_name sets |req|'s subject to a copy of |name|. It
819
+ // returns one on success and zero on error.
820
+ OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
821
+
822
+ // X509_REQ_set_pubkey sets |req|'s public key to |pkey|. It returns one on
823
+ // success and zero on error. This function does not take ownership of |pkey|
824
+ // and internally copies and updates reference counts as needed.
825
+ OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *req, EVP_PKEY *pkey);
826
+
827
+ // X509_REQ_delete_attr removes the attribute at index |loc| in |req|. It
828
+ // returns the removed attribute to the caller, or NULL if |loc| was out of
829
+ // bounds. If non-NULL, the caller must release the result with
830
+ // |X509_ATTRIBUTE_free| when done. It is also safe, but not necessary, to call
831
+ // |X509_ATTRIBUTE_free| if the result is NULL.
832
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
833
+
834
+ // X509_REQ_add1_attr appends a copy of |attr| to |req|'s list of attributes. It
835
+ // returns one on success and zero on error.
836
+ OPENSSL_EXPORT int X509_REQ_add1_attr(X509_REQ *req,
837
+ const X509_ATTRIBUTE *attr);
838
+
839
+ // X509_REQ_add1_attr_by_OBJ appends a new attribute to |req| with type |obj|.
840
+ // It returns one on success and zero on error. The value is determined by
841
+ // |X509_ATTRIBUTE_set1_data|.
842
+ //
843
+ // WARNING: The interpretation of |attrtype|, |data|, and |len| is complex and
844
+ // error-prone. See |X509_ATTRIBUTE_set1_data| for details.
845
+ OPENSSL_EXPORT int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
846
+ const ASN1_OBJECT *obj,
847
+ int attrtype,
848
+ const unsigned char *data,
849
+ int len);
850
+
851
+ // X509_REQ_add1_attr_by_NID behaves like |X509_REQ_add1_attr_by_OBJ| except the
852
+ // attribute type is determined by |nid|.
853
+ OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid,
854
+ int attrtype,
855
+ const unsigned char *data,
856
+ int len);
857
+
858
+ // X509_REQ_add1_attr_by_txt behaves like |X509_REQ_add1_attr_by_OBJ| except the
859
+ // attribute type is determined by calling |OBJ_txt2obj| with |attrname|.
860
+ OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
861
+ const char *attrname, int attrtype,
862
+ const unsigned char *data,
863
+ int len);
864
+
865
+ // X509_REQ_add_extensions_nid adds an attribute to |req| of type |nid|, to
866
+ // request the certificate extensions in |exts|. It returns one on success and
867
+ // zero on error. |nid| should be |NID_ext_req| or |NID_ms_ext_req|.
868
+ OPENSSL_EXPORT int X509_REQ_add_extensions_nid(
869
+ X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts, int nid);
870
+
871
+ // X509_REQ_add_extensions behaves like |X509_REQ_add_extensions_nid|, using the
872
+ // standard |NID_ext_req| for the attribute type.
873
+ OPENSSL_EXPORT int X509_REQ_add_extensions(
874
+ X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts);
875
+
876
+ // X509_REQ_sign signs |req| with |pkey| and replaces the signature algorithm
877
+ // and signature fields. It returns the length of the signature on success and
878
+ // zero on error. This function uses digest algorithm |md|, or |pkey|'s default
879
+ // if NULL. Other signing parameters use |pkey|'s defaults. To customize them,
880
+ // use |X509_REQ_sign_ctx|.
881
+ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
882
+ const EVP_MD *md);
883
+
884
+ // X509_REQ_sign_ctx signs |req| with |ctx| and replaces the signature algorithm
885
+ // and signature fields. It returns the length of the signature on success and
886
+ // zero on error. The signature algorithm and parameters come from |ctx|, which
887
+ // must have been initialized with |EVP_DigestSignInit|. The caller should
888
+ // configure the corresponding |EVP_PKEY_CTX| before calling this function.
889
+ OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
890
+
891
+ // i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
892
+ // portion of |req|, as described in |i2d_SAMPLE|.
893
+ //
894
+ // This function re-encodes the CertificationRequestInfo and may not reflect
895
+ // |req|'s original encoding. It may be used to manually generate a signature
896
+ // for a new certificate request.
897
+ OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, uint8_t **outp);
898
+
899
+ // X509_REQ_set1_signature_algo sets |req|'s signature algorithm to |algo| and
900
+ // returns one on success or zero on error.
901
+ OPENSSL_EXPORT int X509_REQ_set1_signature_algo(X509_REQ *req,
902
+ const X509_ALGOR *algo);
903
+
904
+ // X509_REQ_set1_signature_value sets |req|'s signature to a copy of the
905
+ // |sig_len| bytes pointed by |sig|. It returns one on success and zero on
906
+ // error.
907
+ //
908
+ // Due to a specification error, PKCS#10 certificate requests store signatures
909
+ // in ASN.1 BIT STRINGs, but signature algorithms return byte strings rather
910
+ // than bit strings. This function creates a BIT STRING containing a whole
911
+ // number of bytes, with the bit order matching the DER encoding. This matches
912
+ // the encoding used by all X.509 signature algorithms.
913
+ OPENSSL_EXPORT int X509_REQ_set1_signature_value(X509_REQ *req,
914
+ const uint8_t *sig,
915
+ size_t sig_len);
916
+
917
+
918
+ // Names.
919
+ //
920
+ // An |X509_NAME| represents an X.509 Name structure (RFC 5280). X.509 names are
921
+ // a complex, hierarchical structure over a collection of attributes. Each name
922
+ // is sequence of relative distinguished names (RDNs), decreasing in
923
+ // specificity. For example, the first RDN may specify the country, while the
924
+ // next RDN may specify a locality. Each RDN is, itself, a set of attributes.
925
+ // Having more than one attribute in an RDN is uncommon, but possible. Within an
926
+ // RDN, attributes have the same level in specificity. Attribute types are
927
+ // OBJECT IDENTIFIERs. This determines the ASN.1 type of the value, which is
928
+ // commonly a string but may be other types.
929
+ //
930
+ // The |X509_NAME| representation flattens this two-level structure into a
931
+ // single list of attributes. Each attribute is stored in an |X509_NAME_ENTRY|,
932
+ // with also maintains the index of the RDN it is part of, accessible via
933
+ // |X509_NAME_ENTRY_set|. This can be used to recover the two-level structure.
934
+ //
935
+ // X.509 names are largely vestigial. Historically, DNS names were parsed out of
936
+ // the subject's common name attribute, but this is deprecated and has since
937
+ // moved to the subject alternative name extension. In modern usage, X.509 names
938
+ // are primarily opaque identifiers to link a certificate with its issuer.
939
+
940
+ DEFINE_STACK_OF(X509_NAME_ENTRY)
941
+ DEFINE_STACK_OF(X509_NAME)
942
+
943
+ // X509_NAME is an |ASN1_ITEM| whose ASN.1 type is X.509 Name (RFC 5280) and C
944
+ // type is |X509_NAME*|.
945
+ DECLARE_ASN1_ITEM(X509_NAME)
946
+
947
+ // X509_NAME_new returns a new, empty |X509_NAME_new|, or NULL on
948
+ // error.
949
+ OPENSSL_EXPORT X509_NAME *X509_NAME_new(void);
950
+
951
+ // X509_NAME_free releases memory associated with |name|.
952
+ OPENSSL_EXPORT void X509_NAME_free(X509_NAME *name);
953
+
954
+ // d2i_X509_NAME parses up to |len| bytes from |*inp| as a DER-encoded X.509
955
+ // Name (RFC 5280), as described in |d2i_SAMPLE|.
956
+ OPENSSL_EXPORT X509_NAME *d2i_X509_NAME(X509_NAME **out, const uint8_t **inp,
957
+ long len);
958
+
959
+ // i2d_X509_NAME marshals |in| as a DER-encoded X.509 Name (RFC 5280), as
960
+ // described in |i2d_SAMPLE|.
961
+ //
962
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
963
+ // thread-safe but is currently neither in some cases, notably if |in| was
964
+ // mutated.
965
+ OPENSSL_EXPORT int i2d_X509_NAME(X509_NAME *in, uint8_t **outp);
966
+
967
+ // X509_NAME_dup returns a newly-allocated copy of |name|, or NULL on error.
968
+ //
969
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
970
+ // thread-safe but is currently neither in some cases, notably if |name| was
971
+ // mutated.
972
+ OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name);
973
+
974
+ // X509_NAME_get0_der sets |*out_der| and |*out_der_len|
975
+ //
976
+ // Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons
977
+ // these functions are not consistently thread-safe or const-correct. Depending
978
+ // on the resolution of https://crbug.com/boringssl/407, this function may be
979
+ // removed or cause poor performance.
980
+ OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der,
981
+ size_t *out_der_len);
982
+
983
+ // X509_NAME_set makes a copy of |name|. On success, it frees |*xn|, sets |*xn|
984
+ // to the copy, and returns one. Otherwise, it returns zero.
985
+ //
986
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
987
+ // thread-safe but is currently neither in some cases, notably if |name| was
988
+ // mutated.
989
+ OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
990
+
991
+ // X509_NAME_entry_count returns the number of entries in |name|.
992
+ OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
993
+
994
+ // X509_NAME_get_index_by_NID returns the zero-based index of the first
995
+ // attribute in |name| with type |nid|, or -1 if there is none. |nid| should be
996
+ // one of the |NID_*| constants. If |lastpos| is non-negative, it begins
997
+ // searching at |lastpos+1|. To search all attributes, pass in -1, not zero.
998
+ //
999
+ // Indices from this function refer to |X509_NAME|'s flattened representation.
1000
+ OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
1001
+ int lastpos);
1002
+
1003
+ // X509_NAME_get_index_by_OBJ behaves like |X509_NAME_get_index_by_NID| but
1004
+ // looks for attributes with type |obj|.
1005
+ OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
1006
+ const ASN1_OBJECT *obj,
1007
+ int lastpos);
1008
+
1009
+ // X509_NAME_get_entry returns the attribute in |name| at index |loc|, or NULL
1010
+ // if |loc| is out of range. |loc| is interpreted using |X509_NAME|'s flattened
1011
+ // representation. This function returns a non-const pointer for OpenSSL
1012
+ // compatibility, but callers should not mutate the result. Doing so will break
1013
+ // internal invariants in the library.
1014
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
1015
+ int loc);
1016
+
1017
+ // X509_NAME_delete_entry removes and returns the attribute in |name| at index
1018
+ // |loc|, or NULL if |loc| is out of range. |loc| is interpreted using
1019
+ // |X509_NAME|'s flattened representation. If the attribute is found, the caller
1020
+ // is responsible for releasing the result with |X509_NAME_ENTRY_free|.
1021
+ //
1022
+ // This function will internally update RDN indices (see |X509_NAME_ENTRY_set|)
1023
+ // so they continue to be consecutive.
1024
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
1025
+ int loc);
1026
+
1027
+ // X509_NAME_add_entry adds a copy of |entry| to |name| and returns one on
1028
+ // success or zero on error. If |loc| is -1, the entry is appended to |name|.
1029
+ // Otherwise, it is inserted at index |loc|. If |set| is -1, the entry is added
1030
+ // to the previous entry's RDN. If it is 0, the entry becomes a singleton RDN.
1031
+ // If 1, it is added to next entry's RDN.
1032
+ //
1033
+ // This function will internally update RDN indices (see |X509_NAME_ENTRY_set|)
1034
+ // so they continue to be consecutive.
1035
+ OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name,
1036
+ const X509_NAME_ENTRY *entry, int loc,
1037
+ int set);
1038
+
1039
+ // X509_NAME_add_entry_by_OBJ adds a new entry to |name| and returns one on
1040
+ // success or zero on error. The entry's attribute type is |obj|. The entry's
1041
+ // attribute value is determined by |type|, |bytes|, and |len|, as in
1042
+ // |X509_NAME_ENTRY_set_data|. The entry's position is determined by |loc| and
1043
+ // |set| as in |X509_NAME_add_entry|.
1044
+ OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name,
1045
+ const ASN1_OBJECT *obj, int type,
1046
+ const uint8_t *bytes,
1047
+ ossl_ssize_t len, int loc,
1048
+ int set);
1049
+
1050
+ // X509_NAME_add_entry_by_NID behaves like |X509_NAME_add_entry_by_OBJ| but sets
1051
+ // the entry's attribute type to |nid|, which should be one of the |NID_*|
1052
+ // constants.
1053
+ OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid,
1054
+ int type, const uint8_t *bytes,
1055
+ ossl_ssize_t len, int loc,
1056
+ int set);
1057
+
1058
+ // X509_NAME_add_entry_by_txt behaves like |X509_NAME_add_entry_by_OBJ| but sets
1059
+ // the entry's attribute type to |field|, which is passed to |OBJ_txt2obj|.
1060
+ OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
1061
+ const char *field, int type,
1062
+ const uint8_t *bytes,
1063
+ ossl_ssize_t len, int loc,
1064
+ int set);
1065
+
1066
+ // X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
1067
+ // (RFC 5280) and C type is |X509_NAME_ENTRY*|.
1068
+ DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
1069
+
1070
+ // X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY_new|, or NULL on
1071
+ // error.
1072
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
1073
+
1074
+ // X509_NAME_ENTRY_free releases memory associated with |entry|.
1075
+ OPENSSL_EXPORT void X509_NAME_ENTRY_free(X509_NAME_ENTRY *entry);
1076
+
1077
+ // d2i_X509_NAME_ENTRY parses up to |len| bytes from |*inp| as a DER-encoded
1078
+ // AttributeTypeAndValue (RFC 5280), as described in |d2i_SAMPLE|.
1079
+ OPENSSL_EXPORT X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **out,
1080
+ const uint8_t **inp,
1081
+ long len);
1082
+
1083
+ // i2d_X509_NAME_ENTRY marshals |in| as a DER-encoded AttributeTypeAndValue (RFC
1084
+ // 5280), as described in |i2d_SAMPLE|.
1085
+ OPENSSL_EXPORT int i2d_X509_NAME_ENTRY(const X509_NAME_ENTRY *in,
1086
+ uint8_t **outp);
1087
+
1088
+ // X509_NAME_ENTRY_dup returns a newly-allocated copy of |entry|, or NULL on
1089
+ // error.
1090
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(
1091
+ const X509_NAME_ENTRY *entry);
1092
+
1093
+ // X509_NAME_ENTRY_get_object returns |entry|'s attribute type. This function
1094
+ // returns a non-const pointer for OpenSSL compatibility, but callers should not
1095
+ // mutate the result. Doing so will break internal invariants in the library.
1096
+ OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
1097
+ const X509_NAME_ENTRY *entry);
1098
+
1099
+ // X509_NAME_ENTRY_set_object sets |entry|'s attribute type to |obj|. It returns
1100
+ // one on success and zero on error.
1101
+ OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *entry,
1102
+ const ASN1_OBJECT *obj);
1103
+
1104
+ // X509_NAME_ENTRY_get_data returns |entry|'s attribute value, represented as an
1105
+ // |ASN1_STRING|. This value may have any ASN.1 type, so callers must check the
1106
+ // type before interpreting the contents. This function returns a non-const
1107
+ // pointer for OpenSSL compatibility, but callers should not mutate the result.
1108
+ // Doing so will break internal invariants in the library.
1109
+ //
1110
+ // TODO(https://crbug.com/boringssl/412): Although the spec says any ASN.1 type
1111
+ // is allowed, we currently only allow an ad-hoc set of types. Additionally, it
1112
+ // is unclear if some types can even be represented by this function.
1113
+ OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(
1114
+ const X509_NAME_ENTRY *entry);
1115
+
1116
+ // X509_NAME_ENTRY_set_data sets |entry|'s value to |len| bytes from |bytes|. It
1117
+ // returns one on success and zero on error. If |len| is -1, |bytes| must be a
1118
+ // NUL-terminated C string and the length is determined by |strlen|. |bytes| is
1119
+ // converted to an ASN.1 type as follows:
1120
+ //
1121
+ // If |type| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
1122
+ // string is determined by decoding |bytes| in the encoding specified by |type|,
1123
+ // and then re-encoding it in a form appropriate for |entry|'s attribute type.
1124
+ // See |ASN1_STRING_set_by_NID| for details.
1125
+ //
1126
+ // Otherwise, the value is an |ASN1_STRING| with type |type| and value |bytes|.
1127
+ // See |ASN1_STRING| for how to format ASN.1 types as an |ASN1_STRING|. If
1128
+ // |type| is |V_ASN1_UNDEF| the previous |ASN1_STRING| type is reused.
1129
+ OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *entry, int type,
1130
+ const uint8_t *bytes,
1131
+ ossl_ssize_t len);
1132
+
1133
+ // X509_NAME_ENTRY_set returns the zero-based index of the RDN which contains
1134
+ // |entry|. Consecutive entries with the same index are part of the same RDN.
1135
+ OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *entry);
1136
+
1137
+ // X509_NAME_ENTRY_create_by_OBJ creates a new |X509_NAME_ENTRY| with attribute
1138
+ // type |obj|. The attribute value is determined from |type|, |bytes|, and |len|
1139
+ // as in |X509_NAME_ENTRY_set_data|. It returns the |X509_NAME_ENTRY| on success
1140
+ // and NULL on error.
1141
+ //
1142
+ // If |out| is non-NULL and |*out| is NULL, it additionally sets |*out| to the
1143
+ // result on success. If both |out| and |*out| are non-NULL, it updates the
1144
+ // object at |*out| instead of allocating a new one.
1145
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(
1146
+ X509_NAME_ENTRY **out, const ASN1_OBJECT *obj, int type,
1147
+ const uint8_t *bytes, ossl_ssize_t len);
1148
+
1149
+ // X509_NAME_ENTRY_create_by_NID behaves like |X509_NAME_ENTRY_create_by_OBJ|
1150
+ // except the attribute type is |nid|, which should be one of the |NID_*|
1151
+ // constants.
1152
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(
1153
+ X509_NAME_ENTRY **out, int nid, int type, const uint8_t *bytes,
1154
+ ossl_ssize_t len);
1155
+
1156
+ // X509_NAME_ENTRY_create_by_txt behaves like |X509_NAME_ENTRY_create_by_OBJ|
1157
+ // except the attribute type is |field|, which is passed to |OBJ_txt2obj|.
1158
+ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
1159
+ X509_NAME_ENTRY **out, const char *field, int type, const uint8_t *bytes,
1160
+ ossl_ssize_t len);
1161
+
1162
+
1163
+ // Extensions.
1164
+ //
1165
+ // X.509 certificates and CRLs may contain a list of extensions (RFC 5280).
1166
+ // Extensions have a type, specified by an object identifier (|ASN1_OBJECT|) and
1167
+ // a byte string value, which should a DER-encoded structure whose type is
1168
+ // determined by the extension type. This library represents extensions with the
1169
+ // |X509_EXTENSION| type.
1170
+
1171
+ // X509_EXTENSION is an |ASN1_ITEM| whose ASN.1 type is X.509 Extension (RFC
1172
+ // 5280) and C type is |X509_EXTENSION*|.
1173
+ DECLARE_ASN1_ITEM(X509_EXTENSION)
1174
+
1175
+ // X509_EXTENSION_new returns a newly-allocated, empty |X509_EXTENSION| object
1176
+ // or NULL on error.
1177
+ OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_new(void);
1178
+
1179
+ // X509_EXTENSION_free releases memory associated with |ex|.
1180
+ OPENSSL_EXPORT void X509_EXTENSION_free(X509_EXTENSION *ex);
1181
+
1182
+ // d2i_X509_EXTENSION parses up to |len| bytes from |*inp| as a DER-encoded
1183
+ // X.509 Extension (RFC 5280), as described in |d2i_SAMPLE|.
1184
+ OPENSSL_EXPORT X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **out,
1185
+ const uint8_t **inp,
1186
+ long len);
1187
+
1188
+ // i2d_X509_EXTENSION marshals |ex| as a DER-encoded X.509 Extension (RFC
1189
+ // 5280), as described in |i2d_SAMPLE|.
1190
+ OPENSSL_EXPORT int i2d_X509_EXTENSION(const X509_EXTENSION *ex, uint8_t **outp);
1191
+
1192
+ // X509_EXTENSION_dup returns a newly-allocated copy of |ex|, or NULL on error.
1193
+ // This function works by serializing the structure, so if |ex| is incomplete,
1194
+ // it may fail.
1195
+ OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_dup(const X509_EXTENSION *ex);
1196
+
1197
+ // X509_EXTENSION_create_by_NID creates a new |X509_EXTENSION| with type |nid|,
1198
+ // value |data|, and critical bit |crit|. It returns an |X509_EXTENSION| on
1199
+ // success, and NULL on error. |nid| should be a |NID_*| constant.
1200
+ //
1201
+ // If |ex| and |*ex| are both non-NULL, |*ex| is used to hold the result,
1202
+ // otherwise a new object is allocated. If |ex| is non-NULL and |*ex| is NULL,
1203
+ // the function sets |*ex| to point to the newly allocated result, in addition
1204
+ // to returning the result.
1205
+ OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
1206
+ X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
1207
+
1208
+ // X509_EXTENSION_create_by_OBJ behaves like |X509_EXTENSION_create_by_NID|, but
1209
+ // the extension type is determined by an |ASN1_OBJECT|.
1210
+ OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
1211
+ X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
1212
+ const ASN1_OCTET_STRING *data);
1213
+
1214
+ // X509_EXTENSION_get_object returns |ex|'s extension type. This function
1215
+ // returns a non-const pointer for OpenSSL compatibility, but callers should not
1216
+ // mutate the result.
1217
+ OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(const X509_EXTENSION *ex);
1218
+
1219
+ // X509_EXTENSION_get_data returns |ne|'s extension value. This function returns
1220
+ // a non-const pointer for OpenSSL compatibility, but callers should not mutate
1221
+ // the result.
1222
+ OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(
1223
+ const X509_EXTENSION *ne);
1224
+
1225
+ // X509_EXTENSION_get_critical returns one if |ex| is critical and zero
1226
+ // otherwise.
1227
+ OPENSSL_EXPORT int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
1228
+
1229
+ // X509_EXTENSION_set_object sets |ex|'s extension type to |obj|. It returns one
1230
+ // on success and zero on error.
1231
+ OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
1232
+ const ASN1_OBJECT *obj);
1233
+
1234
+ // X509_EXTENSION_set_critical sets |ex| to critical if |crit| is non-zero and
1235
+ // to non-critical if |crit| is zero.
1236
+ OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1237
+
1238
+ // X509_EXTENSION_set_data set's |ex|'s extension value to a copy of |data|. It
1239
+ // returns one on success and zero on error.
1240
+ OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1241
+ const ASN1_OCTET_STRING *data);
1242
+
1243
+
1244
+ // Extension lists.
1245
+ //
1246
+ // The following functions manipulate lists of extensions. Most of them have
1247
+ // corresponding functions on the containing |X509|, |X509_CRL|, or
1248
+ // |X509_REVOKED|.
1249
+
1250
+ DEFINE_STACK_OF(X509_EXTENSION)
1251
+ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
1252
+
1253
+ // X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
1254
+ // (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
1255
+ DECLARE_ASN1_ITEM(X509_EXTENSIONS)
1256
+
1257
+ // d2i_X509_EXTENSIONS parses up to |len| bytes from |*inp| as a DER-encoded
1258
+ // SEQUENCE OF Extension (RFC 5280), as described in |d2i_SAMPLE|.
1259
+ OPENSSL_EXPORT X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **out,
1260
+ const uint8_t **inp,
1261
+ long len);
1262
+
1263
+ // i2d_X509_EXTENSIONS marshals |alg| as a DER-encoded SEQUENCE OF Extension
1264
+ // (RFC 5280), as described in |i2d_SAMPLE|.
1265
+ OPENSSL_EXPORT int i2d_X509_EXTENSIONS(const X509_EXTENSIONS *alg,
1266
+ uint8_t **outp);
1267
+
1268
+ // X509v3_get_ext_count returns the number of extensions in |x|.
1269
+ OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1270
+
1271
+ // X509v3_get_ext_by_NID returns the index of the first extension in |x| with
1272
+ // type |nid|, or a negative number if not found. If found, callers can use
1273
+ // |X509v3_get_ext| to look up the extension by index.
1274
+ //
1275
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1276
+ // can thus loop over all matching extensions by first passing -1 and then
1277
+ // passing the previously-returned value until no match is returned.
1278
+ OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1279
+ int nid, int lastpos);
1280
+
1281
+ // X509v3_get_ext_by_OBJ behaves like |X509v3_get_ext_by_NID| but looks for
1282
+ // extensions matching |obj|.
1283
+ OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1284
+ const ASN1_OBJECT *obj, int lastpos);
1285
+
1286
+ // X509v3_get_ext_by_critical returns the index of the first extension in |x|
1287
+ // whose critical bit matches |crit|, or a negative number if no such extension
1288
+ // was found.
1289
+ //
1290
+ // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1291
+ // can thus loop over all matching extensions by first passing -1 and then
1292
+ // passing the previously-returned value until no match is returned.
1293
+ OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1294
+ int crit, int lastpos);
1295
+
1296
+ // X509v3_get_ext returns the extension in |x| at index |loc|, or NULL if |loc|
1297
+ // is out of bounds. This function returns a non-const pointer for OpenSSL
1298
+ // compatibility, but callers should not mutate the result.
1299
+ OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
1300
+ int loc);
1301
+
1302
+ // X509v3_delete_ext removes the extension in |x| at index |loc| and returns the
1303
+ // removed extension, or NULL if |loc| was out of bounds. If an extension was
1304
+ // returned, the caller must release it with |X509_EXTENSION_free|.
1305
+ OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
1306
+ int loc);
1307
+
1308
+ // X509v3_add_ext adds a copy of |ex| to the extension list in |*x|. If |*x| is
1309
+ // NULL, it allocates a new |STACK_OF(X509_EXTENSION)| to hold the copy and sets
1310
+ // |*x| to the new list. It returns |*x| on success and NULL on error. The
1311
+ // caller retains ownership of |ex| and can release it independently of |*x|.
1312
+ //
1313
+ // The new extension is inserted at index |loc|, shifting extensions to the
1314
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1315
+ // list.
1316
+ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
1317
+ STACK_OF(X509_EXTENSION) **x, const X509_EXTENSION *ex, int loc);
1318
+
1319
+
1320
+ // Algorithm identifiers.
1321
+ //
1322
+ // An |X509_ALGOR| represents an AlgorithmIdentifier structure, used in X.509
1323
+ // to represent signature algorithms and public key algorithms.
1324
+
1325
+ DEFINE_STACK_OF(X509_ALGOR)
1326
+
1327
+ // X509_ALGOR is an |ASN1_ITEM| whose ASN.1 type is AlgorithmIdentifier and C
1328
+ // type is |X509_ALGOR*|.
1329
+ DECLARE_ASN1_ITEM(X509_ALGOR)
1330
+
1331
+ // X509_ALGOR_new returns a newly-allocated, empty |X509_ALGOR| object, or NULL
1332
+ // on error.
1333
+ OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_new(void);
1334
+
1335
+ // X509_ALGOR_dup returns a newly-allocated copy of |alg|, or NULL on error.
1336
+ // This function works by serializing the structure, so if |alg| is incomplete,
1337
+ // it may fail.
1338
+ OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_dup(const X509_ALGOR *alg);
1339
+
1340
+ // X509_ALGOR_free releases memory associated with |alg|.
1341
+ OPENSSL_EXPORT void X509_ALGOR_free(X509_ALGOR *alg);
1342
+
1343
+ // d2i_X509_ALGOR parses up to |len| bytes from |*inp| as a DER-encoded
1344
+ // AlgorithmIdentifier, as described in |d2i_SAMPLE|.
1345
+ OPENSSL_EXPORT X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **out, const uint8_t **inp,
1346
+ long len);
1347
+
1348
+ // i2d_X509_ALGOR marshals |alg| as a DER-encoded AlgorithmIdentifier, as
1349
+ // described in |i2d_SAMPLE|.
1350
+ OPENSSL_EXPORT int i2d_X509_ALGOR(const X509_ALGOR *alg, uint8_t **outp);
1351
+
1352
+ // X509_ALGOR_set0 sets |alg| to an AlgorithmIdentifier with algorithm |obj| and
1353
+ // parameter determined by |param_type| and |param_value|. It returns one on
1354
+ // success and zero on error. This function takes ownership of |obj| and
1355
+ // |param_value| on success.
1356
+ //
1357
+ // If |param_type| is |V_ASN1_UNDEF|, the parameter is omitted. If |param_type|
1358
+ // is zero, the parameter is left unchanged. Otherwise, |param_type| and
1359
+ // |param_value| are interpreted as in |ASN1_TYPE_set|.
1360
+ //
1361
+ // Note omitting the parameter (|V_ASN1_UNDEF|) and encoding an explicit NULL
1362
+ // value (|V_ASN1_NULL|) are different. Some algorithms require one and some the
1363
+ // other. Consult the relevant specification before calling this function. The
1364
+ // correct parameter for an RSASSA-PKCS1-v1_5 signature is |V_ASN1_NULL|. The
1365
+ // correct one for an ECDSA or Ed25519 signature is |V_ASN1_UNDEF|.
1366
+ OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *obj,
1367
+ int param_type, void *param_value);
1368
+
1369
+ // X509_ALGOR_get0 sets |*out_obj| to the |alg|'s algorithm. If |alg|'s
1370
+ // parameter is omitted, it sets |*out_param_type| and |*out_param_value| to
1371
+ // |V_ASN1_UNDEF| and NULL. Otherwise, it sets |*out_param_type| and
1372
+ // |*out_param_value| to the parameter, using the same representation as
1373
+ // |ASN1_TYPE_set0|. See |ASN1_TYPE_set0| and |ASN1_TYPE| for details.
1374
+ //
1375
+ // Callers that require the parameter in serialized form should, after checking
1376
+ // for |V_ASN1_UNDEF|, use |ASN1_TYPE_set1| and |d2i_ASN1_TYPE|, rather than
1377
+ // inspecting |*out_param_value|.
1378
+ //
1379
+ // Each of |out_obj|, |out_param_type|, and |out_param_value| may be NULL to
1380
+ // ignore the output. If |out_param_type| is NULL, |out_param_value| is ignored.
1381
+ //
1382
+ // WARNING: If |*out_param_type| is set to |V_ASN1_UNDEF|, OpenSSL and older
1383
+ // revisions of BoringSSL leave |*out_param_value| unset rather than setting it
1384
+ // to NULL. Callers that support both OpenSSL and BoringSSL should not assume
1385
+ // |*out_param_value| is uniformly initialized.
1386
+ OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj,
1387
+ int *out_param_type,
1388
+ const void **out_param_value,
1389
+ const X509_ALGOR *alg);
1390
+
1391
+ // X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this
1392
+ // AlgorithmIdentifier represents the hash function itself, not a signature
1393
+ // algorithm that uses |md|.
1394
+ OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
1395
+
1396
+ // X509_ALGOR_cmp returns zero if |a| and |b| are equal, and some non-zero value
1397
+ // otherwise. Note this function can only be used for equality checks, not an
1398
+ // ordering.
1399
+ OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
1400
+
1401
+
1402
+ // Attributes.
1403
+ //
1404
+ // Unlike certificates and CRLs, CSRs use a separate Attribute structure (RFC
1405
+ // 2985, RFC 2986) for extensibility. This is represented by the library as
1406
+ // |X509_ATTRIBUTE|.
1407
+
1408
+ DEFINE_STACK_OF(X509_ATTRIBUTE)
1409
+
1410
+ // X509_ATTRIBUTE is an |ASN1_ITEM| whose ASN.1 type is Attribute (RFC 2986) and
1411
+ // C type is |X509_ATTRIBUTE*|.
1412
+ DECLARE_ASN1_ITEM(X509_ATTRIBUTE)
1413
+
1414
+ // X509_ATTRIBUTE_new returns a newly-allocated, empty |X509_ATTRIBUTE| object,
1415
+ // or NULL on error. |X509_ATTRIBUTE_set1_*| may be used to finish initializing
1416
+ // it.
1417
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_new(void);
1418
+
1419
+ // X509_ATTRIBUTE_dup returns a newly-allocated copy of |attr|, or NULL on
1420
+ // error. This function works by serializing the structure, so if |attr| is
1421
+ // incomplete, it may fail.
1422
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_dup(const X509_ATTRIBUTE *attr);
1423
+
1424
+ // X509_ATTRIBUTE_free releases memory associated with |attr|.
1425
+ OPENSSL_EXPORT void X509_ATTRIBUTE_free(X509_ATTRIBUTE *attr);
1426
+
1427
+ // d2i_X509_ATTRIBUTE parses up to |len| bytes from |*inp| as a DER-encoded
1428
+ // Attribute (RFC 2986), as described in |d2i_SAMPLE|.
1429
+ OPENSSL_EXPORT X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **out,
1430
+ const uint8_t **inp,
1431
+ long len);
1432
+
1433
+ // i2d_X509_ATTRIBUTE marshals |alg| as a DER-encoded Attribute (RFC 2986), as
1434
+ // described in |i2d_SAMPLE|.
1435
+ OPENSSL_EXPORT int i2d_X509_ATTRIBUTE(const X509_ATTRIBUTE *alg,
1436
+ uint8_t **outp);
1437
+
1438
+ // X509_ATTRIBUTE_create returns a newly-allocated |X509_ATTRIBUTE|, or NULL on
1439
+ // error. The attribute has type |nid| and contains a single value determined by
1440
+ // |attrtype| and |value|, which are interpreted as in |ASN1_TYPE_set|. Note
1441
+ // this function takes ownership of |value|.
1442
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int attrtype,
1443
+ void *value);
1444
+
1445
+ // X509_ATTRIBUTE_create_by_NID returns a newly-allocated |X509_ATTRIBUTE| of
1446
+ // type |nid|, or NULL on error. The value is determined as in
1447
+ // |X509_ATTRIBUTE_set1_data|.
1448
+ //
1449
+ // If |attr| is non-NULL, the resulting |X509_ATTRIBUTE| is also written to
1450
+ // |*attr|. If |*attr| was non-NULL when the function was called, |*attr| is
1451
+ // reused instead of creating a new object.
1452
+ //
1453
+ // WARNING: The interpretation of |attrtype|, |data|, and |len| is complex and
1454
+ // error-prone. See |X509_ATTRIBUTE_set1_data| for details.
1455
+ //
1456
+ // WARNING: The object reuse form is deprecated and may be removed in the
1457
+ // future. It also currently incorrectly appends to the reused object's value
1458
+ // set rather than overwriting it.
1459
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(
1460
+ X509_ATTRIBUTE **attr, int nid, int attrtype, const void *data, int len);
1461
+
1462
+ // X509_ATTRIBUTE_create_by_OBJ behaves like |X509_ATTRIBUTE_create_by_NID|
1463
+ // except the attribute's type is determined by |obj|.
1464
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(
1465
+ X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, int attrtype,
1466
+ const void *data, int len);
1467
+
1468
+ // X509_ATTRIBUTE_create_by_txt behaves like |X509_ATTRIBUTE_create_by_NID|
1469
+ // except the attribute's type is determined by calling |OBJ_txt2obj| with
1470
+ // |attrname|.
1471
+ OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(
1472
+ X509_ATTRIBUTE **attr, const char *attrname, int type,
1473
+ const unsigned char *bytes, int len);
1474
+
1475
+ // X509_ATTRIBUTE_set1_object sets |attr|'s type to |obj|. It returns one on
1476
+ // success and zero on error.
1477
+ OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
1478
+ const ASN1_OBJECT *obj);
1479
+
1480
+ // X509_ATTRIBUTE_set1_data appends a value to |attr|'s value set and returns
1481
+ // one on success or zero on error. The value is determined as follows:
1482
+ //
1483
+ // If |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
1484
+ // string is determined by decoding |len| bytes from |data| in the encoding
1485
+ // specified by |attrtype|, and then re-encoding it in a form appropriate for
1486
+ // |attr|'s type. If |len| is -1, |strlen(data)| is used instead. See
1487
+ // |ASN1_STRING_set_by_NID| for details.
1488
+ //
1489
+ // Otherwise, if |len| is not -1, the value is an ASN.1 string. |attrtype| is an
1490
+ // |ASN1_STRING| type value and the |len| bytes from |data| are copied as the
1491
+ // type-specific representation of |ASN1_STRING|. See |ASN1_STRING| for details.
1492
+ //
1493
+ // WARNING: If this form is used to construct a negative INTEGER or ENUMERATED,
1494
+ // |attrtype| includes the |V_ASN1_NEG| flag for |ASN1_STRING|, but the function
1495
+ // forgets to clear the flag for |ASN1_TYPE|. This matches OpenSSL but is
1496
+ // probably a bug. For now, do not use this form with negative values.
1497
+ //
1498
+ // Otherwise, if |len| is -1, the value is constructed by passing |attrtype| and
1499
+ // |data| to |ASN1_TYPE_set1|. That is, |attrtype| is an |ASN1_TYPE| type value,
1500
+ // and |data| is cast to the corresponding pointer type.
1501
+ //
1502
+ // WARNING: Despite the name, this function appends to |attr|'s value set,
1503
+ // rather than overwriting it. To overwrite the value set, create a new
1504
+ // |X509_ATTRIBUTE| with |X509_ATTRIBUTE_new|.
1505
+ //
1506
+ // WARNING: If using the |MBSTRING_*| form, pass a length rather than relying on
1507
+ // |strlen|. In particular, |strlen| will not behave correctly if the input is
1508
+ // |MBSTRING_BMP| or |MBSTRING_UNIV|.
1509
+ //
1510
+ // WARNING: This function currently misinterprets |V_ASN1_OTHER| as an
1511
+ // |MBSTRING_*| constant. This matches OpenSSL but means it is impossible to
1512
+ // construct a value with a non-universal tag.
1513
+ OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
1514
+ const void *data, int len);
562
1515
 
563
- // X509_signature_print writes a human-readable representation of |alg| and
564
- // |sig| to |bio|. It returns one on success and zero on error.
565
- OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
566
- const ASN1_STRING *sig);
1516
+ // X509_ATTRIBUTE_get0_data returns the |idx|th value of |attr| in a
1517
+ // type-specific representation to |attrtype|, or NULL if out of bounds or the
1518
+ // type does not match. |attrtype| is one of the type values in |ASN1_TYPE|. On
1519
+ // match, the return value uses the same representation as |ASN1_TYPE_set0|. See
1520
+ // |ASN1_TYPE| for details.
1521
+ OPENSSL_EXPORT void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1522
+ int attrtype, void *unused);
567
1523
 
568
- // X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
569
- // signature fields. It returns one on success and zero on error. This function
570
- // uses digest algorithm |md|, or |pkey|'s default if NULL. Other signing
571
- // parameters use |pkey|'s defaults. To customize them, use |X509_sign_ctx|.
572
- OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
1524
+ // X509_ATTRIBUTE_count returns the number of values in |attr|.
1525
+ OPENSSL_EXPORT int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
573
1526
 
574
- // X509_sign_ctx signs |x509| with |ctx| and replaces the signature algorithm
575
- // and signature fields. It returns one on success and zero on error. The
576
- // signature algorithm and parameters come from |ctx|, which must have been
577
- // initialized with |EVP_DigestSignInit|. The caller should configure the
578
- // corresponding |EVP_PKEY_CTX| before calling this function.
579
- OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
1527
+ // X509_ATTRIBUTE_get0_object returns the type of |attr|.
1528
+ OPENSSL_EXPORT ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
580
1529
 
581
- // X509_REQ_sign signs |req| with |pkey| and replaces the signature algorithm
582
- // and signature fields. It returns one on success and zero on error. This
583
- // function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
584
- // signing parameters use |pkey|'s defaults. To customize them, use
585
- // |X509_REQ_sign_ctx|.
586
- OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
587
- const EVP_MD *md);
1530
+ // X509_ATTRIBUTE_get0_type returns the |idx|th value in |attr|, or NULL if out
1531
+ // of bounds. Note this function returns one of |attr|'s values, not the type.
1532
+ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
1533
+ int idx);
588
1534
 
589
- // X509_REQ_sign_ctx signs |req| with |ctx| and replaces the signature algorithm
590
- // and signature fields. It returns one on success and zero on error. The
591
- // signature algorithm and parameters come from |ctx|, which must have been
592
- // initialized with |EVP_DigestSignInit|. The caller should configure the
593
- // corresponding |EVP_PKEY_CTX| before calling this function.
594
- OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
595
1535
 
596
- // X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
597
- // and signature fields. It returns one on success and zero on error. This
598
- // function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
599
- // signing parameters use |pkey|'s defaults. To customize them, use
600
- // |X509_CRL_sign_ctx|.
601
- OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
602
- const EVP_MD *md);
1536
+ // SignedPublicKeyAndChallenge structures.
1537
+ //
1538
+ // The SignedPublicKeyAndChallenge (SPKAC) is a legacy structure to request
1539
+ // certificates, primarily in the legacy <keygen> HTML tag. An SPKAC structure
1540
+ // is represented by a |NETSCAPE_SPKI| structure.
1541
+ //
1542
+ // The structure is described in
1543
+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
603
1544
 
604
- // X509_CRL_sign_ctx signs |crl| with |ctx| and replaces the signature algorithm
605
- // and signature fields. It returns one on success and zero on error. The
606
- // signature algorithm and parameters come from |ctx|, which must have been
607
- // initialized with |EVP_DigestSignInit|. The caller should configure the
608
- // corresponding |EVP_PKEY_CTX| before calling this function.
609
- OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
1545
+ // A Netscape_spki_st, or |NETSCAPE_SPKI|, represents a
1546
+ // SignedPublicKeyAndChallenge structure. Although this structure contains a
1547
+ // |spkac| field of type |NETSCAPE_SPKAC|, these are misnamed. The SPKAC is the
1548
+ // entire structure, not the signed portion.
1549
+ struct Netscape_spki_st {
1550
+ NETSCAPE_SPKAC *spkac;
1551
+ X509_ALGOR *sig_algor;
1552
+ ASN1_BIT_STRING *signature;
1553
+ } /* NETSCAPE_SPKI */;
1554
+
1555
+ // NETSCAPE_SPKI is an |ASN1_ITEM| whose ASN.1 type is
1556
+ // SignedPublicKeyAndChallenge and C type is |NETSCAPE_SPKI*|.
1557
+ DECLARE_ASN1_ITEM(NETSCAPE_SPKI)
1558
+
1559
+ // NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
1560
+ // NULL on error.
1561
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
1562
+
1563
+ // NETSCAPE_SPKI_free releases memory associated with |spki|.
1564
+ OPENSSL_EXPORT void NETSCAPE_SPKI_free(NETSCAPE_SPKI *spki);
1565
+
1566
+ // d2i_NETSCAPE_SPKI parses up to |len| bytes from |*inp| as a DER-encoded
1567
+ // SignedPublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1568
+ OPENSSL_EXPORT NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **out,
1569
+ const uint8_t **inp, long len);
1570
+
1571
+ // i2d_NETSCAPE_SPKI marshals |spki| as a DER-encoded
1572
+ // SignedPublicKeyAndChallenge structure, as described in |i2d_SAMPLE|.
1573
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKI(const NETSCAPE_SPKI *spki, uint8_t **outp);
1574
+
1575
+ // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
1576
+ // returns one if the signature is valid and zero otherwise.
1577
+ OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
1578
+
1579
+ // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
1580
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1581
+ // |NETSCAPE_SPKI| structure with the result, or NULL on error. If |len| is 0 or
1582
+ // negative, the length is calculated with |strlen| and |str| must be a
1583
+ // NUL-terminated C string.
1584
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
1585
+ ossl_ssize_t len);
1586
+
1587
+ // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded
1588
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1589
+ // NUL-terminated C string with the result, or NULL on error. The caller must
1590
+ // release the memory with |OPENSSL_free| when done.
1591
+ OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
1592
+
1593
+ // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
1594
+ // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
1595
+ // pointer and must call |EVP_PKEY_free| when done.
1596
+ OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
1597
+
1598
+ // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
1599
+ // on success or zero on error. This function does not take ownership of |pkey|,
1600
+ // so the caller may continue to manage its lifetime independently of |spki|.
1601
+ OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
1602
+ EVP_PKEY *pkey);
610
1603
 
611
1604
  // NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
612
- // algorithm and signature fields. It returns one on success and zero on error.
613
- // This function uses digest algorithm |md|, or |pkey|'s default if NULL. Other
614
- // signing parameters use |pkey|'s defaults.
1605
+ // algorithm and signature fields. It returns the length of the signature on
1606
+ // success and zero on error. This function uses digest algorithm |md|, or
1607
+ // |pkey|'s default if NULL. Other signing parameters use |pkey|'s defaults.
615
1608
  OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
616
1609
  const EVP_MD *md);
617
1610
 
618
- // X509_pubkey_digest hashes the DER encoding of |x509|'s subjectPublicKeyInfo
619
- // field with |md| and writes the result to |out|. |EVP_MD_CTX_size| bytes are
620
- // written, which is at most |EVP_MAX_MD_SIZE|. If |out_len| is not NULL,
621
- // |*out_len| is set to the number of bytes written. This function returns one
622
- // on success and zero on error.
1611
+ // A Netscape_spkac_st, or |NETSCAPE_SPKAC|, represents a PublicKeyAndChallenge
1612
+ // structure. This type is misnamed. The full SPKAC includes the signature,
1613
+ // which is represented with the |NETSCAPE_SPKI| type.
1614
+ struct Netscape_spkac_st {
1615
+ X509_PUBKEY *pubkey;
1616
+ ASN1_IA5STRING *challenge;
1617
+ } /* NETSCAPE_SPKAC */;
1618
+
1619
+ // NETSCAPE_SPKAC is an |ASN1_ITEM| whose ASN.1 type is PublicKeyAndChallenge
1620
+ // and C type is |NETSCAPE_SPKAC*|.
1621
+ DECLARE_ASN1_ITEM(NETSCAPE_SPKAC)
1622
+
1623
+ // NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
1624
+ // or NULL on error.
1625
+ OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
1626
+
1627
+ // NETSCAPE_SPKAC_free releases memory associated with |spkac|.
1628
+ OPENSSL_EXPORT void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *spkac);
1629
+
1630
+ // d2i_NETSCAPE_SPKAC parses up to |len| bytes from |*inp| as a DER-encoded
1631
+ // PublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1632
+ OPENSSL_EXPORT NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **out,
1633
+ const uint8_t **inp,
1634
+ long len);
1635
+
1636
+ // i2d_NETSCAPE_SPKAC marshals |spkac| as a DER-encoded PublicKeyAndChallenge
1637
+ // structure, as described in |i2d_SAMPLE|.
1638
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
1639
+ uint8_t **outp);
1640
+
1641
+
1642
+ // Printing functions.
1643
+ //
1644
+ // The following functions output human-readable representations of
1645
+ // X.509-related structures. They should only be used for debugging or logging
1646
+ // and not parsed programmatically. In many cases, the outputs are ambiguous, so
1647
+ // attempting to parse them can lead to string injection vulnerabilities.
1648
+
1649
+ // The following flags control |X509_print_ex| and |X509_REQ_print_ex|.
1650
+
1651
+ // X509_FLAG_COMPAT disables all flags. It additionally causes names to be
1652
+ // printed with a 16-byte indent.
1653
+ #define X509_FLAG_COMPAT 0
1654
+
1655
+ // X509_FLAG_NO_HEADER skips a header identifying the type of object printed.
1656
+ #define X509_FLAG_NO_HEADER 1L
1657
+
1658
+ // X509_FLAG_NO_VERSION skips printing the X.509 version number.
1659
+ #define X509_FLAG_NO_VERSION (1L << 1)
1660
+
1661
+ // X509_FLAG_NO_SERIAL skips printing the serial number. It is ignored in
1662
+ // |X509_REQ_print_fp|.
1663
+ #define X509_FLAG_NO_SERIAL (1L << 2)
1664
+
1665
+ // X509_FLAG_NO_SIGNAME skips printing the signature algorithm in the
1666
+ // TBSCertificate. It is ignored in |X509_REQ_print_fp|.
1667
+ #define X509_FLAG_NO_SIGNAME (1L << 3)
1668
+
1669
+ // X509_FLAG_NO_ISSUER skips printing the issuer.
1670
+ #define X509_FLAG_NO_ISSUER (1L << 4)
1671
+
1672
+ // X509_FLAG_NO_VALIDITY skips printing the notBefore and notAfter times. It is
1673
+ // ignored in |X509_REQ_print_fp|.
1674
+ #define X509_FLAG_NO_VALIDITY (1L << 5)
1675
+
1676
+ // X509_FLAG_NO_SUBJECT skips printing the subject.
1677
+ #define X509_FLAG_NO_SUBJECT (1L << 6)
1678
+
1679
+ // X509_FLAG_NO_PUBKEY skips printing the public key.
1680
+ #define X509_FLAG_NO_PUBKEY (1L << 7)
1681
+
1682
+ // X509_FLAG_NO_EXTENSIONS skips printing the extension list. It is ignored in
1683
+ // |X509_REQ_print_fp|. CSRs instead have attributes, which is controlled by
1684
+ // |X509_FLAG_NO_ATTRIBUTES|.
1685
+ #define X509_FLAG_NO_EXTENSIONS (1L << 8)
1686
+
1687
+ // X509_FLAG_NO_SIGDUMP skips printing the signature and outer signature
1688
+ // algorithm.
1689
+ #define X509_FLAG_NO_SIGDUMP (1L << 9)
1690
+
1691
+ // X509_FLAG_NO_AUX skips printing auxiliary properties. (See |d2i_X509_AUX| and
1692
+ // related functions.)
1693
+ #define X509_FLAG_NO_AUX (1L << 10)
1694
+
1695
+ // X509_FLAG_NO_ATTRIBUTES skips printing CSR attributes. It does nothing for
1696
+ // certificates and CRLs.
1697
+ #define X509_FLAG_NO_ATTRIBUTES (1L << 11)
1698
+
1699
+ // X509_FLAG_NO_IDS skips printing the issuerUniqueID and subjectUniqueID in a
1700
+ // certificate. It is ignored in |X509_REQ_print_fp|.
1701
+ #define X509_FLAG_NO_IDS (1L << 12)
1702
+
1703
+ // X509_print_ex writes a human-readable representation of |x| to |bp|. It
1704
+ // returns one on success and zero on error. |nmflags| is the flags parameter
1705
+ // for |X509_NAME_print_ex| when printing the subject and issuer. |cflag| should
1706
+ // be some combination of the |X509_FLAG_*| constants.
1707
+ OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
1708
+ unsigned long cflag);
1709
+
1710
+ // X509_print_ex_fp behaves like |X509_print_ex| but writes to |fp|.
1711
+ OPENSSL_EXPORT int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
1712
+ unsigned long cflag);
1713
+
1714
+ // X509_print calls |X509_print_ex| with |XN_FLAG_COMPAT| and |X509_FLAG_COMPAT|
1715
+ // flags.
1716
+ OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
1717
+
1718
+ // X509_print_fp behaves like |X509_print| but writes to |fp|.
1719
+ OPENSSL_EXPORT int X509_print_fp(FILE *fp, X509 *x);
1720
+
1721
+ // X509_CRL_print writes a human-readable representation of |x| to |bp|. It
1722
+ // returns one on success and zero on error.
1723
+ OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
1724
+
1725
+ // X509_CRL_print_fp behaves like |X509_CRL_print| but writes to |fp|.
1726
+ OPENSSL_EXPORT int X509_CRL_print_fp(FILE *fp, X509_CRL *x);
1727
+
1728
+ // X509_REQ_print_ex writes a human-readable representation of |x| to |bp|. It
1729
+ // returns one on success and zero on error. |nmflags| is the flags parameter
1730
+ // for |X509_NAME_print_ex|, when printing the subject. |cflag| should be some
1731
+ // combination of the |X509_FLAG_*| constants.
1732
+ OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
1733
+ unsigned long cflag);
1734
+
1735
+ // X509_REQ_print calls |X509_REQ_print_ex| with |XN_FLAG_COMPAT| and
1736
+ // |X509_FLAG_COMPAT| flags.
1737
+ OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
1738
+
1739
+ // X509_REQ_print_fp behaves like |X509_REQ_print| but writes to |fp|.
1740
+ OPENSSL_EXPORT int X509_REQ_print_fp(FILE *fp, X509_REQ *req);
1741
+
1742
+ // The following flags are control |X509_NAME_print_ex|. They must not collide
1743
+ // with |ASN1_STRFLGS_*|.
1744
+ //
1745
+ // TODO(davidben): This is far, far too many options and most of them are
1746
+ // useless. Trim this down.
1747
+
1748
+ // XN_FLAG_COMPAT prints with |X509_NAME_print|'s format and return value
1749
+ // convention.
1750
+ #define XN_FLAG_COMPAT 0
1751
+
1752
+ // XN_FLAG_SEP_MASK determines the separators to use between attributes.
1753
+ #define XN_FLAG_SEP_MASK (0xf << 16)
1754
+
1755
+ // XN_FLAG_SEP_COMMA_PLUS separates RDNs with "," and attributes within an RDN
1756
+ // with "+", as in RFC 2253.
1757
+ #define XN_FLAG_SEP_COMMA_PLUS (1 << 16)
1758
+
1759
+ // XN_FLAG_SEP_CPLUS_SPC behaves like |XN_FLAG_SEP_COMMA_PLUS| but adds spaces
1760
+ // between the separators.
1761
+ #define XN_FLAG_SEP_CPLUS_SPC (2 << 16)
1762
+
1763
+ // XN_FLAG_SEP_SPLUS_SPC separates RDNs with "; " and attributes within an RDN
1764
+ // with " + ".
1765
+ #define XN_FLAG_SEP_SPLUS_SPC (3 << 16)
1766
+
1767
+ // XN_FLAG_SEP_MULTILINE prints each attribute on one line.
1768
+ #define XN_FLAG_SEP_MULTILINE (4 << 16)
1769
+
1770
+ // XN_FLAG_DN_REV prints RDNs in reverse, from least significant to most
1771
+ // significant, as RFC 2253.
1772
+ #define XN_FLAG_DN_REV (1 << 20)
1773
+
1774
+ // XN_FLAG_FN_MASK determines how attribute types are displayed.
1775
+ #define XN_FLAG_FN_MASK (0x3 << 21)
1776
+
1777
+ // XN_FLAG_FN_SN uses the attribute type's short name, when available.
1778
+ #define XN_FLAG_FN_SN 0
1779
+
1780
+ // XN_FLAG_SPC_EQ wraps the "=" operator with spaces when printing attributes.
1781
+ #define XN_FLAG_SPC_EQ (1 << 23)
1782
+
1783
+ // XN_FLAG_DUMP_UNKNOWN_FIELDS causes unknown attribute types to be printed in
1784
+ // hex, as in RFC 2253.
1785
+ #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
1786
+
1787
+ // XN_FLAG_RFC2253 prints like RFC 2253.
1788
+ #define XN_FLAG_RFC2253 \
1789
+ (ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \
1790
+ XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS)
1791
+
1792
+ // XN_FLAG_ONELINE prints a one-line representation of the name.
1793
+ #define XN_FLAG_ONELINE \
1794
+ (ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | \
1795
+ XN_FLAG_SPC_EQ | XN_FLAG_FN_SN)
1796
+
1797
+ // X509_NAME_print_ex writes a human-readable representation of |nm| to |out|.
1798
+ // Each line of output is indented by |indent| spaces. It returns the number of
1799
+ // bytes written on success, and -1 on error. If |out| is NULL, it returns the
1800
+ // number of bytes it would have written but does not write anything. |flags|
1801
+ // should be some combination of |XN_FLAG_*| and |ASN1_STRFLGS_*| values and
1802
+ // determines the output. If unsure, use |XN_FLAG_RFC2253|.
1803
+ //
1804
+ // If |flags| is |XN_FLAG_COMPAT|, or zero, this function calls
1805
+ // |X509_NAME_print| instead. In that case, it returns one on success, rather
1806
+ // than the output length.
1807
+ OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
1808
+ unsigned long flags);
1809
+
1810
+ // X509_NAME_print prints a human-readable representation of |name| to |bp|. It
1811
+ // returns one on success and zero on error. |obase| is ignored.
1812
+ //
1813
+ // This function outputs a legacy format that does not correctly handle string
1814
+ // encodings and other cases. Prefer |X509_NAME_print_ex| if printing a name for
1815
+ // debugging purposes.
1816
+ OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
1817
+
1818
+ // X509_NAME_oneline writes a human-readable representation to |name| to a
1819
+ // buffer as a NUL-terminated C string.
1820
+ //
1821
+ // If |buf| is NULL, returns a newly-allocated buffer containing the result on
1822
+ // success, or NULL on error. The buffer must be released with |OPENSSL_free|
1823
+ // when done.
1824
+ //
1825
+ // If |buf| is non-NULL, at most |size| bytes of output are written to |buf|
1826
+ // instead. |size| includes the trailing NUL. The function then returns |buf| on
1827
+ // success or NULL on error. If the output does not fit in |size| bytes, the
1828
+ // output is silently truncated at an attribute boundary.
1829
+ //
1830
+ // This function outputs a legacy format that does not correctly handle string
1831
+ // encodings and other cases. Prefer |X509_NAME_print_ex| if printing a name for
1832
+ // debugging purposes.
1833
+ OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *name, char *buf, int size);
1834
+
1835
+ // X509_NAME_print_ex_fp behaves like |X509_NAME_print_ex| but writes to |fp|.
1836
+ OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm,
1837
+ int indent, unsigned long flags);
1838
+
1839
+ // X509_signature_dump writes a human-readable representation of |sig| to |bio|,
1840
+ // indented with |indent| spaces. It returns one on success and zero on error.
1841
+ OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
1842
+ int indent);
1843
+
1844
+ // X509_signature_print writes a human-readable representation of |alg| and
1845
+ // |sig| to |bio|. It returns one on success and zero on error.
1846
+ OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
1847
+ const ASN1_STRING *sig);
1848
+
1849
+
1850
+ // Convenience functions.
1851
+
1852
+ // X509_pubkey_digest hashes the contents of the BIT STRING in |x509|'s
1853
+ // subjectPublicKeyInfo field with |md| and writes the result to |out|.
1854
+ // |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. If
1855
+ // |out_len| is not NULL, |*out_len| is set to the number of bytes written. This
1856
+ // function returns one on success and zero on error.
1857
+ //
1858
+ // This hash omits the BIT STRING tag, length, and number of unused bits. It
1859
+ // also omits the AlgorithmIdentifier which describes the key type. It
1860
+ // corresponds to the OCSP KeyHash definition and is not suitable for other
1861
+ // purposes.
623
1862
  OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md,
624
1863
  uint8_t *out, unsigned *out_len);
625
1864
 
@@ -631,169 +1870,128 @@ OPENSSL_EXPORT int X509_pubkey_digest(const X509 *x509, const EVP_MD *md,
631
1870
  OPENSSL_EXPORT int X509_digest(const X509 *x509, const EVP_MD *md, uint8_t *out,
632
1871
  unsigned *out_len);
633
1872
 
634
- // X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result
635
- // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
636
- // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
637
- // of bytes written. This function returns one on success and zero on error.
638
- // Note this digest covers the entire CRL, not just the signed portion.
639
- OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md,
640
- uint8_t *out, unsigned *out_len);
641
-
642
- // X509_REQ_digest hashes |req|'s DER encoding with |md| and writes the result
643
- // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
644
- // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
645
- // of bytes written. This function returns one on success and zero on error.
646
- // Note this digest covers the entire certificate request, not just the signed
647
- // portion.
648
- OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md,
649
- uint8_t *out, unsigned *out_len);
650
-
651
- // X509_NAME_digest hashes |name|'s DER encoding with |md| and writes the result
652
- // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
653
- // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
654
- // of bytes written. This function returns one on success and zero on error.
655
- OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md,
656
- uint8_t *out, unsigned *out_len);
657
-
658
- // X509_parse_from_buffer parses an X.509 structure from |buf| and returns a
659
- // fresh X509 or NULL on error. There must not be any trailing data in |buf|.
660
- // The returned structure (if any) holds a reference to |buf| rather than
661
- // copying parts of it as a normal |d2i_X509| call would do.
662
- OPENSSL_EXPORT X509 *X509_parse_from_buffer(CRYPTO_BUFFER *buf);
663
-
664
- OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509);
665
- OPENSSL_EXPORT int i2d_X509_fp(FILE *fp, X509 *x509);
666
- OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
667
- OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
668
- OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
669
- OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
670
- OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
671
- OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
672
- OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
673
- OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
674
- OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
675
- OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
676
- #ifndef OPENSSL_NO_DSA
677
- OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
678
- OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
679
- OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
680
- OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
681
- #endif
682
- OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
683
- OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
684
- OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
685
- OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
686
- OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
687
- OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
688
- OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(
689
- FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf);
690
- OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
691
- PKCS8_PRIV_KEY_INFO *p8inf);
692
- OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
693
- OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
694
- OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
695
- OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
696
- OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
1873
+ // X509_CRL_digest hashes |crl|'s DER encoding with |md| and writes the result
1874
+ // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
1875
+ // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
1876
+ // of bytes written. This function returns one on success and zero on error.
1877
+ // Note this digest covers the entire CRL, not just the signed portion.
1878
+ OPENSSL_EXPORT int X509_CRL_digest(const X509_CRL *crl, const EVP_MD *md,
1879
+ uint8_t *out, unsigned *out_len);
1880
+
1881
+ // X509_REQ_digest hashes |req|'s DER encoding with |md| and writes the result
1882
+ // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
1883
+ // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
1884
+ // of bytes written. This function returns one on success and zero on error.
1885
+ // Note this digest covers the entire certificate request, not just the signed
1886
+ // portion.
1887
+ OPENSSL_EXPORT int X509_REQ_digest(const X509_REQ *req, const EVP_MD *md,
1888
+ uint8_t *out, unsigned *out_len);
697
1889
 
1890
+ // X509_NAME_digest hashes |name|'s DER encoding with |md| and writes the result
1891
+ // to |out|. |EVP_MD_CTX_size| bytes are written, which is at most
1892
+ // |EVP_MAX_MD_SIZE|. If |out_len| is not NULL, |*out_len| is set to the number
1893
+ // of bytes written. This function returns one on success and zero on error.
1894
+ OPENSSL_EXPORT int X509_NAME_digest(const X509_NAME *name, const EVP_MD *md,
1895
+ uint8_t *out, unsigned *out_len);
1896
+
1897
+ // The following functions behave like the corresponding unsuffixed |d2i_*|
1898
+ // functions, but read the result from |bp| instead. Callers using these
1899
+ // functions with memory |BIO|s to parse structures already in memory should use
1900
+ // |d2i_*| instead.
698
1901
  OPENSSL_EXPORT X509 *d2i_X509_bio(BIO *bp, X509 **x509);
699
- OPENSSL_EXPORT int i2d_X509_bio(BIO *bp, X509 *x509);
700
1902
  OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
701
- OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
702
1903
  OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
703
- OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
704
1904
  OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
705
- OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
706
1905
  OPENSSL_EXPORT RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
707
- OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
708
1906
  OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
709
- OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
710
- #ifndef OPENSSL_NO_DSA
711
1907
  OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
712
- OPENSSL_EXPORT int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
713
1908
  OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
714
- OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
715
- #endif
716
1909
  OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
717
- OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
718
1910
  OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
719
- OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
720
1911
  OPENSSL_EXPORT X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
721
- OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
722
1912
  OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(
723
1913
  BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf);
1914
+ OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
1915
+ OPENSSL_EXPORT DH *d2i_DHparams_bio(BIO *bp, DH **dh);
1916
+
1917
+ // d2i_PrivateKey_bio behaves like |d2i_AutoPrivateKey|, but reads from |bp|
1918
+ // instead.
1919
+ OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
1920
+
1921
+ // The following functions behave like the corresponding unsuffixed |i2d_*|
1922
+ // functions, but write the result to |bp|. They return one on success and zero
1923
+ // on error. Callers using them with memory |BIO|s to encode structures to
1924
+ // memory should use |i2d_*| directly instead.
1925
+ OPENSSL_EXPORT int i2d_X509_bio(BIO *bp, X509 *x509);
1926
+ OPENSSL_EXPORT int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
1927
+ OPENSSL_EXPORT int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
1928
+ OPENSSL_EXPORT int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
1929
+ OPENSSL_EXPORT int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
1930
+ OPENSSL_EXPORT int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
1931
+ OPENSSL_EXPORT int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
1932
+ OPENSSL_EXPORT int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
1933
+ OPENSSL_EXPORT int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
1934
+ OPENSSL_EXPORT int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
1935
+ OPENSSL_EXPORT int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
724
1936
  OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
725
1937
  PKCS8_PRIV_KEY_INFO *p8inf);
726
- OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
727
1938
  OPENSSL_EXPORT int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
728
- OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
729
1939
  OPENSSL_EXPORT int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
730
- OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
731
- OPENSSL_EXPORT DH *d2i_DHparams_bio(BIO *bp, DH **dh);
732
1940
  OPENSSL_EXPORT int i2d_DHparams_bio(BIO *bp, const DH *dh);
733
1941
 
734
- OPENSSL_EXPORT X509 *X509_dup(X509 *x509);
735
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
736
- OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
737
- OPENSSL_EXPORT X509_CRL *X509_CRL_dup(X509_CRL *crl);
738
- OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
739
- OPENSSL_EXPORT X509_REQ *X509_REQ_dup(X509_REQ *req);
740
- OPENSSL_EXPORT X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
741
-
742
- // X509_ALGOR_set0 sets |alg| to an AlgorithmIdentifier with algorithm |obj| and
743
- // parameter determined by |param_type| and |param_value|. It returns one on
744
- // success and zero on error. This function takes ownership of |obj| and
745
- // |param_value| on success.
746
- //
747
- // If |param_type| is |V_ASN1_UNDEF|, the parameter is omitted. If |param_type|
748
- // is zero, the parameter is left unchanged. Otherwise, |param_type| and
749
- // |param_value| are interpreted as in |ASN1_TYPE_set|.
750
- //
751
- // Note omitting the parameter (|V_ASN1_UNDEF|) and encoding an explicit NULL
752
- // value (|V_ASN1_NULL|) are different. Some algorithms require one and some the
753
- // other. Consult the relevant specification before calling this function. The
754
- // correct parameter for an RSASSA-PKCS1-v1_5 signature is |V_ASN1_NULL|. The
755
- // correct one for an ECDSA or Ed25519 signature is |V_ASN1_UNDEF|.
756
- OPENSSL_EXPORT int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *obj,
757
- int param_type, void *param_value);
758
-
759
- // X509_ALGOR_get0 sets |*out_obj| to the |alg|'s algorithm. If |alg|'s
760
- // parameter is omitted, it sets |*out_param_type| and |*out_param_value| to
761
- // |V_ASN1_UNDEF| and NULL. Otherwise, it sets |*out_param_type| and
762
- // |*out_param_value| to the parameter, using the same representation as
763
- // |ASN1_TYPE_set0|. See |ASN1_TYPE_set0| and |ASN1_TYPE| for details.
764
- //
765
- // Callers that require the parameter in serialized form should, after checking
766
- // for |V_ASN1_UNDEF|, use |ASN1_TYPE_set1| and |d2i_ASN1_TYPE|, rather than
767
- // inspecting |*out_param_value|.
768
- //
769
- // Each of |out_obj|, |out_param_type|, and |out_param_value| may be NULL to
770
- // ignore the output. If |out_param_type| is NULL, |out_param_value| is ignored.
771
- //
772
- // WARNING: If |*out_param_type| is set to |V_ASN1_UNDEF|, OpenSSL and older
773
- // revisions of BoringSSL leave |*out_param_value| unset rather than setting it
774
- // to NULL. Callers that support both OpenSSL and BoringSSL should not assume
775
- // |*out_param_value| is uniformly initialized.
776
- OPENSSL_EXPORT void X509_ALGOR_get0(const ASN1_OBJECT **out_obj,
777
- int *out_param_type,
778
- const void **out_param_value,
779
- const X509_ALGOR *alg);
1942
+ // i2d_PKCS8PrivateKeyInfo_bio encodes |key| as a PKCS#8 PrivateKeyInfo
1943
+ // structure (see |EVP_marshal_private_key|) and writes the result to |bp|. It
1944
+ // returns one on success and zero on error.
1945
+ OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
780
1946
 
781
- // X509_ALGOR_set_md sets |alg| to the hash function |md|. Note this
782
- // AlgorithmIdentifier represents the hash function itself, not a signature
783
- // algorithm that uses |md|.
784
- OPENSSL_EXPORT void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
1947
+ // The following functions behave like the corresponding |d2i_*_bio| functions,
1948
+ // but read from |fp| instead.
1949
+ OPENSSL_EXPORT X509 *d2i_X509_fp(FILE *fp, X509 **x509);
1950
+ OPENSSL_EXPORT X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
1951
+ OPENSSL_EXPORT X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
1952
+ OPENSSL_EXPORT RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
1953
+ OPENSSL_EXPORT RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
1954
+ OPENSSL_EXPORT RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
1955
+ OPENSSL_EXPORT DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
1956
+ OPENSSL_EXPORT DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
1957
+ OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
1958
+ OPENSSL_EXPORT EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
1959
+ OPENSSL_EXPORT X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
1960
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(
1961
+ FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf);
1962
+ OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
1963
+ OPENSSL_EXPORT EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
785
1964
 
786
- // X509_ALGOR_cmp returns zero if |a| and |b| are equal, and some non-zero value
787
- // otherwise. Note this function can only be used for equality checks, not an
788
- // ordering.
789
- OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
1965
+ // The following functions behave like the corresponding |i2d_*_bio| functions,
1966
+ // but write to |fp| instead.
1967
+ OPENSSL_EXPORT int i2d_X509_fp(FILE *fp, X509 *x509);
1968
+ OPENSSL_EXPORT int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
1969
+ OPENSSL_EXPORT int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
1970
+ OPENSSL_EXPORT int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
1971
+ OPENSSL_EXPORT int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
1972
+ OPENSSL_EXPORT int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
1973
+ OPENSSL_EXPORT int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
1974
+ OPENSSL_EXPORT int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
1975
+ OPENSSL_EXPORT int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
1976
+ OPENSSL_EXPORT int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
1977
+ OPENSSL_EXPORT int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
1978
+ OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
1979
+ PKCS8_PRIV_KEY_INFO *p8inf);
1980
+ OPENSSL_EXPORT int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
1981
+ OPENSSL_EXPORT int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
1982
+ OPENSSL_EXPORT int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
790
1983
 
791
- OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *xn);
792
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
793
- OPENSSL_EXPORT int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
1984
+ // X509_find_by_issuer_and_serial returns the first |X509| in |sk| whose issuer
1985
+ // and serial are |name| and |serial|, respectively. If no match is found, it
1986
+ // returns NULL.
1987
+ OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(const STACK_OF(X509) *sk,
1988
+ X509_NAME *name,
1989
+ const ASN1_INTEGER *serial);
794
1990
 
795
- OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
796
- size_t *pderlen);
1991
+ // X509_find_by_subject returns the first |X509| in |sk| whose subject is
1992
+ // |name|. If no match is found, it returns NULL.
1993
+ OPENSSL_EXPORT X509 *X509_find_by_subject(const STACK_OF(X509) *sk,
1994
+ X509_NAME *name);
797
1995
 
798
1996
  // X509_cmp_time compares |s| against |*t|. On success, it returns a negative
799
1997
  // number if |s| <= |*t| and a positive number if |s| > |*t|. On error, it
@@ -803,6 +2001,14 @@ OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
803
2001
  // error, not equality.
804
2002
  OPENSSL_EXPORT int X509_cmp_time(const ASN1_TIME *s, time_t *t);
805
2003
 
2004
+ // X509_cmp_time_posix compares |s| against |t|. On success, it returns a
2005
+ // negative number if |s| <= |t| and a positive number if |s| > |t|. On error,
2006
+ // it returns zero.
2007
+ //
2008
+ // WARNING: Unlike most comparison functions, this function returns zero on
2009
+ // error, not equality.
2010
+ OPENSSL_EXPORT int X509_cmp_time_posix(const ASN1_TIME *s, int64_t t);
2011
+
806
2012
  // X509_cmp_current_time behaves like |X509_cmp_time| but compares |s| against
807
2013
  // the current time.
808
2014
  OPENSSL_EXPORT int X509_cmp_current_time(const ASN1_TIME *s);
@@ -820,419 +2026,307 @@ OPENSSL_EXPORT ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day,
820
2026
  // current time.
821
2027
  OPENSSL_EXPORT ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec);
822
2028
 
823
- OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
824
- OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
825
- OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
826
- OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
827
- OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
828
- OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
829
-
830
- OPENSSL_EXPORT X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey,
831
- const EVP_MD *md);
832
-
833
- DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
834
2029
 
835
- DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
836
-
837
- // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
838
- // structure. On success, it frees |*x|, sets |*x| to the new object, and
839
- // returns one. Otherwise, it returns zero.
840
- OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
2030
+ // ex_data functions.
2031
+ //
2032
+ // See |ex_data.h| for details.
841
2033
 
842
- // X509_PUBKEY_get decodes the public key in |key| and returns an |EVP_PKEY| on
843
- // success, or NULL on error. The caller must release the result with
844
- // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
845
- // not mutate the result.
846
- OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
2034
+ OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp,
2035
+ CRYPTO_EX_unused *unused,
2036
+ CRYPTO_EX_dup *dup_unused,
2037
+ CRYPTO_EX_free *free_func);
2038
+ OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
2039
+ OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
847
2040
 
848
- DECLARE_ASN1_FUNCTIONS(X509_SIG)
849
- DECLARE_ASN1_FUNCTIONS(X509_REQ)
2041
+ OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2042
+ CRYPTO_EX_unused *unused,
2043
+ CRYPTO_EX_dup *dup_unused,
2044
+ CRYPTO_EX_free *free_func);
2045
+ OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
2046
+ void *data);
2047
+ OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
850
2048
 
851
- DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
852
2049
 
853
- // X509_ATTRIBUTE_create returns a newly-allocated |X509_ATTRIBUTE|, or NULL on
854
- // error. The attribute has type |nid| and contains a single value determined by
855
- // |attrtype| and |value|, which are interpreted as in |ASN1_TYPE_set|. Note
856
- // this function takes ownership of |value|.
857
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int attrtype,
858
- void *value);
2050
+ // Deprecated functions.
859
2051
 
860
- DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
861
- DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
2052
+ // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
2053
+ // const-correct for legacy reasons. Use |X509_get0_notBefore| or
2054
+ // |X509_getm_notBefore| instead.
2055
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
862
2056
 
863
- DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
2057
+ // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
2058
+ // const-correct for legacy reasons. Use |X509_get0_notAfter| or
2059
+ // |X509_getm_notAfter| instead.
2060
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
864
2061
 
865
- DECLARE_ASN1_FUNCTIONS(X509_NAME)
2062
+ // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
2063
+ // instead.
2064
+ OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
866
2065
 
867
- // X509_NAME_set makes a copy of |name|. On success, it frees |*xn|, sets |*xn|
868
- // to the copy, and returns one. Otherwise, it returns zero.
869
- OPENSSL_EXPORT int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
2066
+ // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
2067
+ // instead.
2068
+ OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
870
2069
 
871
- DECLARE_ASN1_FUNCTIONS(X509)
872
- DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
2070
+ // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
2071
+ // The OpenSSL API refers to this field as lastUpdate.
2072
+ //
2073
+ // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
2074
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
873
2075
 
874
- // X509_up_ref adds one to the reference count of |x509| and returns one.
875
- OPENSSL_EXPORT int X509_up_ref(X509 *x509);
2076
+ // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
2077
+ // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
2078
+ // |X509_CRL_set1_nextUpdate| instead.
2079
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
876
2080
 
877
- OPENSSL_EXPORT int X509_get_ex_new_index(long argl, void *argp,
878
- CRYPTO_EX_unused *unused,
879
- CRYPTO_EX_dup *dup_unused,
880
- CRYPTO_EX_free *free_func);
881
- OPENSSL_EXPORT int X509_set_ex_data(X509 *r, int idx, void *arg);
882
- OPENSSL_EXPORT void *X509_get_ex_data(X509 *r, int idx);
883
- OPENSSL_EXPORT int i2d_X509_AUX(X509 *a, unsigned char **pp);
884
- OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp,
885
- long length);
2081
+ // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
2082
+ // |X509_get_pubkey| instead.
2083
+ #define X509_extract_key(x) X509_get_pubkey(x)
886
2084
 
887
- // i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
888
- // in |i2d_SAMPLE|.
889
- //
890
- // This function re-encodes the TBSCertificate and may not reflect |x509|'s
891
- // original encoding. It may be used to manually generate a signature for a new
892
- // certificate. To verify certificates, use |i2d_X509_tbs| instead.
893
- OPENSSL_EXPORT int i2d_re_X509_tbs(X509 *x509, unsigned char **outp);
2085
+ // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
2086
+ #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
894
2087
 
895
- // i2d_X509_tbs serializes the TBSCertificate portion of |x509|, as described in
896
- // |i2d_SAMPLE|.
897
- //
898
- // This function preserves the original encoding of the TBSCertificate and may
899
- // not reflect modifications made to |x509|. It may be used to manually verify
900
- // the signature of an existing certificate. To generate certificates, use
901
- // |i2d_re_X509_tbs| instead.
902
- OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
2088
+ // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
2089
+ #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
903
2090
 
904
- // X509_set1_signature_algo sets |x509|'s signature algorithm to |algo| and
905
- // returns one on success or zero on error. It updates both the signature field
906
- // of the TBSCertificate structure, and the signatureAlgorithm field of the
907
- // Certificate.
908
- OPENSSL_EXPORT int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo);
2091
+ // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
2092
+ #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
2093
+ #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
909
2094
 
910
- // X509_set1_signature_value sets |x509|'s signature to a copy of the |sig_len|
911
- // bytes pointed by |sig|. It returns one on success and zero on error.
912
- //
913
- // Due to a specification error, X.509 certificates store signatures in ASN.1
914
- // BIT STRINGs, but signature algorithms return byte strings rather than bit
915
- // strings. This function creates a BIT STRING containing a whole number of
916
- // bytes, with the bit order matching the DER encoding. This matches the
917
- // encoding used by all X.509 signature algorithms.
918
- OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
919
- size_t sig_len);
2095
+ // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
2096
+ // Prefer |X509_get0_serialNumber|.
2097
+ OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
920
2098
 
921
- // X509_get0_signature sets |*out_sig| and |*out_alg| to the signature and
922
- // signature algorithm of |x509|, respectively. Either output pointer may be
923
- // NULL to ignore the value.
2099
+ // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
2100
+ // |name|. If found, it ignores the value's ASN.1 type, writes the raw
2101
+ // |ASN1_STRING| representation to |buf|, followed by a NUL byte, and
2102
+ // returns the number of bytes in output, excluding the NUL byte.
924
2103
  //
925
- // This function outputs the outer signature algorithm. For the one in the
926
- // TBSCertificate, see |X509_get0_tbs_sigalg|. Certificates with mismatched
927
- // signature algorithms will successfully parse, but they will be rejected when
928
- // verifying.
929
- OPENSSL_EXPORT void X509_get0_signature(const ASN1_BIT_STRING **out_sig,
930
- const X509_ALGOR **out_alg,
931
- const X509 *x509);
2104
+ // This function writes at most |len| bytes, including the NUL byte. If |len| is
2105
+ // not large enough, it silently truncates the output to fit. If |buf| is NULL,
2106
+ // it instead writes enough and returns the number of bytes in the output,
2107
+ // excluding the NUL byte.
2108
+ //
2109
+ // WARNING: Do not use this function. It does not return enough information for
2110
+ // the caller to correctly interpret its output. The attribute value may be of
2111
+ // any type, including one of several ASN.1 string encodings, but this function
2112
+ // only outputs the raw |ASN1_STRING| representation. See
2113
+ // https://crbug.com/boringssl/436.
2114
+ OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
2115
+ const ASN1_OBJECT *obj, char *buf,
2116
+ int len);
932
2117
 
933
- // X509_get_signature_nid returns the NID corresponding to |x509|'s signature
934
- // algorithm, or |NID_undef| if the signature algorithm does not correspond to
935
- // a known NID.
936
- OPENSSL_EXPORT int X509_get_signature_nid(const X509 *x509);
2118
+ // X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
2119
+ // finds an attribute of type |nid|, which should be one of the |NID_*|
2120
+ // constants.
2121
+ OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
2122
+ char *buf, int len);
937
2123
 
938
- OPENSSL_EXPORT int X509_alias_set1(X509 *x, const unsigned char *name, int len);
939
- OPENSSL_EXPORT int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
940
- OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x, int *len);
941
- OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x, int *len);
942
- OPENSSL_EXPORT int (*X509_TRUST_set_default(int (*trust)(int, X509 *,
943
- int)))(int, X509 *,
944
- int);
945
- OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
946
- OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
947
- OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
948
- OPENSSL_EXPORT void X509_trust_clear(X509 *x);
949
- OPENSSL_EXPORT void X509_reject_clear(X509 *x);
950
2124
 
951
- DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
952
- DECLARE_ASN1_FUNCTIONS(X509_CRL)
2125
+ // Private structures.
953
2126
 
954
- OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
955
- OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
956
- ASN1_INTEGER *serial);
957
- OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
958
- X509 *x);
2127
+ struct X509_algor_st {
2128
+ ASN1_OBJECT *algorithm;
2129
+ ASN1_TYPE *parameter;
2130
+ } /* X509_ALGOR */;
959
2131
 
960
- OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
961
- OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
962
2132
 
963
- DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
964
- DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
2133
+ // Functions below this point have not yet been organized into sections.
965
2134
 
966
- OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
967
- OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
968
- OPENSSL_EXPORT char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
2135
+ #define X509_FILETYPE_PEM 1
2136
+ #define X509_FILETYPE_ASN1 2
2137
+ #define X509_FILETYPE_DEFAULT 3
969
2138
 
970
- OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
971
- unsigned char *md, unsigned int *len);
2139
+ #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
2140
+ #define X509v3_KU_NON_REPUDIATION 0x0040
2141
+ #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
2142
+ #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
2143
+ #define X509v3_KU_KEY_AGREEMENT 0x0008
2144
+ #define X509v3_KU_KEY_CERT_SIGN 0x0004
2145
+ #define X509v3_KU_CRL_SIGN 0x0002
2146
+ #define X509v3_KU_ENCIPHER_ONLY 0x0001
2147
+ #define X509v3_KU_DECIPHER_ONLY 0x8000
2148
+ #define X509v3_KU_UNDEF 0xffff
972
2149
 
973
- OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
974
- void *data, unsigned char *md,
975
- unsigned int *len);
2150
+ // This stuff is certificate "auxiliary info"
2151
+ // it contains details which are useful in certificate
2152
+ // stores and databases. When used this is tagged onto
2153
+ // the end of the certificate itself
976
2154
 
977
- OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
978
- const X509_ALGOR *algor1,
979
- const ASN1_BIT_STRING *signature,
980
- void *data, EVP_PKEY *pkey);
2155
+ DECLARE_STACK_OF(DIST_POINT)
2156
+ DECLARE_STACK_OF(GENERAL_NAME)
981
2157
 
982
- OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
983
- X509_ALGOR *algor2,
984
- ASN1_BIT_STRING *signature, void *data,
985
- EVP_PKEY *pkey, const EVP_MD *type);
986
- OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
987
- X509_ALGOR *algor2,
988
- ASN1_BIT_STRING *signature, void *asn,
989
- EVP_MD_CTX *ctx);
2158
+ // This is used for a table of trust checking functions
990
2159
 
991
- // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
992
- // Prefer |X509_get0_serialNumber|.
993
- OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
2160
+ struct x509_trust_st {
2161
+ int trust;
2162
+ int flags;
2163
+ int (*check_trust)(struct x509_trust_st *, X509 *, int);
2164
+ char *name;
2165
+ int arg1;
2166
+ void *arg2;
2167
+ } /* X509_TRUST */;
994
2168
 
995
- // X509_set_issuer_name sets |x509|'s issuer to a copy of |name|. It returns one
996
- // on success and zero on error.
997
- OPENSSL_EXPORT int X509_set_issuer_name(X509 *x509, X509_NAME *name);
2169
+ DEFINE_STACK_OF(X509_TRUST)
998
2170
 
999
- // X509_get_issuer_name returns |x509|'s issuer.
1000
- OPENSSL_EXPORT X509_NAME *X509_get_issuer_name(const X509 *x509);
2171
+ // standard trust ids
1001
2172
 
1002
- // X509_set_subject_name sets |x509|'s subject to a copy of |name|. It returns
1003
- // one on success and zero on error.
1004
- OPENSSL_EXPORT int X509_set_subject_name(X509 *x509, X509_NAME *name);
2173
+ #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
1005
2174
 
1006
- // X509_get_issuer_name returns |x509|'s subject.
1007
- OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
2175
+ #define X509_TRUST_COMPAT 1
2176
+ #define X509_TRUST_SSL_CLIENT 2
2177
+ #define X509_TRUST_SSL_SERVER 3
2178
+ #define X509_TRUST_EMAIL 4
2179
+ #define X509_TRUST_OBJECT_SIGN 5
2180
+ #define X509_TRUST_OCSP_SIGN 6
2181
+ #define X509_TRUST_OCSP_REQUEST 7
2182
+ #define X509_TRUST_TSA 8
1008
2183
 
1009
- // X509_set_pubkey sets |x509|'s public key to |pkey|. It returns one on success
1010
- // and zero on error. This function does not take ownership of |pkey| and
1011
- // internally copies and updates reference counts as needed.
1012
- OPENSSL_EXPORT int X509_set_pubkey(X509 *x509, EVP_PKEY *pkey);
2184
+ // Keep these up to date!
2185
+ #define X509_TRUST_MIN 1
2186
+ #define X509_TRUST_MAX 8
1013
2187
 
1014
- // X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
1015
- // public key was unsupported or could not be decoded. This function returns a
1016
- // reference to the |EVP_PKEY|. The caller must release the result with
1017
- // |EVP_PKEY_free| when done.
1018
- OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
1019
2188
 
1020
- // X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
1021
- // key. Note this does not contain the AlgorithmIdentifier portion.
1022
- //
1023
- // WARNING: This function returns a non-const pointer for OpenSSL compatibility,
1024
- // but the caller must not modify the resulting object. Doing so will break
1025
- // internal invariants in |x509|.
1026
- OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
2189
+ // trust_flags values
2190
+ #define X509_TRUST_DYNAMIC 1
2191
+ #define X509_TRUST_DYNAMIC_NAME 2
1027
2192
 
1028
- // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
1029
- // it.
1030
- OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
1031
- const X509 *x509);
2193
+ // check_trust return codes
1032
2194
 
1033
- // X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
1034
- // TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
1035
- //
1036
- // Certificates with mismatched signature algorithms will successfully parse,
1037
- // but they will be rejected when verifying.
1038
- OPENSSL_EXPORT const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x509);
2195
+ #define X509_TRUST_TRUSTED 1
2196
+ #define X509_TRUST_REJECTED 2
2197
+ #define X509_TRUST_UNTRUSTED 3
1039
2198
 
1040
- // X509_REQ_set_version sets |req|'s version to |version|, which should be
1041
- // |X509_REQ_VERSION_1|. It returns one on success and zero on error.
1042
- //
1043
- // Note no versions other than |X509_REQ_VERSION_1| are defined for CSRs.
1044
- OPENSSL_EXPORT int X509_REQ_set_version(X509_REQ *req, long version);
2199
+ DEFINE_STACK_OF(X509_REVOKED)
1045
2200
 
1046
- // X509_REQ_set_subject_name sets |req|'s subject to a copy of |name|. It
1047
- // returns one on success and zero on error.
1048
- OPENSSL_EXPORT int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
2201
+ DECLARE_STACK_OF(GENERAL_NAMES)
1049
2202
 
1050
- // X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
1051
- // signature algorithm of |req|, respectively. Either output pointer may be NULL
1052
- // to ignore the value.
1053
- OPENSSL_EXPORT void X509_REQ_get0_signature(const X509_REQ *req,
1054
- const ASN1_BIT_STRING **out_sig,
1055
- const X509_ALGOR **out_alg);
2203
+ struct private_key_st {
2204
+ int version;
2205
+ // The PKCS#8 data types
2206
+ X509_ALGOR *enc_algor;
2207
+ ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
1056
2208
 
1057
- // X509_REQ_get_signature_nid returns the NID corresponding to |req|'s signature
1058
- // algorithm, or |NID_undef| if the signature algorithm does not correspond to
1059
- // a known NID.
1060
- OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
2209
+ // When decrypted, the following will not be NULL
2210
+ EVP_PKEY *dec_pkey;
1061
2211
 
1062
- // i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
1063
- // portion of |req|, as described in |i2d_SAMPLE|.
1064
- //
1065
- // This function re-encodes the CertificationRequestInfo and may not reflect
1066
- // |req|'s original encoding. It may be used to manually generate a signature
1067
- // for a new certificate request.
1068
- OPENSSL_EXPORT int i2d_re_X509_REQ_tbs(X509_REQ *req, uint8_t **outp);
2212
+ // used to encrypt and decrypt
2213
+ int key_length;
2214
+ char *key_data;
2215
+ int key_free; // true if we should auto free key_data
1069
2216
 
1070
- // X509_REQ_set_pubkey sets |req|'s public key to |pkey|. It returns one on
1071
- // success and zero on error. This function does not take ownership of |pkey|
1072
- // and internally copies and updates reference counts as needed.
1073
- OPENSSL_EXPORT int X509_REQ_set_pubkey(X509_REQ *req, EVP_PKEY *pkey);
2217
+ // expanded version of 'enc_algor'
2218
+ EVP_CIPHER_INFO cipher;
2219
+ } /* X509_PKEY */;
1074
2220
 
1075
- // X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
1076
- // the public key was unsupported or could not be decoded. This function returns
1077
- // a reference to the |EVP_PKEY|. The caller must release the result with
1078
- // |EVP_PKEY_free| when done.
1079
- OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
2221
+ struct X509_info_st {
2222
+ X509 *x509;
2223
+ X509_CRL *crl;
2224
+ X509_PKEY *x_pkey;
1080
2225
 
1081
- // X509_REQ_extension_nid returns one if |nid| is a supported CSR attribute type
1082
- // for carrying extensions and zero otherwise. The supported types are
1083
- // |NID_ext_req| (pkcs-9-at-extensionRequest from RFC 2985) and |NID_ms_ext_req|
1084
- // (a Microsoft szOID_CERT_EXTENSIONS variant).
1085
- OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
2226
+ EVP_CIPHER_INFO enc_cipher;
2227
+ int enc_len;
2228
+ char *enc_data;
1086
2229
 
1087
- // X509_REQ_get_extensions decodes the list of requested extensions in |req| and
1088
- // returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result.
1089
- // It returns NULL on error, or if |req| did not request extensions.
1090
- //
1091
- // This function supports both pkcs-9-at-extensionRequest from RFC 2985 and the
1092
- // Microsoft szOID_CERT_EXTENSIONS variant.
1093
- OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
2230
+ } /* X509_INFO */;
1094
2231
 
1095
- // X509_REQ_add_extensions_nid adds an attribute to |req| of type |nid|, to
1096
- // request the certificate extensions in |exts|. It returns one on success and
1097
- // zero on error. |nid| should be |NID_ext_req| or |NID_ms_ext_req|.
1098
- OPENSSL_EXPORT int X509_REQ_add_extensions_nid(
1099
- X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts, int nid);
2232
+ DEFINE_STACK_OF(X509_INFO)
1100
2233
 
1101
- // X509_REQ_add_extensions behaves like |X509_REQ_add_extensions_nid|, using the
1102
- // standard |NID_ext_req| for the attribute type.
1103
- OPENSSL_EXPORT int X509_REQ_add_extensions(
1104
- X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts);
2234
+ // X509_get_pathlen returns path length constraint from the basic constraints
2235
+ // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
2236
+ // constraint is not present, or if some extension in |x509| was invalid.
2237
+ //
2238
+ // Note that decoding an |X509| object will not check for invalid extensions. To
2239
+ // detect the error case, call |X509_get_extensions_flags| and check the
2240
+ // |EXFLAG_INVALID| bit.
2241
+ OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
1105
2242
 
1106
- // X509_REQ_get_attr_count returns the number of attributes in |req|.
1107
- OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
2243
+ // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
2244
+ // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
2245
+ // |out_digest| may be NULL to skip those fields.
2246
+ OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
2247
+ const X509_ALGOR **out_alg,
2248
+ const ASN1_OCTET_STRING **out_digest);
1108
2249
 
1109
- // X509_REQ_get_attr_by_NID returns the index of the attribute in |req| of type
1110
- // |nid|, or a negative number if not found. If found, callers can use
1111
- // |X509_REQ_get_attr| to look up the attribute by index.
1112
- //
1113
- // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1114
- // can thus loop over all matching attributes by first passing -1 and then
1115
- // passing the previously-returned value until no match is returned.
1116
- OPENSSL_EXPORT int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
1117
- int lastpos);
2250
+ // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
2251
+ OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
2252
+ ASN1_OCTET_STRING **out_digest);
1118
2253
 
1119
- // X509_REQ_get_attr_by_OBJ behaves like |X509_REQ_get_attr_by_NID| but looks
1120
- // for attributes of type |obj|.
1121
- OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req,
1122
- const ASN1_OBJECT *obj,
1123
- int lastpos);
2254
+ // X509_verify_cert_error_string returns |err| as a human-readable string, where
2255
+ // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
2256
+ // a default description.
2257
+ OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
1124
2258
 
1125
- // X509_REQ_get_attr returns the attribute at index |loc| in |req|, or NULL if
1126
- // out of bounds.
1127
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
2259
+ // X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
2260
+ // This function works by serializing the structure, so if |rev| is incomplete,
2261
+ // it may fail.
2262
+ OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
1128
2263
 
1129
- // X509_REQ_delete_attr removes the attribute at index |loc| in |req|. It
1130
- // returns the removed attribute to the caller, or NULL if |loc| was out of
1131
- // bounds. If non-NULL, the caller must release the result with
1132
- // |X509_ATTRIBUTE_free| when done. It is also safe, but not necessary, to call
1133
- // |X509_ATTRIBUTE_free| if the result is NULL.
1134
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
2264
+ OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
2265
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
2266
+ OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
2267
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
2268
+ OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
2269
+ OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
1135
2270
 
1136
- // X509_REQ_add1_attr appends a copy of |attr| to |req|'s list of attributes. It
1137
- // returns one on success and zero on error.
1138
- //
1139
- // TODO(https://crbug.com/boringssl/407): |attr| should be const.
1140
- OPENSSL_EXPORT int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
2271
+ DECLARE_ASN1_FUNCTIONS_const(X509_PUBKEY)
1141
2272
 
1142
- // X509_REQ_add1_attr_by_OBJ appends a new attribute to |req| with type |obj|.
1143
- // It returns one on success and zero on error. The value is determined by
1144
- // |X509_ATTRIBUTE_set1_data|.
1145
- //
1146
- // WARNING: The interpretation of |attrtype|, |data|, and |len| is complex and
1147
- // error-prone. See |X509_ATTRIBUTE_set1_data| for details.
1148
- OPENSSL_EXPORT int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
1149
- const ASN1_OBJECT *obj,
1150
- int attrtype,
1151
- const unsigned char *data,
1152
- int len);
2273
+ // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
2274
+ // structure. On success, it frees |*x|, sets |*x| to the new object, and
2275
+ // returns one. Otherwise, it returns zero.
2276
+ OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
1153
2277
 
1154
- // X509_REQ_add1_attr_by_NID behaves like |X509_REQ_add1_attr_by_OBJ| except the
1155
- // attribute type is determined by |nid|.
1156
- OPENSSL_EXPORT int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid,
1157
- int attrtype,
1158
- const unsigned char *data,
1159
- int len);
2278
+ // X509_PUBKEY_get decodes the public key in |key| and returns an |EVP_PKEY| on
2279
+ // success, or NULL on error. The caller must release the result with
2280
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
2281
+ // not mutate the result.
2282
+ OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
1160
2283
 
1161
- // X509_REQ_add1_attr_by_txt behaves like |X509_REQ_add1_attr_by_OBJ| except the
1162
- // attribute type is determined by calling |OBJ_txt2obj| with |attrname|.
1163
- OPENSSL_EXPORT int X509_REQ_add1_attr_by_txt(X509_REQ *req,
1164
- const char *attrname, int attrtype,
1165
- const unsigned char *data,
1166
- int len);
2284
+ DECLARE_ASN1_FUNCTIONS_const(X509_SIG)
1167
2285
 
1168
- // X509_CRL_set_version sets |crl|'s version to |version|, which should be one
1169
- // of the |X509_CRL_VERSION_*| constants. It returns one on success and zero on
1170
- // error.
1171
- //
1172
- // If unsure, use |X509_CRL_VERSION_2|. Note that, unlike certificates, CRL
1173
- // versions are only defined up to v2. Callers should not use |X509_VERSION_3|.
1174
- OPENSSL_EXPORT int X509_CRL_set_version(X509_CRL *crl, long version);
2286
+ OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
2287
+ OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
2288
+ OPENSSL_EXPORT void X509_trust_clear(X509 *x);
2289
+ OPENSSL_EXPORT void X509_reject_clear(X509 *x);
1175
2290
 
1176
- // X509_CRL_set_issuer_name sets |crl|'s issuer to a copy of |name|. It returns
1177
- // one on success and zero on error.
1178
- OPENSSL_EXPORT int X509_CRL_set_issuer_name(X509_CRL *crl, X509_NAME *name);
1179
2291
 
1180
- OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
2292
+ OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
1181
2293
 
1182
- // X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
1183
- OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
2294
+ DECLARE_ASN1_FUNCTIONS_const(X509_REVOKED)
1184
2295
 
1185
- // X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
1186
- // signature algorithm of |crl|, respectively. Either output pointer may be NULL
1187
- // to ignore the value.
1188
- //
1189
- // This function outputs the outer signature algorithm, not the one in the
1190
- // TBSCertList. CRLs with mismatched signature algorithms will successfully
1191
- // parse, but they will be rejected when verifying.
1192
- OPENSSL_EXPORT void X509_CRL_get0_signature(const X509_CRL *crl,
1193
- const ASN1_BIT_STRING **out_sig,
1194
- const X509_ALGOR **out_alg);
2296
+ OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
2297
+ OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
2298
+ ASN1_INTEGER *serial);
2299
+ OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
2300
+ X509 *x);
1195
2301
 
1196
- // X509_CRL_get_signature_nid returns the NID corresponding to |crl|'s signature
1197
- // algorithm, or |NID_undef| if the signature algorithm does not correspond to
1198
- // a known NID.
1199
- OPENSSL_EXPORT int X509_CRL_get_signature_nid(const X509_CRL *crl);
2302
+ OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
2303
+ OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
1200
2304
 
1201
- // i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
1202
- // in |i2d_SAMPLE|.
1203
- //
1204
- // This function re-encodes the TBSCertList and may not reflect |crl|'s original
1205
- // encoding. It may be used to manually generate a signature for a new CRL. To
1206
- // verify CRLs, use |i2d_X509_CRL_tbs| instead.
1207
- OPENSSL_EXPORT int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
2305
+ OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
2306
+ OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
1208
2307
 
1209
- // i2d_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described in
1210
- // |i2d_SAMPLE|.
1211
- //
1212
- // This function preserves the original encoding of the TBSCertList and may not
1213
- // reflect modifications made to |crl|. It may be used to manually verify the
1214
- // signature of an existing CRL. To generate CRLs, use |i2d_re_X509_CRL_tbs|
1215
- // instead.
1216
- OPENSSL_EXPORT int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp);
2308
+ OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
2309
+ unsigned char *md, unsigned int *len);
1217
2310
 
1218
- // X509_CRL_set1_signature_algo sets |crl|'s signature algorithm to |algo| and
1219
- // returns one on success or zero on error. It updates both the signature field
1220
- // of the TBSCertList structure, and the signatureAlgorithm field of the CRL.
1221
- OPENSSL_EXPORT int X509_CRL_set1_signature_algo(X509_CRL *crl,
1222
- const X509_ALGOR *algo);
2311
+ OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
2312
+ void *data, unsigned char *md,
2313
+ unsigned int *len);
1223
2314
 
1224
- // X509_CRL_set1_signature_value sets |crl|'s signature to a copy of the
1225
- // |sig_len| bytes pointed by |sig|. It returns one on success and zero on
1226
- // error.
1227
- //
1228
- // Due to a specification error, X.509 CRLs store signatures in ASN.1 BIT
1229
- // STRINGs, but signature algorithms return byte strings rather than bit
1230
- // strings. This function creates a BIT STRING containing a whole number of
1231
- // bytes, with the bit order matching the DER encoding. This matches the
1232
- // encoding used by all X.509 signature algorithms.
1233
- OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
1234
- const uint8_t *sig,
1235
- size_t sig_len);
2315
+ OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
2316
+ const X509_ALGOR *algor1,
2317
+ const ASN1_BIT_STRING *signature,
2318
+ void *data, EVP_PKEY *pkey);
2319
+
2320
+ OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
2321
+ X509_ALGOR *algor2,
2322
+ ASN1_BIT_STRING *signature, void *data,
2323
+ EVP_PKEY *pkey, const EVP_MD *type);
2324
+ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
2325
+ X509_ALGOR *algor2,
2326
+ ASN1_BIT_STRING *signature, void *asn,
2327
+ EVP_MD_CTX *ctx);
2328
+
2329
+ OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
1236
2330
 
1237
2331
  // X509_REVOKED_get0_serialNumber returns the serial number of the certificate
1238
2332
  // revoked by |revoked|.
@@ -1259,199 +2353,30 @@ OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
1259
2353
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
1260
2354
  const X509_REVOKED *r);
1261
2355
 
1262
- OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
1263
- EVP_PKEY *skey, const EVP_MD *md,
1264
- unsigned int flags);
1265
-
1266
- OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
1267
-
1268
- OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
1269
- OPENSSL_EXPORT int X509_chain_check_suiteb(int *perror_depth, X509 *x,
1270
- STACK_OF(X509) *chain,
1271
- unsigned long flags);
1272
- OPENSSL_EXPORT int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk,
1273
- unsigned long flags);
1274
-
1275
- // X509_chain_up_ref returns a newly-allocated |STACK_OF(X509)| containing a
1276
- // shallow copy of |chain|, or NULL on error. That is, the return value has the
1277
- // same contents as |chain|, and each |X509|'s reference count is incremented by
1278
- // one.
1279
- OPENSSL_EXPORT STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
1280
-
1281
- OPENSSL_EXPORT int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
1282
-
1283
- OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
1284
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
1285
-
1286
- OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
1287
- OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
1288
-
1289
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
1290
- OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
1291
-
1292
- OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
1293
- OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
1294
- OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x);
1295
- OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x);
1296
-
1297
- OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
1298
- OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
1299
- OPENSSL_EXPORT int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
1300
- unsigned long cflag);
1301
- OPENSSL_EXPORT int X509_print_fp(FILE *bp, X509 *x);
1302
- OPENSSL_EXPORT int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
1303
- OPENSSL_EXPORT int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
1304
- OPENSSL_EXPORT int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm,
1305
- int indent, unsigned long flags);
1306
-
1307
- OPENSSL_EXPORT int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
1308
- OPENSSL_EXPORT int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
1309
- unsigned long flags);
1310
- OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
1311
- unsigned long cflag);
1312
- OPENSSL_EXPORT int X509_print(BIO *bp, X509 *x);
1313
- OPENSSL_EXPORT int X509_ocspid_print(BIO *bp, X509 *x);
1314
- OPENSSL_EXPORT int X509_CERT_AUX_print(BIO *bp, X509_CERT_AUX *x, int indent);
1315
- OPENSSL_EXPORT int X509_CRL_print(BIO *bp, X509_CRL *x);
1316
- OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
1317
- unsigned long cflag);
1318
- OPENSSL_EXPORT int X509_REQ_print(BIO *bp, X509_REQ *req);
1319
-
1320
- OPENSSL_EXPORT int X509_NAME_entry_count(const X509_NAME *name);
1321
- OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
1322
- char *buf, int len);
1323
- OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
1324
- const ASN1_OBJECT *obj, char *buf,
1325
- int len);
1326
-
1327
- // NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
1328
- // lastpos, search after that position on.
1329
- OPENSSL_EXPORT int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
1330
- int lastpos);
1331
- OPENSSL_EXPORT int X509_NAME_get_index_by_OBJ(const X509_NAME *name,
1332
- const ASN1_OBJECT *obj,
1333
- int lastpos);
1334
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name,
1335
- int loc);
1336
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name,
1337
- int loc);
1338
- OPENSSL_EXPORT int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne,
1339
- int loc, int set);
1340
- OPENSSL_EXPORT int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
1341
- int type,
1342
- const unsigned char *bytes,
1343
- int len, int loc, int set);
1344
- OPENSSL_EXPORT int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid,
1345
- int type,
1346
- const unsigned char *bytes,
1347
- int len, int loc, int set);
1348
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
1349
- X509_NAME_ENTRY **ne, const char *field, int type,
1350
- const unsigned char *bytes, int len);
1351
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(
1352
- X509_NAME_ENTRY **ne, int nid, int type, const unsigned char *bytes,
1353
- int len);
1354
- OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
1355
- const char *field, int type,
1356
- const unsigned char *bytes,
1357
- int len, int loc, int set);
1358
- OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(
1359
- X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, int type,
1360
- const unsigned char *bytes, int len);
1361
- OPENSSL_EXPORT int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne,
1362
- const ASN1_OBJECT *obj);
1363
- OPENSSL_EXPORT int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
1364
- const unsigned char *bytes,
1365
- int len);
1366
- OPENSSL_EXPORT ASN1_OBJECT *X509_NAME_ENTRY_get_object(
1367
- const X509_NAME_ENTRY *ne);
1368
- OPENSSL_EXPORT ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
1369
-
1370
- // X509v3_get_ext_count returns the number of extensions in |x|.
1371
- OPENSSL_EXPORT int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
1372
-
1373
- // X509v3_get_ext_by_NID returns the index of the first extension in |x| with
1374
- // type |nid|, or a negative number if not found. If found, callers can use
1375
- // |X509v3_get_ext| to look up the extension by index.
1376
- //
1377
- // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1378
- // can thus loop over all matching extensions by first passing -1 and then
1379
- // passing the previously-returned value until no match is returned.
1380
- OPENSSL_EXPORT int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
1381
- int nid, int lastpos);
1382
-
1383
- // X509v3_get_ext_by_OBJ behaves like |X509v3_get_ext_by_NID| but looks for
1384
- // extensions matching |obj|.
1385
- OPENSSL_EXPORT int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
1386
- const ASN1_OBJECT *obj, int lastpos);
1387
-
1388
- // X509v3_get_ext_by_critical returns the index of the first extension in |x|
1389
- // whose critical bit matches |crit|, or a negative number if no such extension
1390
- // was found.
1391
- //
1392
- // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1393
- // can thus loop over all matching extensions by first passing -1 and then
1394
- // passing the previously-returned value until no match is returned.
1395
- OPENSSL_EXPORT int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
1396
- int crit, int lastpos);
1397
-
1398
- // X509v3_get_ext returns the extension in |x| at index |loc|, or NULL if |loc|
1399
- // is out of bounds.
1400
- OPENSSL_EXPORT X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x,
1401
- int loc);
1402
-
1403
- // X509v3_delete_ext removes the extension in |x| at index |loc| and returns the
1404
- // removed extension, or NULL if |loc| was out of bounds. If an extension was
1405
- // returned, the caller must release it with |X509_EXTENSION_free|.
1406
- OPENSSL_EXPORT X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x,
1407
- int loc);
1408
-
1409
- // X509v3_add_ext adds a copy of |ex| to the extension list in |*x|. If |*x| is
1410
- // NULL, it allocates a new |STACK_OF(X509_EXTENSION)| to hold the copy and sets
1411
- // |*x| to the new list. It returns |*x| on success and NULL on error. The
1412
- // caller retains ownership of |ex| and can release it independently of |*x|.
1413
- //
1414
- // The new extension is inserted at index |loc|, shifting extensions to the
1415
- // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1416
- // list.
1417
- OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
1418
- STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc);
2356
+ OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
2357
+ EVP_PKEY *skey, const EVP_MD *md,
2358
+ unsigned int flags);
1419
2359
 
1420
- // X509_get_ext_count returns the number of extensions in |x|.
1421
- OPENSSL_EXPORT int X509_get_ext_count(const X509 *x);
2360
+ OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
1422
2361
 
1423
- // X509_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
1424
- // extensions in |x|.
1425
- OPENSSL_EXPORT int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
2362
+ OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
1426
2363
 
1427
- // X509_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
1428
- // extensions in |x|.
1429
- OPENSSL_EXPORT int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj,
1430
- int lastpos);
2364
+ OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
2365
+ OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
1431
2366
 
1432
- // X509_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
1433
- // searches for extensions in |x|.
1434
- OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
1435
- int lastpos);
2367
+ OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
2368
+ OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
1436
2369
 
1437
- // X509_get_ext returns the extension in |x| at index |loc|, or NULL if |loc| is
1438
- // out of bounds.
1439
- OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
2370
+ OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
2371
+ OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
1440
2372
 
1441
- // X509_delete_ext removes the extension in |x| at index |loc| and returns the
1442
- // removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
1443
- // caller must release the result with |X509_EXTENSION_free|. It is also safe,
1444
- // but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
1445
- OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
2373
+ OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
2374
+ OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
2375
+ OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x);
2376
+ OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x);
1446
2377
 
1447
- // X509_add_ext adds a copy of |ex| to |x|. It returns one on success and zero
1448
- // on failure. The caller retains ownership of |ex| and can release it
1449
- // independently of |x|.
1450
- //
1451
- // The new extension is inserted at index |loc|, shifting extensions to the
1452
- // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1453
- // list.
1454
- OPENSSL_EXPORT int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
2378
+ OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
2379
+ OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
1455
2380
 
1456
2381
  // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
1457
2382
  // |x509|'s extension list.
@@ -1470,43 +2395,6 @@ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
1470
2395
  OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
1471
2396
  unsigned long flags);
1472
2397
 
1473
- // X509_CRL_get_ext_count returns the number of extensions in |x|.
1474
- OPENSSL_EXPORT int X509_CRL_get_ext_count(const X509_CRL *x);
1475
-
1476
- // X509_CRL_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches for
1477
- // extensions in |x|.
1478
- OPENSSL_EXPORT int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid,
1479
- int lastpos);
1480
-
1481
- // X509_CRL_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches for
1482
- // extensions in |x|.
1483
- OPENSSL_EXPORT int X509_CRL_get_ext_by_OBJ(const X509_CRL *x,
1484
- const ASN1_OBJECT *obj, int lastpos);
1485
-
1486
- // X509_CRL_get_ext_by_critical behaves like |X509v3_get_ext_by_critical| but
1487
- // searches for extensions in |x|.
1488
- OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
1489
- int lastpos);
1490
-
1491
- // X509_CRL_get_ext returns the extension in |x| at index |loc|, or NULL if
1492
- // |loc| is out of bounds.
1493
- OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
1494
-
1495
- // X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
1496
- // the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
1497
- // caller must release the result with |X509_EXTENSION_free|. It is also safe,
1498
- // but not necessary, to call |X509_EXTENSION_free| if the result is NULL.
1499
- OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
1500
-
1501
- // X509_CRL_add_ext adds a copy of |ex| to |x|. It returns one on success and
1502
- // zero on failure. The caller retains ownership of |ex| and can release it
1503
- // independently of |x|.
1504
- //
1505
- // The new extension is inserted at index |loc|, shifting extensions to the
1506
- // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1507
- // list.
1508
- OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
1509
-
1510
2398
  // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
1511
2399
  // extension in |crl|'s extension list.
1512
2400
  //
@@ -1544,15 +2432,14 @@ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
1544
2432
  int crit, int lastpos);
1545
2433
 
1546
2434
  // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
1547
- // |loc| is out of bounds.
2435
+ // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
2436
+ // compatibility, but callers should not mutate the result.
1548
2437
  OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
1549
2438
  int loc);
1550
2439
 
1551
2440
  // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
1552
2441
  // returns the removed extension, or NULL if |loc| was out of bounds. If
1553
- // non-NULL, the caller must release the result with |X509_EXTENSION_free|. It
1554
- // is also safe, but not necessary, to call |X509_EXTENSION_free| if the result
1555
- // is NULL.
2442
+ // non-NULL, the caller must release the result with |X509_EXTENSION_free|.
1556
2443
  OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1557
2444
  int loc);
1558
2445
 
@@ -1563,8 +2450,8 @@ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1563
2450
  // The new extension is inserted at index |loc|, shifting extensions to the
1564
2451
  // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1565
2452
  // list.
1566
- OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex,
1567
- int loc);
2453
+ OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
2454
+ const X509_EXTENSION *ex, int loc);
1568
2455
 
1569
2456
  // X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
1570
2457
  // extension in |revoked|'s extension list.
@@ -1585,217 +2472,25 @@ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
1585
2472
  void *value, int crit,
1586
2473
  unsigned long flags);
1587
2474
 
1588
- // X509_EXTENSION_create_by_NID creates a new |X509_EXTENSION| with type |nid|,
1589
- // value |data|, and critical bit |crit|. It returns the newly-allocated
1590
- // |X509_EXTENSION| on success, and false on error. |nid| should be a |NID_*|
1591
- // constant.
1592
- //
1593
- // If |ex| and |*ex| are both non-NULL, it modifies and returns |*ex| instead of
1594
- // creating a new object. If |ex| is non-NULL, but |*ex| is NULL, it sets |*ex|
1595
- // to the new |X509_EXTENSION|, in addition to returning the result.
1596
- OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_NID(
1597
- X509_EXTENSION **ex, int nid, int crit, const ASN1_OCTET_STRING *data);
1598
-
1599
- // X509_EXTENSION_create_by_OBJ behaves like |X509_EXTENSION_create_by_NID|, but
1600
- // the extension type is determined by an |ASN1_OBJECT|.
1601
- OPENSSL_EXPORT X509_EXTENSION *X509_EXTENSION_create_by_OBJ(
1602
- X509_EXTENSION **ex, const ASN1_OBJECT *obj, int crit,
1603
- const ASN1_OCTET_STRING *data);
1604
-
1605
- // X509_EXTENSION_set_object sets |ex|'s extension type to |obj|. It returns one
1606
- // on success and zero on error.
1607
- OPENSSL_EXPORT int X509_EXTENSION_set_object(X509_EXTENSION *ex,
1608
- const ASN1_OBJECT *obj);
1609
-
1610
- // X509_EXTENSION_set_critical sets |ex| to critical if |crit| is non-zero and
1611
- // to non-critical if |crit| is zero.
1612
- OPENSSL_EXPORT int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
1613
-
1614
- // X509_EXTENSION_set_data set's |ex|'s extension value to a copy of |data|. It
1615
- // returns one on success and zero on error.
1616
- OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1617
- const ASN1_OCTET_STRING *data);
1618
-
1619
- // X509_EXTENSION_get_object returns |ex|'s extension type.
1620
- OPENSSL_EXPORT ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
1621
-
1622
- // X509_EXTENSION_get_data returns |ne|'s extension value.
1623
- OPENSSL_EXPORT ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
1624
-
1625
- // X509_EXTENSION_get_critical returns one if |ex| is critical and zero
1626
- // otherwise.
1627
- OPENSSL_EXPORT int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
1628
-
1629
- // X509at_get_attr_count returns the number of attributes in |x|.
1630
- OPENSSL_EXPORT int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
1631
-
1632
- // X509at_get_attr_by_NID returns the index of the attribute in |x| of type
1633
- // |nid|, or a negative number if not found. If found, callers can use
1634
- // |X509at_get_attr| to look up the attribute by index.
1635
- //
1636
- // If |lastpos| is non-negative, it begins searching at |lastpos| + 1. Callers
1637
- // can thus loop over all matching attributes by first passing -1 and then
1638
- // passing the previously-returned value until no match is returned.
1639
- OPENSSL_EXPORT int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x,
1640
- int nid, int lastpos);
1641
-
1642
- // X509at_get_attr_by_OBJ behaves like |X509at_get_attr_by_NID| but looks for
1643
- // attributes of type |obj|.
1644
- OPENSSL_EXPORT int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
1645
- const ASN1_OBJECT *obj, int lastpos);
1646
-
1647
- // X509at_get_attr returns the attribute at index |loc| in |x|, or NULL if
1648
- // out of bounds.
1649
- OPENSSL_EXPORT X509_ATTRIBUTE *X509at_get_attr(
1650
- const STACK_OF(X509_ATTRIBUTE) *x, int loc);
1651
-
1652
- // X509at_delete_attr removes the attribute at index |loc| in |x|. It returns
1653
- // the removed attribute to the caller, or NULL if |loc| was out of bounds. If
1654
- // non-NULL, the caller must release the result with |X509_ATTRIBUTE_free| when
1655
- // done. It is also safe, but not necessary, to call |X509_ATTRIBUTE_free| if
1656
- // the result is NULL.
1657
- OPENSSL_EXPORT X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x,
1658
- int loc);
1659
-
1660
- // X509at_add1_attr appends a copy of |attr| to the attribute list in |*x|. If
1661
- // |*x| is NULL, it allocates a new |STACK_OF(X509_ATTRIBUTE)| to hold the copy
1662
- // and sets |*x| to the new list. It returns |*x| on success and NULL on error.
1663
- // The caller retains ownership of |attr| and can release it independently of
1664
- // |*x|.
1665
- OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(
1666
- STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr);
1667
-
1668
- // X509at_add1_attr_by_OBJ behaves like |X509at_add1_attr|, but adds an
1669
- // attribute created by |X509_ATTRIBUTE_create_by_OBJ|.
1670
- OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(
1671
- STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type,
1672
- const unsigned char *bytes, int len);
1673
-
1674
- // X509at_add1_attr_by_NID behaves like |X509at_add1_attr|, but adds an
1675
- // attribute created by |X509_ATTRIBUTE_create_by_NID|.
1676
- OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(
1677
- STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, const unsigned char *bytes,
1678
- int len);
1679
-
1680
- // X509at_add1_attr_by_txt behaves like |X509at_add1_attr|, but adds an
1681
- // attribute created by |X509_ATTRIBUTE_create_by_txt|.
1682
- OPENSSL_EXPORT STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(
1683
- STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type,
1684
- const unsigned char *bytes, int len);
1685
-
1686
- // X509_ATTRIBUTE_create_by_NID returns a newly-allocated |X509_ATTRIBUTE| of
1687
- // type |nid|, or NULL on error. The value is determined as in
1688
- // |X509_ATTRIBUTE_set1_data|.
1689
- //
1690
- // If |attr| is non-NULL, the resulting |X509_ATTRIBUTE| is also written to
1691
- // |*attr|. If |*attr| was non-NULL when the function was called, |*attr| is
1692
- // reused instead of creating a new object.
1693
- //
1694
- // WARNING: The interpretation of |attrtype|, |data|, and |len| is complex and
1695
- // error-prone. See |X509_ATTRIBUTE_set1_data| for details.
1696
- //
1697
- // WARNING: The object reuse form is deprecated and may be removed in the
1698
- // future. It also currently incorrectly appends to the reused object's value
1699
- // set rather than overwriting it.
1700
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(
1701
- X509_ATTRIBUTE **attr, int nid, int attrtype, const void *data, int len);
1702
-
1703
- // X509_ATTRIBUTE_create_by_OBJ behaves like |X509_ATTRIBUTE_create_by_NID|
1704
- // except the attribute's type is determined by |obj|.
1705
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(
1706
- X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, int attrtype,
1707
- const void *data, int len);
1708
-
1709
- // X509_ATTRIBUTE_create_by_txt behaves like |X509_ATTRIBUTE_create_by_NID|
1710
- // except the attribute's type is determined by calling |OBJ_txt2obj| with
1711
- // |attrname|.
1712
- OPENSSL_EXPORT X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(
1713
- X509_ATTRIBUTE **attr, const char *attrname, int type,
1714
- const unsigned char *bytes, int len);
1715
-
1716
- // X509_ATTRIBUTE_set1_object sets |attr|'s type to |obj|. It returns one on
1717
- // success and zero on error.
1718
- OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
1719
- const ASN1_OBJECT *obj);
1720
-
1721
- // X509_ATTRIBUTE_set1_data appends a value to |attr|'s value set and returns
1722
- // one on success or zero on error. The value is determined as follows:
1723
- //
1724
- // If |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
1725
- // string is determined by decoding |len| bytes from |data| in the encoding
1726
- // specified by |attrtype|, and then re-encoding it in a form appropriate for
1727
- // |attr|'s type. If |len| is -1, |strlen(data)| is used instead. See
1728
- // |ASN1_STRING_set_by_NID| for details.
1729
- //
1730
- // TODO(davidben): Document |ASN1_STRING_set_by_NID| so the reference is useful.
1731
- //
1732
- // Otherwise, if |len| is not -1, the value is an ASN.1 string. |attrtype| is an
1733
- // |ASN1_STRING| type value and the |len| bytes from |data| are copied as the
1734
- // type-specific representation of |ASN1_STRING|. See |ASN1_STRING| for details.
1735
- //
1736
- // WARNING: If this form is used to construct a negative INTEGER or ENUMERATED,
1737
- // |attrtype| includes the |V_ASN1_NEG| flag for |ASN1_STRING|, but the function
1738
- // forgets to clear the flag for |ASN1_TYPE|. This matches OpenSSL but is
1739
- // probably a bug. For now, do not use this form with negative values.
1740
- //
1741
- // Otherwise, if |len| is -1, the value is constructed by passing |attrtype| and
1742
- // |data| to |ASN1_TYPE_set1|. That is, |attrtype| is an |ASN1_TYPE| type value,
1743
- // and |data| is cast to the corresponding pointer type.
1744
- //
1745
- // WARNING: Despite the name, this function appends to |attr|'s value set,
1746
- // rather than overwriting it. To overwrite the value set, create a new
1747
- // |X509_ATTRIBUTE| with |X509_ATTRIBUTE_new|.
1748
- //
1749
- // WARNING: If using the |MBSTRING_*| form, pass a length rather than relying on
1750
- // |strlen|. In particular, |strlen| will not behave correctly if the input is
1751
- // |MBSTRING_BMP| or |MBSTRING_UNIV|.
1752
- //
1753
- // WARNING: This function currently misinterprets |V_ASN1_OTHER| as an
1754
- // |MBSTRING_*| constant. This matches OpenSSL but means it is impossible to
1755
- // construct a value with a non-universal tag.
1756
- OPENSSL_EXPORT int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
1757
- const void *data, int len);
1758
-
1759
- // X509_ATTRIBUTE_get0_data returns the |idx|th value of |attr| in a
1760
- // type-specific representation to |attrtype|, or NULL if out of bounds or the
1761
- // type does not match. |attrtype| is one of the type values in |ASN1_TYPE|. On
1762
- // match, the return value uses the same representation as |ASN1_TYPE_set0|. See
1763
- // |ASN1_TYPE| for details.
1764
- OPENSSL_EXPORT void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
1765
- int attrtype, void *unused);
1766
-
1767
- // X509_ATTRIBUTE_count returns the number of values in |attr|.
1768
- OPENSSL_EXPORT int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
1769
-
1770
- // X509_ATTRIBUTE_get0_object returns the type of |attr|.
1771
- OPENSSL_EXPORT ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
1772
-
1773
- // X509_ATTRIBUTE_get0_type returns the |idx|th value in |attr|, or NULL if out
1774
- // of bounds. Note this function returns one of |attr|'s values, not the type.
1775
- OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
1776
- int idx);
1777
-
1778
2475
  OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
1779
2476
 
1780
- // lookup a cert from a X509 STACK
1781
- OPENSSL_EXPORT X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,
1782
- X509_NAME *name,
1783
- ASN1_INTEGER *serial);
1784
- OPENSSL_EXPORT X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
1785
-
1786
2477
  // PKCS#8 utilities
1787
2478
 
1788
- DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
2479
+ DECLARE_ASN1_FUNCTIONS_const(PKCS8_PRIV_KEY_INFO)
1789
2480
 
1790
- OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
1791
- OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
2481
+ // EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
2482
+ // key was unsupported or could not be decoded. If non-NULL, the caller must
2483
+ // release the result with |EVP_PKEY_free| when done.
2484
+ //
2485
+ // Use |EVP_parse_private_key| instead.
2486
+ OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
1792
2487
 
1793
- OPENSSL_EXPORT int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
1794
- int version, int ptype, void *pval,
1795
- unsigned char *penc, int penclen);
1796
- OPENSSL_EXPORT int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
1797
- const unsigned char **pk, int *ppklen,
1798
- X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8);
2488
+ // EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
2489
+ // represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
2490
+ // caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
2491
+ //
2492
+ // Use |EVP_marshal_private_key| instead.
2493
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
1799
2494
 
1800
2495
  // X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
1801
2496
  // determined by |obj|, |param_type|, and |param_value|, and an encoded
@@ -1852,7 +2547,7 @@ struct rsa_pss_params_st {
1852
2547
  X509_ALGOR *maskHash;
1853
2548
  } /* RSA_PSS_PARAMS */;
1854
2549
 
1855
- DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
2550
+ DECLARE_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS)
1856
2551
 
1857
2552
  /*
1858
2553
  SSL_CTX -> X509_STORE
@@ -1977,14 +2672,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
1977
2672
  #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
1978
2673
  #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
1979
2674
 
1980
- // Suite B mode algorithm violation
1981
- #define X509_V_ERR_SUITE_B_INVALID_VERSION 56
1982
- #define X509_V_ERR_SUITE_B_INVALID_ALGORITHM 57
1983
- #define X509_V_ERR_SUITE_B_INVALID_CURVE 58
1984
- #define X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM 59
1985
- #define X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED 60
1986
- #define X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
1987
-
1988
2675
  // Host, email and IP check errors
1989
2676
  #define X509_V_ERR_HOSTNAME_MISMATCH 62
1990
2677
  #define X509_V_ERR_EMAIL_MISMATCH 63
@@ -2011,9 +2698,9 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2011
2698
  #define X509_V_FLAG_IGNORE_CRITICAL 0x10
2012
2699
  // Does nothing as its functionality has been enabled by default.
2013
2700
  #define X509_V_FLAG_X509_STRICT 0x00
2014
- // Enable proxy certificate validation
2701
+ // This flag does nothing as proxy certificate support has been removed.
2015
2702
  #define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40
2016
- // Enable policy checking
2703
+ // Does nothing as its functionality has been enabled by default.
2017
2704
  #define X509_V_FLAG_POLICY_CHECK 0x80
2018
2705
  // Policy variable require-explicit-policy
2019
2706
  #define X509_V_FLAG_EXPLICIT_POLICY 0x100
@@ -2031,12 +2718,6 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2031
2718
  #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
2032
2719
  // Use trusted store first
2033
2720
  #define X509_V_FLAG_TRUSTED_FIRST 0x8000
2034
- // Suite B 128 bit only mode: not normally used
2035
- #define X509_V_FLAG_SUITEB_128_LOS_ONLY 0x10000
2036
- // Suite B 192 bit only mode
2037
- #define X509_V_FLAG_SUITEB_192_LOS 0x20000
2038
- // Suite B 128 bit mode allowing 192 bit algorithms
2039
- #define X509_V_FLAG_SUITEB_128_LOS 0x30000
2040
2721
 
2041
2722
  // Allow partial chains if at least one certificate is in trusted store
2042
2723
  #define X509_V_FLAG_PARTIAL_CHAIN 0x80000
@@ -2046,17 +2727,16 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2046
2727
  // will force the behaviour to match that of previous versions.
2047
2728
  #define X509_V_FLAG_NO_ALT_CHAINS 0x100000
2048
2729
 
2730
+ // X509_V_FLAG_NO_CHECK_TIME disables all time checks in certificate
2731
+ // verification.
2732
+ #define X509_V_FLAG_NO_CHECK_TIME 0x200000
2733
+
2049
2734
  #define X509_VP_FLAG_DEFAULT 0x1
2050
2735
  #define X509_VP_FLAG_OVERWRITE 0x2
2051
2736
  #define X509_VP_FLAG_RESET_FLAGS 0x4
2052
2737
  #define X509_VP_FLAG_LOCKED 0x8
2053
2738
  #define X509_VP_FLAG_ONCE 0x10
2054
2739
 
2055
- // Internal use: mask of policy related options
2056
- #define X509_V_FLAG_POLICY_MASK \
2057
- (X509_V_FLAG_POLICY_CHECK | X509_V_FLAG_EXPLICIT_POLICY | \
2058
- X509_V_FLAG_INHIBIT_ANY | X509_V_FLAG_INHIBIT_MAP)
2059
-
2060
2740
  OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
2061
2741
  int type, X509_NAME *name);
2062
2742
  OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
@@ -2090,6 +2770,11 @@ OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
2090
2770
  OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
2091
2771
  X509_STORE_CTX_verify_fn verify);
2092
2772
  OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
2773
+
2774
+ // X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets
2775
+ // the verify callback for any |X509_STORE_CTX| created from this |X509_STORE|
2776
+ //
2777
+ // Do not use this funciton. see |X509_STORE_CTX_set_verify_cb|.
2093
2778
  OPENSSL_EXPORT void X509_STORE_set_verify_cb(
2094
2779
  X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
2095
2780
  #define X509_STORE_set_verify_cb_func(ctx, func) \
@@ -2144,8 +2829,21 @@ OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
2144
2829
  OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
2145
2830
  OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
2146
2831
  X509 *x509, STACK_OF(X509) *chain);
2832
+
2833
+ // X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
2834
+ // in |sk|. |sk| must remain valid for the duration of |ctx|.
2835
+ //
2836
+ // WARNING: This function differs from most |set0| functions in that it does not
2837
+ // take ownership of its input. The caller is required to ensure the lifetimes
2838
+ // are consistent.
2839
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2840
+ STACK_OF(X509) *sk);
2841
+
2842
+ // X509_STORE_CTX_trusted_stack is a deprecated alias for
2843
+ // |X509_STORE_CTX_set0_trusted_stack|.
2147
2844
  OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
2148
2845
  STACK_OF(X509) *sk);
2846
+
2149
2847
  OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
2150
2848
 
2151
2849
  OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
@@ -2180,15 +2878,6 @@ OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
2180
2878
  OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
2181
2879
  OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
2182
2880
  X509_NAME *name, X509_OBJECT *ret);
2183
- OPENSSL_EXPORT int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type,
2184
- X509_NAME *name,
2185
- ASN1_INTEGER *serial,
2186
- X509_OBJECT *ret);
2187
- OPENSSL_EXPORT int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
2188
- unsigned char *bytes, int len,
2189
- X509_OBJECT *ret);
2190
- OPENSSL_EXPORT int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
2191
- int len, X509_OBJECT *ret);
2192
2881
  OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
2193
2882
 
2194
2883
  #ifndef OPENSSL_NO_STDIO
@@ -2196,14 +2885,6 @@ OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
2196
2885
  const char *dir);
2197
2886
  OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
2198
2887
  #endif
2199
-
2200
- OPENSSL_EXPORT int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
2201
- CRYPTO_EX_unused *unused,
2202
- CRYPTO_EX_dup *dup_unused,
2203
- CRYPTO_EX_free *free_func);
2204
- OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
2205
- void *data);
2206
- OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
2207
2888
  OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
2208
2889
  OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
2209
2890
  OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
@@ -2231,12 +2912,30 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
2231
2912
  unsigned long flags);
2232
2913
  OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
2233
2914
  unsigned long flags, time_t t);
2915
+ OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
2916
+ unsigned long flags,
2917
+ int64_t t);
2918
+
2919
+ // X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is
2920
+ // called multiple times during |X509_verify_cert|. The callback returns zero to
2921
+ // fail verification and non-zero to proceed. Typically, it will return |ok|,
2922
+ // which preserves the default behavior. Returning one when |ok| is zero will
2923
+ // proceed past some error. The callback may inspect |ctx| and the error queue
2924
+ // to attempt to determine the current stage of certificate verification, but
2925
+ // this is often unreliable.
2926
+ //
2927
+ // WARNING: Do not use this function. It is extremely fragile and unpredictable.
2928
+ // This callback exposes implementation details of certificate verification,
2929
+ // which change as the library evolves. Attempting to use it for security checks
2930
+ // can introduce vulnerabilities if making incorrect assumptions about when the
2931
+ // callback is called. Additionally, overriding |ok| may leave |ctx| in an
2932
+ // inconsistent state and break invariants.
2933
+ //
2934
+ // Instead, customize certificate verification by configuring options on the
2935
+ // |X509_STORE_CTX| before verification, or applying additional checks after
2936
+ // |X509_verify_cert| completes successfully.
2234
2937
  OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
2235
- X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *));
2236
-
2237
- OPENSSL_EXPORT X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(
2238
- X509_STORE_CTX *ctx);
2239
- OPENSSL_EXPORT int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
2938
+ X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
2240
2939
 
2241
2940
  OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
2242
2941
  X509_STORE_CTX *ctx);
@@ -2269,10 +2968,12 @@ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
2269
2968
  int depth);
2270
2969
  OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
2271
2970
  time_t t);
2971
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
2972
+ int64_t t);
2272
2973
  OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
2273
2974
  ASN1_OBJECT *policy);
2274
2975
  OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
2275
- X509_VERIFY_PARAM *param, STACK_OF(ASN1_OBJECT) *policies);
2976
+ X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
2276
2977
 
2277
2978
  OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
2278
2979
  const char *name,
@@ -2296,43 +2997,8 @@ OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
2296
2997
  OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
2297
2998
  const X509_VERIFY_PARAM *param);
2298
2999
 
2299
- OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
2300
- OPENSSL_EXPORT int X509_VERIFY_PARAM_get_count(void);
2301
- OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
2302
3000
  OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
2303
3001
  const char *name);
2304
- OPENSSL_EXPORT void X509_VERIFY_PARAM_table_cleanup(void);
2305
-
2306
- OPENSSL_EXPORT int X509_policy_check(X509_POLICY_TREE **ptree,
2307
- int *pexplicit_policy,
2308
- STACK_OF(X509) *certs,
2309
- STACK_OF(ASN1_OBJECT) *policy_oids,
2310
- unsigned int flags);
2311
-
2312
- OPENSSL_EXPORT void X509_policy_tree_free(X509_POLICY_TREE *tree);
2313
-
2314
- OPENSSL_EXPORT int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
2315
- OPENSSL_EXPORT X509_POLICY_LEVEL *X509_policy_tree_get0_level(
2316
- const X509_POLICY_TREE *tree, int i);
2317
-
2318
- OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(
2319
- const X509_POLICY_TREE *tree);
2320
-
2321
- OPENSSL_EXPORT STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(
2322
- const X509_POLICY_TREE *tree);
2323
-
2324
- OPENSSL_EXPORT int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
2325
-
2326
- OPENSSL_EXPORT X509_POLICY_NODE *X509_policy_level_get0_node(
2327
- X509_POLICY_LEVEL *level, int i);
2328
-
2329
- OPENSSL_EXPORT const ASN1_OBJECT *X509_policy_node_get0_policy(
2330
- const X509_POLICY_NODE *node);
2331
-
2332
- OPENSSL_EXPORT STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(
2333
- const X509_POLICY_NODE *node);
2334
- OPENSSL_EXPORT const X509_POLICY_NODE *X509_policy_node_get0_parent(
2335
- const X509_POLICY_NODE *node);
2336
3002
 
2337
3003
 
2338
3004
  #if defined(__cplusplus)
@@ -2352,14 +3018,12 @@ BORINGSSL_MAKE_DELETER(X509_ALGOR, X509_ALGOR_free)
2352
3018
  BORINGSSL_MAKE_DELETER(X509_ATTRIBUTE, X509_ATTRIBUTE_free)
2353
3019
  BORINGSSL_MAKE_DELETER(X509_CRL, X509_CRL_free)
2354
3020
  BORINGSSL_MAKE_UP_REF(X509_CRL, X509_CRL_up_ref)
2355
- BORINGSSL_MAKE_DELETER(X509_CRL_METHOD, X509_CRL_METHOD_free)
2356
3021
  BORINGSSL_MAKE_DELETER(X509_EXTENSION, X509_EXTENSION_free)
2357
3022
  BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
2358
3023
  BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
2359
3024
  BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
2360
3025
  BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
2361
3026
  BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free)
2362
- BORINGSSL_MAKE_DELETER(X509_POLICY_TREE, X509_policy_tree_free)
2363
3027
  BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free)
2364
3028
  BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
2365
3029
  BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)
@@ -2415,5 +3079,9 @@ BSSL_NAMESPACE_END
2415
3079
  #define X509_R_DELTA_CRL_WITHOUT_CRL_NUMBER 138
2416
3080
  #define X509_R_INVALID_FIELD_FOR_VERSION 139
2417
3081
  #define X509_R_INVALID_VERSION 140
3082
+ #define X509_R_NO_CERTIFICATE_FOUND 141
3083
+ #define X509_R_NO_CERTIFICATE_OR_CRL_FOUND 142
3084
+ #define X509_R_NO_CRL_FOUND 143
3085
+ #define X509_R_INVALID_POLICY_EXTENSION 144
2418
3086
 
2419
- #endif
3087
+ #endif // OPENSSL_HEADER_X509_H