grpc 1.53.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (1668) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +218 -143
  3. data/include/grpc/event_engine/event_engine.h +34 -17
  4. data/include/grpc/grpc_audit_logging.h +96 -0
  5. data/include/grpc/grpc_security.h +4 -0
  6. data/include/grpc/impl/grpc_types.h +13 -2
  7. data/include/grpc/module.modulemap +2 -0
  8. data/include/grpc/support/json.h +218 -0
  9. data/include/grpc/support/port_platform.h +4 -4
  10. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +17 -1
  11. data/src/core/ext/filters/client_channel/backend_metric.cc +10 -1
  12. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  13. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  14. data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
  15. data/src/core/ext/filters/client_channel/client_channel.cc +911 -898
  16. data/src/core/ext/filters/client_channel/client_channel.h +145 -177
  17. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +20 -19
  18. data/src/core/ext/filters/client_channel/client_channel_internal.h +77 -0
  19. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +2 -2
  20. data/src/core/ext/filters/client_channel/config_selector.h +13 -39
  21. data/src/core/ext/filters/client_channel/http_proxy.cc +35 -2
  22. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +9 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +24 -24
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +1 -1
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
  26. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  27. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  28. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  29. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
  30. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +56 -24
  31. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
  32. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
  33. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -11
  34. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +150 -158
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
  36. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +54 -66
  37. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +20 -14
  38. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
  39. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
  40. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +83 -53
  41. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +17 -15
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +54 -49
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +12 -13
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +18 -23
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +48 -51
  46. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +12 -17
  47. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +16 -22
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +46 -153
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
  52. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +60 -0
  53. data/src/core/ext/filters/client_channel/resolver/dns/{dns_resolver_selection.h → dns_resolver_plugin.h} +10 -12
  54. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +549 -0
  55. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
  56. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +97 -0
  57. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +32 -0
  58. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +19 -36
  59. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +24 -0
  60. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +61 -207
  61. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  62. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  63. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +160 -68
  64. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
  65. data/src/core/ext/filters/client_channel/retry_filter.cc +117 -156
  66. data/src/core/ext/filters/client_channel/retry_service_config.cc +9 -8
  67. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
  68. data/src/core/ext/filters/client_channel/subchannel.cc +12 -200
  69. data/src/core/ext/filters/client_channel/subchannel.h +3 -43
  70. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  71. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  72. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +1 -1
  73. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  74. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  75. data/src/core/ext/filters/http/message_compress/compression_filter.cc +30 -14
  76. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  77. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  78. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +168 -75
  79. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
  80. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +10 -9
  81. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
  82. data/src/core/ext/gcp/metadata_query.cc +137 -0
  83. data/src/core/ext/gcp/metadata_query.h +87 -0
  84. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  85. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +12 -8
  86. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +5 -1
  87. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +226 -82
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +21 -0
  89. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +70 -0
  90. data/src/core/ext/transport/chttp2/transport/flow_control.cc +51 -97
  91. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  92. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +1 -7
  93. data/src/core/ext/transport/chttp2/transport/frame_ping.h +0 -3
  94. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  95. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +118 -222
  96. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +296 -113
  97. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -0
  98. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
  99. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +466 -273
  100. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -3
  101. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +15 -12
  102. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +9 -1
  103. data/src/core/ext/transport/chttp2/transport/internal.h +21 -21
  104. data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
  105. data/src/core/ext/transport/chttp2/transport/writing.cc +24 -8
  106. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  107. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +87 -52
  108. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +414 -181
  109. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +121 -60
  110. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +481 -224
  111. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +90 -55
  112. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +415 -188
  113. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +357 -210
  114. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +1572 -729
  115. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +30 -17
  116. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +144 -47
  117. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +34 -21
  118. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +160 -62
  119. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +27 -14
  120. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +78 -38
  121. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +20 -11
  122. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +48 -26
  123. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +20 -11
  124. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +48 -26
  125. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +109 -62
  126. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +566 -244
  127. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +21 -12
  128. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +45 -30
  129. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +22 -19
  130. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +82 -29
  131. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +23 -16
  132. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +45 -30
  133. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +230 -143
  134. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +733 -404
  135. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +417 -262
  136. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1850 -888
  137. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -41
  138. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +286 -148
  139. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +531 -334
  140. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +2017 -1131
  141. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +21 -12
  142. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +45 -30
  143. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +89 -52
  144. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +347 -232
  145. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +264 -165
  146. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +888 -476
  147. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +139 -80
  148. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +527 -274
  149. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +22 -13
  150. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +50 -36
  151. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +380 -221
  152. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +1168 -611
  153. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +166 -94
  154. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +666 -292
  155. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +18 -11
  156. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +37 -26
  157. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +21 -12
  158. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +45 -30
  159. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +30 -17
  160. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +144 -47
  161. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +274 -167
  162. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +789 -440
  163. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +228 -137
  164. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +1100 -501
  165. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +22 -13
  166. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +60 -37
  167. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +350 -209
  168. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +1083 -635
  169. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +44 -11
  170. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +175 -18
  171. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +34 -19
  172. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +118 -56
  173. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +38 -21
  174. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +148 -64
  175. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +31 -18
  176. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +143 -65
  177. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +22 -13
  178. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +51 -37
  179. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +78 -43
  180. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +265 -127
  181. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +145 -88
  182. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +438 -241
  183. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +115 -62
  184. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +559 -227
  185. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +18 -11
  186. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +35 -26
  187. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +187 -109
  188. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +956 -421
  189. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +172 -95
  190. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +864 -374
  191. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +49 -25
  192. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -100
  193. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +39 -18
  194. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +74 -56
  195. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +28 -15
  196. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +71 -45
  197. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +131 -74
  198. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +489 -249
  199. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +135 -80
  200. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +505 -245
  201. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +256 -129
  202. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +996 -397
  203. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +80 -49
  204. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +616 -201
  205. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +1283 -774
  206. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +5430 -2509
  207. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +49 -28
  208. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +164 -84
  209. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +228 -141
  210. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +738 -399
  211. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +20 -11
  212. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +48 -26
  213. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +21 -12
  214. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +45 -30
  215. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +32 -19
  216. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +70 -49
  217. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +27 -14
  218. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +110 -43
  219. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +46 -25
  220. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +259 -100
  221. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +21 -13
  222. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +45 -30
  223. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +18 -11
  224. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +35 -26
  225. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +42 -23
  226. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +108 -70
  227. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +7 -4
  228. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +21 -16
  229. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +43 -24
  230. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +110 -75
  231. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +30 -17
  232. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +95 -50
  233. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +16 -9
  234. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +73 -23
  235. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +60 -37
  236. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +150 -108
  237. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +74 -43
  238. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +357 -167
  239. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +44 -25
  240. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +114 -80
  241. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -20
  242. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +245 -82
  243. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +32 -19
  244. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +73 -51
  245. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +474 -292
  246. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +2144 -1055
  247. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +18 -11
  248. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +35 -26
  249. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +34 -19
  250. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +125 -67
  251. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +72 -45
  252. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +193 -138
  253. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +34 -19
  254. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +131 -66
  255. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +18 -11
  256. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +35 -26
  257. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +7 -4
  258. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +15 -10
  259. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +184 -96
  260. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +907 -360
  261. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +56 -33
  262. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +150 -101
  263. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +188 -111
  264. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +816 -419
  265. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +32 -19
  266. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +109 -53
  267. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +10 -7
  268. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +18 -14
  269. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +300 -177
  270. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +1284 -522
  271. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +42 -23
  272. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +188 -75
  273. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +130 -83
  274. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +510 -238
  275. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +22 -13
  276. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +55 -34
  277. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +39 -26
  278. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +124 -68
  279. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +21 -12
  280. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +47 -30
  281. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +60 -26
  282. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +130 -51
  283. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +37 -20
  284. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +133 -63
  285. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +22 -13
  286. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +91 -40
  287. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +21 -12
  288. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +50 -32
  289. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +18 -11
  290. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +37 -26
  291. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +46 -27
  292. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +101 -70
  293. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +13 -10
  294. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +25 -22
  295. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +40 -23
  296. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +161 -75
  297. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +31 -18
  298. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +114 -56
  299. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +46 -29
  300. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +139 -91
  301. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +65 -42
  302. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +200 -121
  303. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +80 -45
  304. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +208 -131
  305. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +34 -21
  306. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +74 -53
  307. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +7 -4
  308. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +13 -8
  309. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +16 -9
  310. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +28 -18
  311. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +28 -15
  312. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +55 -34
  313. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +43 -22
  314. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +91 -53
  315. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +35 -20
  316. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +92 -57
  317. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +7 -4
  318. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +13 -8
  319. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +20 -11
  320. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +48 -26
  321. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +23 -14
  322. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +61 -41
  323. data/src/core/ext/upb-generated/google/api/annotations.upb.c +14 -11
  324. data/src/core/ext/upb-generated/google/api/annotations.upb.h +30 -20
  325. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +255 -154
  326. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +934 -450
  327. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +299 -180
  328. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +946 -483
  329. data/src/core/ext/upb-generated/google/api/http.upb.c +68 -35
  330. data/src/core/ext/upb-generated/google/api/http.upb.h +284 -120
  331. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +22 -13
  332. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +95 -37
  333. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +19 -10
  334. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +38 -22
  335. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +1018 -424
  336. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +3851 -1412
  337. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +19 -10
  338. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +38 -22
  339. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +10 -7
  340. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +18 -14
  341. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +62 -39
  342. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +207 -102
  343. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +19 -10
  344. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +38 -22
  345. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +90 -51
  346. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +157 -107
  347. data/src/core/ext/upb-generated/google/rpc/status.upb.c +22 -13
  348. data/src/core/ext/upb-generated/google/rpc/status.upb.h +95 -37
  349. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +59 -34
  350. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +154 -92
  351. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +43 -24
  352. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +118 -60
  353. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +250 -145
  354. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +919 -415
  355. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +34 -19
  356. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +76 -51
  357. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +25 -14
  358. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +45 -30
  359. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +144 -81
  360. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +405 -217
  361. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +51 -26
  362. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +153 -61
  363. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +173 -102
  364. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +855 -298
  365. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +68 -49
  366. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +155 -104
  367. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +26 -17
  368. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +55 -34
  369. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +12 -9
  370. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +31 -14
  371. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +26 -17
  372. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +55 -34
  373. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +23 -16
  374. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +45 -30
  375. data/src/core/ext/upb-generated/validate/validate.upb.c +845 -455
  376. data/src/core/ext/upb-generated/validate/validate.upb.h +4347 -1908
  377. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +68 -49
  378. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +155 -104
  379. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +26 -17
  380. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +55 -34
  381. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +12 -9
  382. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +31 -14
  383. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +65 -44
  384. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +137 -91
  385. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +23 -16
  386. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +45 -30
  387. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +16 -9
  388. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +28 -18
  389. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +21 -12
  390. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +45 -30
  391. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +37 -22
  392. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +96 -63
  393. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +26 -17
  394. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +52 -29
  395. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +21 -12
  396. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +45 -30
  397. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +23 -14
  398. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +62 -42
  399. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +44 -25
  400. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +169 -79
  401. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +27 -14
  402. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +65 -38
  403. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +86 -31
  404. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +218 -58
  405. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +21 -12
  406. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +89 -34
  407. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +18 -11
  408. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +35 -26
  409. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +32 -19
  410. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +150 -54
  411. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +10 -7
  412. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +18 -14
  413. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +34 -21
  414. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +161 -63
  415. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +162 -101
  416. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +501 -293
  417. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +85 -52
  418. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +430 -164
  419. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +24 -15
  420. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +53 -37
  421. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +40 -23
  422. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +161 -75
  423. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +37 -22
  424. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +92 -66
  425. data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +43 -22
  426. data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +91 -53
  427. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +21 -12
  428. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +45 -30
  429. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +1 -1
  430. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +6 -5
  431. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +1 -1
  432. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +6 -5
  433. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +1 -1
  434. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +6 -5
  435. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +1 -1
  436. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +6 -5
  437. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +1 -1
  438. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +6 -5
  439. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +1 -1
  440. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +6 -5
  441. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +1 -1
  442. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +6 -5
  443. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +1 -1
  444. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +6 -5
  445. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +1 -1
  446. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +6 -5
  447. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +1 -1
  448. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +6 -5
  449. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +1 -1
  450. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +6 -5
  451. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +1 -1
  452. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +6 -5
  453. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +1 -1
  454. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +6 -5
  455. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +1 -1
  456. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +6 -5
  457. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +251 -248
  458. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +6 -5
  459. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +1 -1
  460. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +6 -5
  461. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +1 -1
  462. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +6 -5
  463. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +1 -1
  464. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +6 -5
  465. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +1 -1
  466. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +6 -5
  467. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +1 -1
  468. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +6 -5
  469. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +1 -1
  470. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +6 -5
  471. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +1 -1
  472. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +6 -5
  473. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +1 -1
  474. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +6 -5
  475. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +13 -12
  476. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +11 -5
  477. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +1 -1
  478. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +6 -5
  479. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +1 -1
  480. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +6 -5
  481. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +1 -1
  482. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +6 -5
  483. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +1 -1
  484. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +6 -5
  485. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +1 -1
  486. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +6 -5
  487. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +1 -1
  488. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +6 -5
  489. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +140 -137
  490. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +6 -5
  491. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +32 -16
  492. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +11 -5
  493. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +1 -1
  494. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +6 -5
  495. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +1 -1
  496. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +6 -5
  497. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +1 -1
  498. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +6 -5
  499. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +1 -1
  500. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +6 -5
  501. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +1 -1
  502. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +6 -5
  503. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +1 -1
  504. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +6 -5
  505. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +1 -1
  506. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +6 -5
  507. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +1 -1
  508. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +6 -5
  509. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +13 -10
  510. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +21 -5
  511. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +1 -1
  512. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +6 -5
  513. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +55 -46
  514. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +6 -5
  515. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +1 -1
  516. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +6 -5
  517. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +1 -1
  518. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +6 -5
  519. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +1 -1
  520. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +6 -5
  521. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +1 -1
  522. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +6 -5
  523. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +142 -120
  524. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +16 -5
  525. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +1 -1
  526. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +6 -5
  527. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +101 -98
  528. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +6 -5
  529. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +1 -1
  530. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +6 -5
  531. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +1 -1
  532. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +6 -5
  533. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +1 -1
  534. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +6 -5
  535. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +1 -1
  536. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +6 -5
  537. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +1 -1
  538. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +6 -5
  539. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +1 -1
  540. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +6 -5
  541. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +1 -1
  542. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +6 -5
  543. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +16 -19
  544. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +6 -5
  545. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +1 -1
  546. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +6 -5
  547. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +1 -1
  548. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +6 -5
  549. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +1 -1
  550. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +6 -5
  551. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +1 -1
  552. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +6 -5
  553. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +1 -1
  554. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +6 -5
  555. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +1 -1
  556. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +6 -5
  557. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +1 -1
  558. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +6 -5
  559. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +1 -1
  560. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +6 -5
  561. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +1 -1
  562. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +6 -5
  563. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +1 -1
  564. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +6 -5
  565. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +1 -1
  566. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +6 -5
  567. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +126 -115
  568. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +6 -5
  569. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +1 -1
  570. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +6 -5
  571. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +1 -1
  572. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +6 -5
  573. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +138 -136
  574. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +6 -5
  575. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +1 -1
  576. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +6 -5
  577. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +118 -118
  578. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +6 -5
  579. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +1 -1
  580. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +6 -5
  581. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +6 -6
  582. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +6 -5
  583. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +1 -1
  584. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +6 -5
  585. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +6 -6
  586. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +6 -5
  587. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +12 -13
  588. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +6 -5
  589. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +1 -1
  590. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +6 -5
  591. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +1 -1
  592. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +6 -5
  593. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +1 -1
  594. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +6 -5
  595. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +13 -10
  596. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +11 -5
  597. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +1 -1
  598. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +6 -5
  599. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +1 -1
  600. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +6 -5
  601. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +1 -1
  602. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +6 -5
  603. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +1 -1
  604. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +6 -5
  605. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +1 -1
  606. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +6 -5
  607. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +1 -1
  608. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +6 -5
  609. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +1 -1
  610. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +6 -5
  611. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +1 -1
  612. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +6 -5
  613. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +1 -1
  614. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +6 -5
  615. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +1 -1
  616. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +6 -5
  617. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +1 -1
  618. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +6 -5
  619. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +1 -1
  620. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +6 -5
  621. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +1 -1
  622. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +6 -5
  623. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +1 -1
  624. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +6 -5
  625. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +1 -1
  626. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +6 -5
  627. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +1 -1
  628. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +6 -5
  629. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +1 -1
  630. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +6 -5
  631. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +1 -1
  632. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +6 -5
  633. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +1 -1
  634. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +6 -5
  635. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +1 -1
  636. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +6 -5
  637. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +1 -1
  638. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +6 -5
  639. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +1 -1
  640. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +6 -5
  641. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +1 -1
  642. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +6 -5
  643. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +1 -1
  644. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +6 -5
  645. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +1 -1
  646. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +6 -5
  647. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +1 -1
  648. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +6 -5
  649. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +329 -273
  650. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +11 -5
  651. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +1 -1
  652. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +6 -5
  653. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +1 -1
  654. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +6 -5
  655. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +1 -1
  656. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +6 -5
  657. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +1 -1
  658. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +6 -5
  659. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +1 -1
  660. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +6 -5
  661. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +1 -1
  662. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +6 -5
  663. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +1 -1
  664. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +6 -5
  665. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +1 -1
  666. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +6 -5
  667. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +1 -1
  668. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +6 -5
  669. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +1 -1
  670. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +6 -5
  671. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +1 -1
  672. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +6 -5
  673. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +1 -1
  674. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +6 -5
  675. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +1 -1
  676. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +6 -5
  677. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +1 -1
  678. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +6 -5
  679. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +1 -1
  680. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +6 -5
  681. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +1 -1
  682. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +6 -5
  683. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +1 -1
  684. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +6 -5
  685. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +1 -1
  686. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +6 -5
  687. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +1 -1
  688. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +6 -5
  689. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +1 -1
  690. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +6 -5
  691. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +1 -1
  692. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +6 -5
  693. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +1 -1
  694. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +6 -5
  695. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +1 -1
  696. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +6 -5
  697. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +1 -1
  698. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +6 -5
  699. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +1 -1
  700. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +6 -5
  701. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +1 -1
  702. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +6 -5
  703. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +1 -1
  704. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +6 -5
  705. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +1 -1
  706. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +6 -5
  707. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +1 -1
  708. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +6 -5
  709. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +1 -1
  710. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +6 -5
  711. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +1 -1
  712. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +6 -5
  713. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +1 -1
  714. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +6 -5
  715. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +1 -1
  716. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +6 -5
  717. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +1 -1
  718. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +6 -5
  719. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +1 -1
  720. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +6 -5
  721. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +1 -1
  722. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +6 -5
  723. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +1 -1
  724. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +6 -5
  725. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +1 -1
  726. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +6 -5
  727. data/src/core/ext/xds/certificate_provider_store.cc +8 -13
  728. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  729. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
  730. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
  731. data/src/core/ext/xds/upb_utils.h +1 -1
  732. data/src/core/ext/xds/xds_api.cc +41 -18
  733. data/src/core/ext/xds/xds_api.h +5 -4
  734. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  735. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  736. data/src/core/ext/xds/xds_bootstrap.cc +3 -3
  737. data/src/core/ext/xds/xds_bootstrap_grpc.cc +35 -23
  738. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
  739. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  740. data/src/core/ext/xds/xds_client.cc +29 -7
  741. data/src/core/ext/xds/xds_client.h +1 -1
  742. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  743. data/src/core/ext/xds/xds_client_stats.h +24 -20
  744. data/src/core/ext/xds/xds_cluster.cc +44 -51
  745. data/src/core/ext/xds/xds_cluster.h +1 -2
  746. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +15 -11
  747. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +2 -2
  748. data/src/core/ext/xds/xds_common_types.cc +8 -5
  749. data/src/core/ext/xds/xds_endpoint.cc +10 -4
  750. data/src/core/ext/xds/xds_endpoint.h +10 -2
  751. data/src/core/ext/xds/xds_http_fault_filter.cc +18 -15
  752. data/src/core/ext/xds/xds_http_fault_filter.h +3 -2
  753. data/src/core/ext/xds/xds_http_filters.h +7 -4
  754. data/src/core/ext/xds/xds_http_rbac_filter.cc +159 -74
  755. data/src/core/ext/xds/xds_http_rbac_filter.h +3 -2
  756. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +17 -13
  757. data/src/core/ext/xds/xds_http_stateful_session_filter.h +3 -2
  758. data/src/core/ext/xds/xds_lb_policy_registry.cc +36 -35
  759. data/src/core/ext/xds/xds_listener.cc +11 -4
  760. data/src/core/ext/xds/xds_listener.h +1 -1
  761. data/src/core/ext/xds/xds_resource_type.h +2 -2
  762. data/src/core/ext/xds/xds_route_config.cc +48 -8
  763. data/src/core/ext/xds/xds_route_config.h +1 -1
  764. data/src/core/ext/xds/xds_routing.cc +2 -2
  765. data/src/core/ext/xds/xds_transport_grpc.cc +4 -2
  766. data/src/core/lib/avl/avl.h +5 -0
  767. data/src/core/lib/backoff/random_early_detection.cc +31 -0
  768. data/src/core/lib/backoff/random_early_detection.h +59 -0
  769. data/src/core/lib/channel/call_finalization.h +1 -1
  770. data/src/core/lib/channel/call_tracer.cc +51 -0
  771. data/src/core/lib/channel/call_tracer.h +101 -38
  772. data/src/core/lib/channel/channel_args.cc +80 -22
  773. data/src/core/lib/channel/channel_args.h +34 -1
  774. data/src/core/lib/channel/channel_trace.cc +16 -12
  775. data/src/core/lib/channel/channelz.cc +163 -135
  776. data/src/core/lib/channel/channelz.h +42 -35
  777. data/src/core/lib/channel/channelz_registry.cc +24 -20
  778. data/src/core/lib/channel/connected_channel.cc +542 -1043
  779. data/src/core/lib/channel/context.h +8 -1
  780. data/src/core/lib/channel/promise_based_filter.cc +100 -46
  781. data/src/core/lib/channel/promise_based_filter.h +29 -13
  782. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  783. data/src/core/lib/compression/compression_internal.cc +2 -5
  784. data/src/core/lib/config/config_vars.cc +153 -0
  785. data/src/core/lib/config/config_vars.h +127 -0
  786. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  787. data/src/core/lib/config/load_config.cc +79 -0
  788. data/src/core/lib/config/load_config.h +55 -0
  789. data/src/core/lib/debug/event_log.h +1 -1
  790. data/src/core/lib/debug/stats_data.h +1 -1
  791. data/src/core/lib/debug/trace.cc +38 -61
  792. data/src/core/lib/debug/trace.h +14 -9
  793. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  794. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  795. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  796. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  797. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  798. data/src/core/lib/event_engine/default_event_engine.cc +13 -1
  799. data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
  800. data/src/core/lib/event_engine/event_engine.cc +37 -2
  801. data/src/core/lib/event_engine/handle_containers.h +7 -22
  802. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  803. data/src/core/lib/event_engine/poller.h +2 -2
  804. data/src/core/lib/event_engine/posix.h +4 -0
  805. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  806. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  807. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  808. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
  809. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  810. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +17 -8
  811. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +47 -50
  812. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
  813. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +9 -6
  814. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
  815. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +33 -19
  816. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +3 -3
  817. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
  818. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  819. data/src/core/lib/event_engine/shim.cc +9 -1
  820. data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
  821. data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
  822. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  823. data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
  824. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  825. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  826. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  827. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  828. data/src/core/lib/event_engine/trace.cc +1 -0
  829. data/src/core/lib/event_engine/trace.h +6 -0
  830. data/src/core/lib/event_engine/windows/iocp.cc +4 -3
  831. data/src/core/lib/event_engine/windows/iocp.h +3 -3
  832. data/src/core/lib/event_engine/windows/win_socket.cc +6 -7
  833. data/src/core/lib/event_engine/windows/win_socket.h +4 -4
  834. data/src/core/lib/event_engine/windows/windows_endpoint.cc +135 -87
  835. data/src/core/lib/event_engine/windows/windows_endpoint.h +23 -6
  836. data/src/core/lib/event_engine/windows/windows_engine.cc +55 -32
  837. data/src/core/lib/event_engine/windows/windows_engine.h +8 -7
  838. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  839. data/src/core/lib/event_engine/windows/windows_listener.h +156 -0
  840. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  841. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  842. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  843. data/src/core/lib/experiments/config.cc +41 -17
  844. data/src/core/lib/experiments/config.h +16 -0
  845. data/src/core/lib/experiments/experiments.cc +74 -17
  846. data/src/core/lib/experiments/experiments.h +35 -18
  847. data/src/core/lib/gpr/log.cc +15 -28
  848. data/src/core/lib/gpr/log_internal.h +55 -0
  849. data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +5 -0
  850. data/src/core/lib/gprpp/crash.cc +10 -0
  851. data/src/core/lib/gprpp/crash.h +3 -0
  852. data/src/core/lib/gprpp/fork.cc +8 -14
  853. data/src/core/lib/gprpp/orphanable.h +4 -3
  854. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  855. data/src/core/lib/gprpp/per_cpu.h +33 -4
  856. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  857. data/src/core/lib/gprpp/ref_counted.h +33 -34
  858. data/src/core/lib/gprpp/status_helper.cc +2 -2
  859. data/src/core/lib/gprpp/thd.h +16 -0
  860. data/src/core/lib/gprpp/time.cc +2 -0
  861. data/src/core/lib/gprpp/time.h +4 -4
  862. data/src/core/lib/gprpp/validation_errors.cc +8 -3
  863. data/src/core/lib/gprpp/validation_errors.h +16 -9
  864. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  865. data/src/core/lib/iomgr/buffer_list.h +0 -1
  866. data/src/core/lib/iomgr/call_combiner.h +2 -2
  867. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  868. data/src/core/lib/iomgr/endpoint_cfstream.cc +14 -10
  869. data/src/core/lib/iomgr/endpoint_pair.h +2 -2
  870. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  871. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  872. data/src/core/lib/iomgr/ev_apple.cc +12 -12
  873. data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
  874. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  875. data/src/core/lib/iomgr/ev_posix.h +0 -3
  876. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +118 -77
  877. data/src/core/lib/iomgr/iocp_windows.cc +24 -3
  878. data/src/core/lib/iomgr/iocp_windows.h +11 -0
  879. data/src/core/lib/iomgr/iomgr.cc +4 -8
  880. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
  881. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  882. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  883. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  884. data/src/core/lib/iomgr/socket_utils_common_posix.cc +20 -5
  885. data/src/core/lib/iomgr/socket_utils_posix.cc +3 -0
  886. data/src/core/lib/iomgr/socket_utils_posix.h +3 -0
  887. data/src/core/lib/iomgr/socket_windows.cc +61 -7
  888. data/src/core/lib/iomgr/socket_windows.h +9 -2
  889. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
  890. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -0
  891. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  892. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  893. data/src/core/lib/iomgr/tcp_server_posix.cc +150 -120
  894. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  895. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  896. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  897. data/src/core/lib/iomgr/timer_generic.cc +17 -16
  898. data/src/core/lib/json/json.h +2 -218
  899. data/src/core/lib/json/json_object_loader.cc +24 -25
  900. data/src/core/lib/json/json_object_loader.h +30 -18
  901. data/src/core/lib/json/json_reader.cc +69 -42
  902. data/src/core/{ext/filters/client_channel/lb_call_state_internal.h → lib/json/json_reader.h} +7 -12
  903. data/src/core/lib/json/json_util.cc +10 -15
  904. data/src/core/lib/json/json_util.h +5 -4
  905. data/src/core/lib/json/json_writer.cc +24 -25
  906. data/src/core/lib/{security/security_connector/ssl_utils_config.h → json/json_writer.h} +14 -10
  907. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  908. data/src/core/lib/load_balancing/lb_policy.h +17 -2
  909. data/src/core/lib/load_balancing/lb_policy_registry.cc +9 -8
  910. data/src/core/lib/matchers/matchers.cc +3 -4
  911. data/src/core/lib/matchers/matchers.h +2 -1
  912. data/src/core/lib/promise/activity.cc +27 -6
  913. data/src/core/lib/promise/activity.h +71 -24
  914. data/src/core/lib/promise/cancel_callback.h +77 -0
  915. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  916. data/src/core/lib/promise/detail/promise_factory.h +5 -1
  917. data/src/core/lib/promise/for_each.h +176 -0
  918. data/src/core/lib/promise/if.h +9 -0
  919. data/src/core/lib/promise/interceptor_list.h +23 -2
  920. data/src/core/lib/promise/latch.h +89 -3
  921. data/src/core/lib/promise/loop.h +13 -9
  922. data/src/core/lib/promise/map.h +7 -0
  923. data/src/core/lib/promise/party.cc +304 -0
  924. data/src/core/lib/promise/party.h +508 -0
  925. data/src/core/lib/promise/pipe.h +213 -59
  926. data/src/core/lib/promise/poll.h +48 -0
  927. data/src/core/lib/promise/prioritized_race.h +95 -0
  928. data/src/core/lib/promise/promise.h +2 -2
  929. data/src/core/lib/promise/sleep.cc +2 -1
  930. data/src/core/lib/resolver/server_address.cc +0 -8
  931. data/src/core/lib/resolver/server_address.h +0 -6
  932. data/src/core/lib/resource_quota/arena.cc +19 -3
  933. data/src/core/lib/resource_quota/arena.h +119 -5
  934. data/src/core/lib/resource_quota/memory_quota.cc +8 -8
  935. data/src/core/lib/resource_quota/memory_quota.h +1 -2
  936. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  937. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  938. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
  939. data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
  940. data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
  941. data/src/core/lib/security/authorization/rbac_policy.h +19 -2
  942. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  943. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  944. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
  945. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  946. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
  947. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +66 -84
  948. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  949. data/src/core/lib/security/credentials/external/external_account_credentials.cc +64 -64
  950. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +23 -21
  951. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +29 -27
  952. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +5 -61
  953. data/src/core/lib/security/credentials/jwt/json_token.cc +19 -16
  954. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +10 -5
  955. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +40 -38
  956. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +28 -21
  957. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  958. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  959. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  960. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
  961. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  962. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  963. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  964. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  965. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  966. data/src/core/lib/security/util/json_util.cc +6 -5
  967. data/src/core/lib/service_config/service_config_call_data.h +49 -20
  968. data/src/core/lib/service_config/service_config_impl.cc +13 -6
  969. data/src/core/lib/slice/slice.cc +1 -1
  970. data/src/core/lib/slice/slice.h +2 -0
  971. data/src/core/lib/surface/builtins.cc +2 -0
  972. data/src/core/lib/surface/call.cc +1011 -1049
  973. data/src/core/lib/surface/call.h +11 -5
  974. data/src/core/lib/surface/completion_queue.cc +8 -3
  975. data/src/core/lib/surface/lame_client.cc +1 -0
  976. data/src/core/lib/surface/server.cc +47 -19
  977. data/src/core/lib/surface/validate_metadata.cc +43 -42
  978. data/src/core/lib/surface/validate_metadata.h +9 -0
  979. data/src/core/lib/surface/version.cc +2 -2
  980. data/src/core/lib/transport/batch_builder.cc +182 -0
  981. data/src/core/lib/transport/batch_builder.h +480 -0
  982. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  983. data/src/core/lib/transport/bdp_estimator.h +10 -6
  984. data/src/core/lib/transport/custom_metadata.h +30 -0
  985. data/src/core/lib/transport/metadata_batch.cc +9 -6
  986. data/src/core/lib/transport/metadata_batch.h +124 -31
  987. data/src/core/lib/transport/metadata_compression_traits.h +67 -0
  988. data/src/core/lib/transport/parsed_metadata.h +19 -9
  989. data/src/core/lib/transport/simple_slice_based_metadata.h +48 -0
  990. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  991. data/src/core/lib/transport/transport.cc +30 -2
  992. data/src/core/lib/transport/transport.h +73 -14
  993. data/src/core/lib/transport/transport_impl.h +7 -0
  994. data/src/core/lib/transport/transport_op_string.cc +52 -42
  995. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -8
  996. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  997. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  998. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  999. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  1000. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  1001. data/src/core/tsi/ssl_transport_security.cc +4 -2
  1002. data/src/ruby/ext/grpc/extconf.rb +8 -9
  1003. data/src/ruby/lib/grpc/version.rb +1 -1
  1004. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  1005. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  1006. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  1007. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  1008. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  1009. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  1010. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  1011. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  1012. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  1013. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  1014. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  1015. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  1016. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  1017. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  1018. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  1019. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  1020. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  1021. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  1022. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  1023. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  1024. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  1025. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  1026. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  1027. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  1028. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  1029. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  1030. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  1031. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  1032. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  1033. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  1034. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  1035. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  1036. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  1037. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  1038. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +177 -196
  1039. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  1040. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  1041. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  1042. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  1043. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  1044. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  1045. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  1046. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  1047. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  1048. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  1049. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  1050. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  1051. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +135 -90
  1052. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  1053. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +797 -793
  1054. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +529 -526
  1055. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  1056. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  1057. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  1058. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  1059. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  1060. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +17 -11
  1061. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +37 -51
  1062. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  1063. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +13 -9
  1064. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +22 -19
  1065. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +5 -5
  1066. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  1067. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  1068. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  1069. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +40 -27
  1070. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  1071. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  1072. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  1073. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  1074. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  1075. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  1076. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  1077. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  1078. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  1079. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  1080. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  1081. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  1082. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  1083. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  1084. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  1085. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  1086. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +34 -37
  1087. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +22 -11
  1088. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  1089. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  1090. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  1091. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  1092. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  1093. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  1094. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  1095. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  1096. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  1097. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  1098. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  1099. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  1100. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  1101. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  1102. data/third_party/boringssl-with-bazel/src/crypto/{cpu-ppc64le.c → cpu_arm_openbsd.c} +10 -17
  1103. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  1104. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  1105. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +22 -31
  1106. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  1107. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  1108. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  1109. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  1110. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  1111. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  1112. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  1113. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  1114. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +43 -16
  1115. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  1116. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  1117. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  1118. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +229 -102
  1119. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +31 -7
  1120. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  1121. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  1122. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  1123. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  1124. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  1125. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  1126. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  1127. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  1128. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  1129. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  1130. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  1131. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  1132. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  1133. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +6 -6
  1134. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  1135. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  1136. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  1137. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  1138. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  1139. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  1140. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  1141. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  1142. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  1143. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  1144. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  1145. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  1146. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +36 -27
  1147. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  1148. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  1149. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  1150. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  1151. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  1152. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  1153. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  1154. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  1155. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  1156. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  1157. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  1158. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  1159. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  1160. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  1161. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  1162. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  1163. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  1164. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  1165. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  1166. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  1167. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  1168. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  1169. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  1170. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  1171. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  1172. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  1173. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  1174. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +24 -6
  1175. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  1176. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  1177. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  1178. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +49 -49
  1179. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +92 -18
  1180. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +12 -12
  1181. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +108 -86
  1182. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +55 -25
  1183. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +55 -71
  1184. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  1185. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +72 -65
  1186. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  1187. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +62 -51
  1188. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  1189. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  1190. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +12 -17
  1191. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +25 -26
  1192. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -14
  1193. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +9 -1
  1194. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +44 -16
  1195. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  1196. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  1197. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  1198. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -23
  1199. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  1200. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +3 -8
  1201. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +170 -160
  1202. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  1203. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +69 -61
  1204. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +2 -12
  1205. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  1206. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  1207. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  1208. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  1209. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  1210. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  1211. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  1212. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +22 -68
  1213. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  1214. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +43 -16
  1215. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +42 -314
  1216. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +244 -139
  1217. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +144 -205
  1218. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  1219. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +593 -421
  1220. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  1221. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  1222. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  1223. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  1224. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  1225. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  1226. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  1227. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +52 -6
  1228. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +192 -18
  1229. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  1230. data/third_party/boringssl-with-bazel/src/crypto/internal.h +391 -18
  1231. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +91 -0
  1232. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +204 -0
  1233. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +833 -0
  1234. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  1235. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  1236. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  1237. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +9 -4
  1238. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  1239. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  1240. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +633 -613
  1241. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  1242. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  1243. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  1244. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  1245. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  1246. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  1247. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  1248. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  1249. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  1250. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  1251. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  1252. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  1253. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  1254. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  1255. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  1256. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +6 -17
  1257. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  1258. data/third_party/boringssl-with-bazel/src/crypto/{asn1/a_print.c → rsa_extra/internal.h} +15 -21
  1259. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  1260. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  1261. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  1262. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  1263. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  1264. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +128 -34
  1265. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +418 -133
  1266. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +116 -284
  1267. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +701 -87
  1268. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  1269. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +63 -55
  1270. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  1271. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  1272. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  1273. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +285 -331
  1274. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  1275. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  1276. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +68 -50
  1277. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +132 -151
  1278. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +790 -0
  1279. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  1280. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  1281. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  1282. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +220 -254
  1283. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  1284. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  1285. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +136 -270
  1286. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  1287. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  1288. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  1289. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  1290. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +528 -616
  1291. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  1292. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +164 -181
  1293. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  1294. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +186 -203
  1295. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  1296. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  1297. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1864 -2050
  1298. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +380 -480
  1299. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  1300. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +266 -265
  1301. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  1302. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  1303. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  1304. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  1305. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  1306. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +329 -416
  1307. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  1308. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  1309. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  1310. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  1311. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  1312. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  1313. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  1314. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  1315. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  1316. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  1317. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  1318. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  1319. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +79 -171
  1320. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  1321. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  1322. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  1323. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  1324. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  1325. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +294 -344
  1326. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +342 -365
  1327. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  1328. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  1329. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  1330. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  1331. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  1332. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +120 -125
  1333. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  1334. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +228 -265
  1335. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  1336. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  1337. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  1338. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  1339. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +130 -135
  1340. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +652 -691
  1341. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +90 -75
  1342. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1063 -1145
  1343. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +13 -11
  1344. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  1345. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +217 -191
  1346. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  1347. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +50 -14
  1348. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +29 -14
  1349. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  1350. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  1351. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  1352. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  1353. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  1354. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  1355. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  1356. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  1357. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  1358. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  1359. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  1360. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  1361. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  1362. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  1363. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  1364. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +25 -33
  1365. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  1366. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  1367. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +69 -16
  1368. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  1369. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +128 -0
  1370. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  1371. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +7 -3
  1372. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +8 -1
  1373. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  1374. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -18
  1375. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  1376. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  1377. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +98 -5
  1378. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  1379. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -21
  1380. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +285 -92
  1381. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  1382. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +381 -287
  1383. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +9 -6
  1384. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  1385. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +22 -7
  1386. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +57 -23
  1387. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  1388. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2075 -1407
  1389. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +241 -212
  1390. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  1391. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  1392. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  1393. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  1394. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  1395. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +45 -26
  1396. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +64 -35
  1397. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  1398. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  1399. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +53 -34
  1400. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  1401. data/third_party/boringssl-with-bazel/src/ssl/internal.h +200 -121
  1402. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +47 -12
  1403. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  1404. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  1405. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  1406. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +47 -69
  1407. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  1408. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  1409. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +217 -226
  1410. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +78 -101
  1411. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +106 -142
  1412. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +244 -35
  1413. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +167 -64
  1414. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +41 -32
  1415. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  1416. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  1417. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  1418. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +7 -44
  1419. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  1420. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +7 -23
  1421. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +25 -34
  1422. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  1423. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  1424. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  1425. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  1426. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  1427. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  1428. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  1429. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  1430. data/third_party/cares/cares/include/ares.h +23 -1
  1431. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  1432. data/third_party/cares/cares/include/ares_rules.h +2 -2
  1433. data/third_party/cares/cares/include/ares_version.h +3 -3
  1434. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  1435. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  1436. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  1437. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  1438. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  1439. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  1440. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  1441. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  1442. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  1443. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  1444. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  1445. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  1446. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  1447. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  1448. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  1449. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  1450. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  1451. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  1452. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  1453. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  1454. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  1455. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  1456. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  1457. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  1458. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  1459. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  1460. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  1461. data/third_party/upb/upb/{table_internal.h → alloc.h} +6 -6
  1462. data/third_party/upb/upb/arena.h +4 -193
  1463. data/third_party/upb/upb/array.h +4 -51
  1464. data/third_party/upb/upb/base/descriptor_constants.h +104 -0
  1465. data/third_party/upb/upb/base/log2.h +57 -0
  1466. data/third_party/upb/upb/{status.c → base/status.c} +2 -7
  1467. data/third_party/upb/upb/base/status.h +66 -0
  1468. data/third_party/upb/upb/base/string_view.h +75 -0
  1469. data/third_party/upb/upb/{array.c → collections/array.c} +67 -36
  1470. data/third_party/upb/upb/collections/array.h +85 -0
  1471. data/third_party/upb/upb/collections/array_internal.h +135 -0
  1472. data/third_party/upb/upb/{map.c → collections/map.c} +53 -26
  1473. data/third_party/upb/upb/collections/map.h +135 -0
  1474. data/third_party/upb/upb/collections/map_gencode_util.h +78 -0
  1475. data/third_party/upb/upb/collections/map_internal.h +170 -0
  1476. data/third_party/upb/upb/collections/map_sorter.c +166 -0
  1477. data/third_party/upb/upb/collections/map_sorter_internal.h +109 -0
  1478. data/third_party/upb/upb/{message_value.h → collections/message_value.h} +12 -13
  1479. data/third_party/upb/upb/decode.h +3 -62
  1480. data/third_party/upb/upb/def.h +4 -384
  1481. data/third_party/upb/upb/def.hpp +3 -411
  1482. data/third_party/upb/upb/encode.h +3 -48
  1483. data/third_party/upb/upb/extension_registry.h +3 -52
  1484. data/third_party/upb/upb/{table.c → hash/common.c} +52 -110
  1485. data/third_party/upb/upb/hash/common.h +199 -0
  1486. data/third_party/upb/upb/hash/int_table.h +102 -0
  1487. data/third_party/upb/upb/hash/str_table.h +161 -0
  1488. data/third_party/upb/upb/{json_decode.c → json/decode.c} +63 -98
  1489. data/third_party/upb/upb/json/decode.h +52 -0
  1490. data/third_party/upb/upb/{json_encode.c → json/encode.c} +69 -45
  1491. data/third_party/upb/upb/json/encode.h +70 -0
  1492. data/third_party/upb/upb/json_decode.h +4 -15
  1493. data/third_party/upb/upb/json_encode.h +4 -33
  1494. data/third_party/upb/upb/lex/atoi.c +68 -0
  1495. data/third_party/upb/upb/lex/atoi.h +53 -0
  1496. data/third_party/upb/upb/{upb.c → lex/round_trip.c} +2 -11
  1497. data/third_party/upb/upb/{internal/upb.h → lex/round_trip.h} +17 -30
  1498. data/third_party/upb/upb/lex/strtod.c +97 -0
  1499. data/third_party/upb/upb/lex/strtod.h +46 -0
  1500. data/third_party/upb/upb/lex/unicode.c +57 -0
  1501. data/third_party/upb/upb/lex/unicode.h +77 -0
  1502. data/third_party/upb/upb/map.h +4 -85
  1503. data/third_party/upb/upb/mem/alloc.c +47 -0
  1504. data/third_party/upb/upb/mem/alloc.h +98 -0
  1505. data/third_party/upb/upb/mem/arena.c +367 -0
  1506. data/third_party/upb/upb/mem/arena.h +160 -0
  1507. data/third_party/upb/upb/mem/arena_internal.h +114 -0
  1508. data/third_party/upb/upb/message/accessors.c +68 -0
  1509. data/third_party/upb/upb/message/accessors.h +379 -0
  1510. data/third_party/upb/upb/message/accessors_internal.h +325 -0
  1511. data/third_party/upb/upb/message/extension_internal.h +83 -0
  1512. data/third_party/upb/upb/message/internal.h +135 -0
  1513. data/third_party/upb/upb/message/message.c +180 -0
  1514. data/third_party/upb/upb/message/message.h +69 -0
  1515. data/third_party/upb/upb/mini_table/common.c +128 -0
  1516. data/third_party/upb/upb/mini_table/common.h +170 -0
  1517. data/third_party/upb/upb/mini_table/common_internal.h +111 -0
  1518. data/third_party/upb/upb/{mini_table.c → mini_table/decode.c} +513 -533
  1519. data/third_party/upb/upb/mini_table/decode.h +179 -0
  1520. data/third_party/upb/upb/mini_table/encode.c +300 -0
  1521. data/third_party/upb/upb/mini_table/encode_internal.h +111 -0
  1522. data/third_party/upb/upb/{mini_table.hpp → mini_table/encode_internal.hpp} +32 -8
  1523. data/third_party/upb/upb/mini_table/enum_internal.h +88 -0
  1524. data/third_party/upb/upb/mini_table/extension_internal.h +47 -0
  1525. data/third_party/upb/upb/{extension_registry.c → mini_table/extension_registry.c} +27 -24
  1526. data/third_party/upb/upb/mini_table/extension_registry.h +104 -0
  1527. data/third_party/upb/upb/mini_table/field_internal.h +192 -0
  1528. data/third_party/upb/upb/mini_table/file_internal.h +47 -0
  1529. data/third_party/upb/upb/mini_table/message_internal.h +136 -0
  1530. data/third_party/upb/upb/mini_table/sub_internal.h +38 -0
  1531. data/third_party/upb/upb/mini_table/types.h +40 -0
  1532. data/third_party/upb/upb/mini_table.h +4 -157
  1533. data/third_party/upb/upb/msg.h +3 -38
  1534. data/third_party/upb/upb/port/atomic.h +101 -0
  1535. data/third_party/upb/upb/{port_def.inc → port/def.inc} +94 -27
  1536. data/third_party/upb/upb/{port_undef.inc → port/undef.inc} +13 -3
  1537. data/third_party/upb/upb/{internal → port}/vsnprintf_compat.h +5 -7
  1538. data/third_party/upb/upb/reflection/common.h +67 -0
  1539. data/third_party/upb/upb/reflection/def.h +42 -0
  1540. data/third_party/upb/upb/reflection/def.hpp +610 -0
  1541. data/third_party/upb/upb/reflection/def_builder.c +357 -0
  1542. data/third_party/upb/upb/reflection/def_builder_internal.h +157 -0
  1543. data/third_party/upb/upb/reflection/def_pool.c +462 -0
  1544. data/third_party/upb/upb/reflection/def_pool.h +108 -0
  1545. data/third_party/upb/upb/reflection/def_pool_internal.h +77 -0
  1546. data/third_party/upb/upb/reflection/def_type.c +50 -0
  1547. data/third_party/upb/upb/reflection/def_type.h +81 -0
  1548. data/third_party/upb/upb/reflection/desc_state.c +53 -0
  1549. data/third_party/upb/upb/reflection/desc_state_internal.h +64 -0
  1550. data/third_party/upb/upb/reflection/enum_def.c +310 -0
  1551. data/third_party/upb/upb/reflection/enum_def.h +80 -0
  1552. data/third_party/upb/upb/reflection/enum_def_internal.h +56 -0
  1553. data/third_party/upb/upb/reflection/enum_reserved_range.c +84 -0
  1554. data/third_party/upb/upb/reflection/enum_reserved_range.h +51 -0
  1555. data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +55 -0
  1556. data/third_party/upb/upb/reflection/enum_value_def.c +144 -0
  1557. data/third_party/upb/upb/reflection/enum_value_def.h +57 -0
  1558. data/third_party/upb/upb/reflection/enum_value_def_internal.h +57 -0
  1559. data/third_party/upb/upb/reflection/extension_range.c +93 -0
  1560. data/third_party/upb/upb/reflection/extension_range.h +55 -0
  1561. data/third_party/upb/upb/reflection/extension_range_internal.h +54 -0
  1562. data/third_party/upb/upb/reflection/field_def.c +930 -0
  1563. data/third_party/upb/upb/reflection/field_def.h +91 -0
  1564. data/third_party/upb/upb/reflection/field_def_internal.h +76 -0
  1565. data/third_party/upb/upb/reflection/file_def.c +370 -0
  1566. data/third_party/upb/upb/reflection/file_def.h +77 -0
  1567. data/third_party/upb/upb/reflection/file_def_internal.h +57 -0
  1568. data/third_party/upb/upb/reflection/message.c +233 -0
  1569. data/third_party/upb/upb/reflection/message.h +102 -0
  1570. data/third_party/upb/upb/reflection/message.hpp +37 -0
  1571. data/third_party/upb/upb/reflection/message_def.c +718 -0
  1572. data/third_party/upb/upb/reflection/message_def.h +174 -0
  1573. data/third_party/upb/upb/reflection/message_def_internal.h +63 -0
  1574. data/third_party/upb/upb/reflection/message_reserved_range.c +81 -0
  1575. data/third_party/upb/upb/reflection/message_reserved_range.h +51 -0
  1576. data/third_party/upb/upb/reflection/message_reserved_range_internal.h +55 -0
  1577. data/third_party/upb/upb/reflection/method_def.c +124 -0
  1578. data/third_party/upb/upb/reflection/method_def.h +59 -0
  1579. data/third_party/upb/upb/reflection/method_def_internal.h +53 -0
  1580. data/third_party/upb/upb/reflection/oneof_def.c +226 -0
  1581. data/third_party/upb/upb/reflection/oneof_def.h +66 -0
  1582. data/third_party/upb/upb/reflection/oneof_def_internal.h +57 -0
  1583. data/third_party/upb/upb/reflection/service_def.c +128 -0
  1584. data/third_party/upb/upb/reflection/service_def.h +60 -0
  1585. data/third_party/upb/upb/reflection/service_def_internal.h +53 -0
  1586. data/third_party/upb/upb/reflection.h +4 -78
  1587. data/third_party/upb/upb/reflection.hpp +3 -7
  1588. data/third_party/upb/upb/status.h +4 -34
  1589. data/third_party/upb/upb/{collections.h → string_view.h} +7 -7
  1590. data/third_party/upb/upb/{text_encode.c → text/encode.c} +74 -70
  1591. data/third_party/upb/upb/text/encode.h +69 -0
  1592. data/third_party/upb/upb/text_encode.h +4 -32
  1593. data/third_party/upb/upb/upb.h +6 -151
  1594. data/third_party/upb/upb/upb.hpp +10 -18
  1595. data/third_party/upb/upb/wire/common.h +44 -0
  1596. data/third_party/upb/upb/wire/common_internal.h +50 -0
  1597. data/third_party/upb/upb/wire/decode.c +1343 -0
  1598. data/third_party/upb/upb/wire/decode.h +108 -0
  1599. data/third_party/upb/upb/{decode_fast.c → wire/decode_fast.c} +184 -225
  1600. data/third_party/upb/upb/{decode_fast.h → wire/decode_fast.h} +21 -7
  1601. data/third_party/upb/upb/{internal/decode.h → wire/decode_internal.h} +44 -92
  1602. data/third_party/upb/upb/{encode.c → wire/encode.c} +114 -95
  1603. data/third_party/upb/upb/wire/encode.h +92 -0
  1604. data/third_party/upb/upb/wire/eps_copy_input_stream.c +39 -0
  1605. data/third_party/upb/upb/wire/eps_copy_input_stream.h +425 -0
  1606. data/third_party/upb/upb/wire/reader.c +67 -0
  1607. data/third_party/upb/upb/wire/reader.h +227 -0
  1608. data/third_party/upb/upb/wire/swap_internal.h +63 -0
  1609. data/third_party/upb/upb/wire/types.h +41 -0
  1610. data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-neon.c +1 -1
  1611. data/third_party/{upb/third_party/utf8_range → utf8_range}/utf8_range.h +12 -0
  1612. metadata +302 -116
  1613. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
  1614. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  1615. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  1616. data/src/core/ext/transport/chttp2/transport/context_list.cc +0 -71
  1617. data/src/core/ext/transport/chttp2/transport/context_list.h +0 -54
  1618. data/src/core/lib/gprpp/global_config.h +0 -93
  1619. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  1620. data/src/core/lib/gprpp/global_config_env.h +0 -133
  1621. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  1622. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  1623. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  1624. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  1625. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  1626. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  1627. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  1628. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  1629. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  1630. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  1631. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  1632. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  1633. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  1634. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  1635. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  1636. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  1637. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
  1638. data/third_party/upb/upb/arena.c +0 -277
  1639. data/third_party/upb/upb/decode.c +0 -1221
  1640. data/third_party/upb/upb/def.c +0 -3269
  1641. data/third_party/upb/upb/internal/table.h +0 -385
  1642. data/third_party/upb/upb/msg.c +0 -368
  1643. data/third_party/upb/upb/msg_internal.h +0 -837
  1644. data/third_party/upb/upb/reflection.c +0 -323
  1645. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  1646. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  1647. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  1648. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  1649. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  1650. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  1651. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  1652. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  1653. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  1654. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  1655. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  1656. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  1657. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  1658. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  1659. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  1660. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  1661. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  1662. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  1663. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  1664. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  1665. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  1666. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
  1667. /data/third_party/{upb/third_party/utf8_range → utf8_range}/naive.c +0 -0
  1668. /data/third_party/{upb/third_party/utf8_range → utf8_range}/range2-sse.c +0 -0
@@ -1,4 +1,3 @@
1
- /* v3_purp.c */
2
1
  /*
3
2
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4
3
  * 2001.
@@ -59,8 +58,8 @@
59
58
 
60
59
  #include <string.h>
61
60
 
62
- #include <openssl/err.h>
63
61
  #include <openssl/digest.h>
62
+ #include <openssl/err.h>
64
63
  #include <openssl/mem.h>
65
64
  #include <openssl/obj.h>
66
65
  #include <openssl/thread.h>
@@ -70,13 +69,13 @@
70
69
  #include "../x509/internal.h"
71
70
  #include "internal.h"
72
71
 
73
- #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
72
+ #define V1_ROOT (EXFLAG_V1 | EXFLAG_SS)
74
73
  #define ku_reject(x, usage) \
75
- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
74
+ (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
76
75
  #define xku_reject(x, usage) \
77
- (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
76
+ (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
78
77
  #define ns_reject(x, usage) \
79
- (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
78
+ (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
80
79
 
81
80
  static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
82
81
  int ca);
@@ -96,16 +95,14 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
96
95
  static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
97
96
  static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
98
97
 
99
- static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b);
98
+ static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
100
99
  static void xptable_free(X509_PURPOSE *p);
101
100
 
102
101
  static X509_PURPOSE xstandard[] = {
103
102
  {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
104
- check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient",
105
- NULL},
103
+ check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient", NULL},
106
104
  {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
107
- check_purpose_ssl_server, (char *)"SSL server", (char *)"sslserver",
108
- NULL},
105
+ check_purpose_ssl_server, (char *)"SSL server", (char *)"sslserver", NULL},
109
106
  {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
110
107
  check_purpose_ns_ssl_server, (char *)"Netscape SSL server",
111
108
  (char *)"nssslserver", NULL},
@@ -125,805 +122,769 @@ static X509_PURPOSE xstandard[] = {
125
122
  (char *)"timestampsign", NULL},
126
123
  };
127
124
 
128
- #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
125
+ #define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(X509_PURPOSE))
129
126
 
130
127
  static STACK_OF(X509_PURPOSE) *xptable = NULL;
131
128
 
132
- static int xp_cmp(const X509_PURPOSE **a, const X509_PURPOSE **b)
133
- {
134
- return (*a)->purpose - (*b)->purpose;
129
+ static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) {
130
+ return (*a)->purpose - (*b)->purpose;
135
131
  }
136
132
 
137
- /*
138
- * As much as I'd like to make X509_check_purpose use a "const" X509* I
139
- * really can't because it does recalculate hashes and do other non-const
140
- * things.
141
- */
142
- int X509_check_purpose(X509 *x, int id, int ca)
143
- {
144
- int idx;
145
- const X509_PURPOSE *pt;
146
- if (!x509v3_cache_extensions(x)) {
147
- return -1;
148
- }
133
+ // As much as I'd like to make X509_check_purpose use a "const" X509* I
134
+ // really can't because it does recalculate hashes and do other non-const
135
+ // things.
136
+ int X509_check_purpose(X509 *x, int id, int ca) {
137
+ int idx;
138
+ const X509_PURPOSE *pt;
139
+ if (!x509v3_cache_extensions(x)) {
140
+ return -1;
141
+ }
149
142
 
150
- if (id == -1)
151
- return 1;
152
- idx = X509_PURPOSE_get_by_id(id);
153
- if (idx == -1)
154
- return -1;
155
- pt = X509_PURPOSE_get0(idx);
156
- return pt->check_purpose(pt, x, ca);
143
+ if (id == -1) {
144
+ return 1;
145
+ }
146
+ idx = X509_PURPOSE_get_by_id(id);
147
+ if (idx == -1) {
148
+ return -1;
149
+ }
150
+ pt = X509_PURPOSE_get0(idx);
151
+ return pt->check_purpose(pt, x, ca);
157
152
  }
158
153
 
159
- int X509_PURPOSE_set(int *p, int purpose)
160
- {
161
- if (X509_PURPOSE_get_by_id(purpose) == -1) {
162
- OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE);
163
- return 0;
164
- }
165
- *p = purpose;
166
- return 1;
154
+ int X509_PURPOSE_set(int *p, int purpose) {
155
+ if (X509_PURPOSE_get_by_id(purpose) == -1) {
156
+ OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_PURPOSE);
157
+ return 0;
158
+ }
159
+ *p = purpose;
160
+ return 1;
167
161
  }
168
162
 
169
- int X509_PURPOSE_get_count(void)
170
- {
171
- if (!xptable)
172
- return X509_PURPOSE_COUNT;
173
- return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
163
+ int X509_PURPOSE_get_count(void) {
164
+ if (!xptable) {
165
+ return X509_PURPOSE_COUNT;
166
+ }
167
+ return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
174
168
  }
175
169
 
176
- X509_PURPOSE *X509_PURPOSE_get0(int idx)
177
- {
178
- if (idx < 0)
179
- return NULL;
180
- if (idx < (int)X509_PURPOSE_COUNT)
181
- return xstandard + idx;
182
- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
170
+ X509_PURPOSE *X509_PURPOSE_get0(int idx) {
171
+ if (idx < 0) {
172
+ return NULL;
173
+ }
174
+ if (idx < (int)X509_PURPOSE_COUNT) {
175
+ return xstandard + idx;
176
+ }
177
+ return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
183
178
  }
184
179
 
185
- int X509_PURPOSE_get_by_sname(char *sname)
186
- {
187
- int i;
188
- X509_PURPOSE *xptmp;
189
- for (i = 0; i < X509_PURPOSE_get_count(); i++) {
190
- xptmp = X509_PURPOSE_get0(i);
191
- if (!strcmp(xptmp->sname, sname))
192
- return i;
180
+ int X509_PURPOSE_get_by_sname(char *sname) {
181
+ int i;
182
+ X509_PURPOSE *xptmp;
183
+ for (i = 0; i < X509_PURPOSE_get_count(); i++) {
184
+ xptmp = X509_PURPOSE_get0(i);
185
+ if (!strcmp(xptmp->sname, sname)) {
186
+ return i;
193
187
  }
194
- return -1;
188
+ }
189
+ return -1;
195
190
  }
196
191
 
197
- int X509_PURPOSE_get_by_id(int purpose)
198
- {
199
- X509_PURPOSE tmp;
200
- size_t idx;
192
+ int X509_PURPOSE_get_by_id(int purpose) {
193
+ X509_PURPOSE tmp;
194
+ size_t idx;
201
195
 
202
- if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
203
- return purpose - X509_PURPOSE_MIN;
204
- tmp.purpose = purpose;
205
- if (!xptable)
206
- return -1;
196
+ if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) {
197
+ return purpose - X509_PURPOSE_MIN;
198
+ }
199
+ tmp.purpose = purpose;
200
+ if (!xptable) {
201
+ return -1;
202
+ }
207
203
 
208
- sk_X509_PURPOSE_sort(xptable);
209
- if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp))
210
- return -1;
211
- return idx + X509_PURPOSE_COUNT;
204
+ if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp)) {
205
+ return -1;
206
+ }
207
+ return idx + X509_PURPOSE_COUNT;
212
208
  }
213
209
 
214
210
  int X509_PURPOSE_add(int id, int trust, int flags,
215
- int (*ck) (const X509_PURPOSE *, const X509 *, int),
216
- char *name, char *sname, void *arg)
217
- {
218
- int idx;
219
- X509_PURPOSE *ptmp;
220
- char *name_dup, *sname_dup;
221
-
222
- /*
223
- * This is set according to what we change: application can't set it
224
- */
225
- flags &= ~X509_PURPOSE_DYNAMIC;
226
- /* This will always be set for application modified trust entries */
227
- flags |= X509_PURPOSE_DYNAMIC_NAME;
228
- /* Get existing entry if any */
229
- idx = X509_PURPOSE_get_by_id(id);
230
- /* Need a new entry */
231
- if (idx == -1) {
232
- if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
233
- OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
234
- return 0;
235
- }
236
- ptmp->flags = X509_PURPOSE_DYNAMIC;
237
- } else
238
- ptmp = X509_PURPOSE_get0(idx);
239
-
240
- /* Duplicate the supplied names. */
241
- name_dup = OPENSSL_strdup(name);
242
- sname_dup = OPENSSL_strdup(sname);
243
- if (name_dup == NULL || sname_dup == NULL) {
244
- OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
245
- if (name_dup != NULL)
246
- OPENSSL_free(name_dup);
247
- if (sname_dup != NULL)
248
- OPENSSL_free(sname_dup);
249
- if (idx == -1)
250
- OPENSSL_free(ptmp);
251
- return 0;
211
+ int (*ck)(const X509_PURPOSE *, const X509 *, int),
212
+ char *name, char *sname, void *arg) {
213
+ int idx;
214
+ X509_PURPOSE *ptmp;
215
+ char *name_dup, *sname_dup;
216
+
217
+ // This is set according to what we change: application can't set it
218
+ flags &= ~X509_PURPOSE_DYNAMIC;
219
+ // This will always be set for application modified trust entries
220
+ flags |= X509_PURPOSE_DYNAMIC_NAME;
221
+ // Get existing entry if any
222
+ idx = X509_PURPOSE_get_by_id(id);
223
+ // Need a new entry
224
+ if (idx == -1) {
225
+ if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
226
+ return 0;
227
+ }
228
+ ptmp->flags = X509_PURPOSE_DYNAMIC;
229
+ } else {
230
+ ptmp = X509_PURPOSE_get0(idx);
231
+ }
232
+
233
+ // Duplicate the supplied names.
234
+ name_dup = OPENSSL_strdup(name);
235
+ sname_dup = OPENSSL_strdup(sname);
236
+ if (name_dup == NULL || sname_dup == NULL) {
237
+ if (name_dup != NULL) {
238
+ OPENSSL_free(name_dup);
239
+ }
240
+ if (sname_dup != NULL) {
241
+ OPENSSL_free(sname_dup);
252
242
  }
253
-
254
- /* OPENSSL_free existing name if dynamic */
255
- if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
256
- OPENSSL_free(ptmp->name);
257
- OPENSSL_free(ptmp->sname);
258
- }
259
- /* dup supplied name */
260
- ptmp->name = name_dup;
261
- ptmp->sname = sname_dup;
262
- /* Keep the dynamic flag of existing entry */
263
- ptmp->flags &= X509_PURPOSE_DYNAMIC;
264
- /* Set all other flags */
265
- ptmp->flags |= flags;
266
-
267
- ptmp->purpose = id;
268
- ptmp->trust = trust;
269
- ptmp->check_purpose = ck;
270
- ptmp->usr_data = arg;
271
-
272
- /* If its a new entry manage the dynamic table */
273
243
  if (idx == -1) {
274
- if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
275
- OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
276
- xptable_free(ptmp);
277
- return 0;
278
- }
279
- if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
280
- OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
281
- xptable_free(ptmp);
282
- return 0;
283
- }
244
+ OPENSSL_free(ptmp);
284
245
  }
285
- return 1;
246
+ return 0;
247
+ }
248
+
249
+ // OPENSSL_free existing name if dynamic
250
+ if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
251
+ OPENSSL_free(ptmp->name);
252
+ OPENSSL_free(ptmp->sname);
253
+ }
254
+ // dup supplied name
255
+ ptmp->name = name_dup;
256
+ ptmp->sname = sname_dup;
257
+ // Keep the dynamic flag of existing entry
258
+ ptmp->flags &= X509_PURPOSE_DYNAMIC;
259
+ // Set all other flags
260
+ ptmp->flags |= flags;
261
+
262
+ ptmp->purpose = id;
263
+ ptmp->trust = trust;
264
+ ptmp->check_purpose = ck;
265
+ ptmp->usr_data = arg;
266
+
267
+ // If its a new entry manage the dynamic table
268
+ if (idx == -1) {
269
+ // TODO(davidben): This should be locked. Alternatively, remove the dynamic
270
+ // registration mechanism entirely. The trouble is there no way to pass in
271
+ // the various parameters into an |X509_VERIFY_PARAM| directly. You can only
272
+ // register it in the global table and get an ID.
273
+ if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
274
+ xptable_free(ptmp);
275
+ return 0;
276
+ }
277
+ if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
278
+ xptable_free(ptmp);
279
+ return 0;
280
+ }
281
+ sk_X509_PURPOSE_sort(xptable);
282
+ }
283
+ return 1;
286
284
  }
287
285
 
288
- static void xptable_free(X509_PURPOSE *p)
289
- {
290
- if (!p)
291
- return;
292
- if (p->flags & X509_PURPOSE_DYNAMIC) {
293
- if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
294
- OPENSSL_free(p->name);
295
- OPENSSL_free(p->sname);
296
- }
297
- OPENSSL_free(p);
286
+ static void xptable_free(X509_PURPOSE *p) {
287
+ if (!p) {
288
+ return;
289
+ }
290
+ if (p->flags & X509_PURPOSE_DYNAMIC) {
291
+ if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
292
+ OPENSSL_free(p->name);
293
+ OPENSSL_free(p->sname);
298
294
  }
295
+ OPENSSL_free(p);
296
+ }
299
297
  }
300
298
 
301
- void X509_PURPOSE_cleanup(void)
302
- {
303
- unsigned int i;
304
- sk_X509_PURPOSE_pop_free(xptable, xptable_free);
305
- for (i = 0; i < X509_PURPOSE_COUNT; i++)
306
- xptable_free(xstandard + i);
307
- xptable = NULL;
299
+ void X509_PURPOSE_cleanup(void) {
300
+ unsigned int i;
301
+ sk_X509_PURPOSE_pop_free(xptable, xptable_free);
302
+ for (i = 0; i < X509_PURPOSE_COUNT; i++) {
303
+ xptable_free(xstandard + i);
304
+ }
305
+ xptable = NULL;
308
306
  }
309
307
 
310
- int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
311
- {
312
- return xp->purpose;
313
- }
308
+ int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; }
314
309
 
315
- char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
316
- {
317
- return xp->name;
318
- }
310
+ char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; }
319
311
 
320
- char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
321
- {
322
- return xp->sname;
323
- }
312
+ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; }
324
313
 
325
- int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
326
- {
327
- return xp->trust;
328
- }
314
+ int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; }
329
315
 
330
- static int nid_cmp(const void *void_a, const void *void_b)
331
- {
332
- const int *a = void_a, *b = void_b;
316
+ static int nid_cmp(const void *void_a, const void *void_b) {
317
+ const int *a = void_a, *b = void_b;
333
318
 
334
- return *a - *b;
319
+ return *a - *b;
335
320
  }
336
321
 
337
- int X509_supported_extension(X509_EXTENSION *ex)
338
- {
339
- /*
340
- * This table is a list of the NIDs of supported extensions: that is
341
- * those which are used by the verify process. If an extension is
342
- * critical and doesn't appear in this list then the verify process will
343
- * normally reject the certificate. The list must be kept in numerical
344
- * order because it will be searched using bsearch.
345
- */
346
-
347
- static const int supported_nids[] = {
348
- NID_netscape_cert_type, /* 71 */
349
- NID_key_usage, /* 83 */
350
- NID_subject_alt_name, /* 85 */
351
- NID_basic_constraints, /* 87 */
352
- NID_certificate_policies, /* 89 */
353
- NID_ext_key_usage, /* 126 */
354
- NID_policy_constraints, /* 401 */
355
- NID_proxyCertInfo, /* 663 */
356
- NID_name_constraints, /* 666 */
357
- NID_policy_mappings, /* 747 */
358
- NID_inhibit_any_policy /* 748 */
359
- };
322
+ int X509_supported_extension(const X509_EXTENSION *ex) {
323
+ // This table is a list of the NIDs of supported extensions: that is
324
+ // those which are used by the verify process. If an extension is
325
+ // critical and doesn't appear in this list then the verify process will
326
+ // normally reject the certificate. The list must be kept in numerical
327
+ // order because it will be searched using bsearch.
360
328
 
361
- int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
329
+ static const int supported_nids[] = {
330
+ NID_netscape_cert_type, // 71
331
+ NID_key_usage, // 83
332
+ NID_subject_alt_name, // 85
333
+ NID_basic_constraints, // 87
334
+ NID_certificate_policies, // 89
335
+ NID_ext_key_usage, // 126
336
+ NID_policy_constraints, // 401
337
+ NID_name_constraints, // 666
338
+ NID_policy_mappings, // 747
339
+ NID_inhibit_any_policy // 748
340
+ };
362
341
 
363
- if (ex_nid == NID_undef)
364
- return 0;
342
+ int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
365
343
 
366
- if (bsearch
367
- (&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
368
- sizeof(int), nid_cmp) != NULL)
369
- return 1;
344
+ if (ex_nid == NID_undef) {
370
345
  return 0;
371
- }
372
-
373
- static int setup_dp(X509 *x, DIST_POINT *dp)
374
- {
375
- X509_NAME *iname = NULL;
376
- size_t i;
377
- if (dp->reasons) {
378
- if (dp->reasons->length > 0)
379
- dp->dp_reasons = dp->reasons->data[0];
380
- if (dp->reasons->length > 1)
381
- dp->dp_reasons |= (dp->reasons->data[1] << 8);
382
- dp->dp_reasons &= CRLDP_ALL_REASONS;
383
- } else
384
- dp->dp_reasons = CRLDP_ALL_REASONS;
385
- if (!dp->distpoint || (dp->distpoint->type != 1))
386
- return 1;
387
- for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
388
- GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
389
- if (gen->type == GEN_DIRNAME) {
390
- iname = gen->d.directoryName;
391
- break;
392
- }
393
- }
394
- if (!iname)
395
- iname = X509_get_issuer_name(x);
346
+ }
396
347
 
397
- return DIST_POINT_set_dpname(dp->distpoint, iname);
348
+ if (bsearch(&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
349
+ sizeof(int), nid_cmp) != NULL) {
350
+ return 1;
351
+ }
352
+ return 0;
398
353
  }
399
354
 
400
- static int setup_crldp(X509 *x)
401
- {
402
- int j;
403
- x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL);
404
- if (x->crldp == NULL && j != -1) {
405
- return 0;
355
+ static int setup_dp(X509 *x, DIST_POINT *dp) {
356
+ X509_NAME *iname = NULL;
357
+ size_t i;
358
+ if (dp->reasons) {
359
+ if (dp->reasons->length > 0) {
360
+ dp->dp_reasons = dp->reasons->data[0];
406
361
  }
407
- for (size_t i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
408
- if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) {
409
- return 0;
410
- }
362
+ if (dp->reasons->length > 1) {
363
+ dp->dp_reasons |= (dp->reasons->data[1] << 8);
411
364
  }
365
+ dp->dp_reasons &= CRLDP_ALL_REASONS;
366
+ } else {
367
+ dp->dp_reasons = CRLDP_ALL_REASONS;
368
+ }
369
+ if (!dp->distpoint || (dp->distpoint->type != 1)) {
412
370
  return 1;
413
- }
414
-
415
- int x509v3_cache_extensions(X509 *x)
416
- {
417
- BASIC_CONSTRAINTS *bs;
418
- PROXY_CERT_INFO_EXTENSION *pci;
419
- ASN1_BIT_STRING *usage;
420
- ASN1_BIT_STRING *ns;
421
- EXTENDED_KEY_USAGE *extusage;
422
- X509_EXTENSION *ex;
423
- size_t i;
424
- int j;
425
-
426
- CRYPTO_MUTEX_lock_read(&x->lock);
427
- const int is_set = x->ex_flags & EXFLAG_SET;
428
- CRYPTO_MUTEX_unlock_read(&x->lock);
429
-
430
- if (is_set) {
431
- return (x->ex_flags & EXFLAG_INVALID) == 0;
371
+ }
372
+ for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
373
+ GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
374
+ if (gen->type == GEN_DIRNAME) {
375
+ iname = gen->d.directoryName;
376
+ break;
432
377
  }
378
+ }
379
+ if (!iname) {
380
+ iname = X509_get_issuer_name(x);
381
+ }
433
382
 
434
- CRYPTO_MUTEX_lock_write(&x->lock);
435
- if (x->ex_flags & EXFLAG_SET) {
436
- CRYPTO_MUTEX_unlock_write(&x->lock);
437
- return (x->ex_flags & EXFLAG_INVALID) == 0;
438
- }
383
+ return DIST_POINT_set_dpname(dp->distpoint, iname);
384
+ }
439
385
 
440
- if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
441
- x->ex_flags |= EXFLAG_INVALID;
442
- /* V1 should mean no extensions ... */
443
- if (X509_get_version(x) == X509_VERSION_1)
444
- x->ex_flags |= EXFLAG_V1;
445
- /* Handle basic constraints */
446
- if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
447
- if (bs->ca)
448
- x->ex_flags |= EXFLAG_CA;
449
- if (bs->pathlen) {
450
- if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
451
- || !bs->ca) {
452
- x->ex_flags |= EXFLAG_INVALID;
453
- x->ex_pathlen = 0;
454
- } else {
455
- /* TODO(davidben): |ASN1_INTEGER_get| returns -1 on overflow,
456
- * which currently acts as if the constraint isn't present. This
457
- * works (an overflowing path length constraint may as well be
458
- * infinity), but Chromium's verifier simply treats values above
459
- * 255 as an error. */
460
- x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
461
- }
462
- } else
463
- x->ex_pathlen = -1;
464
- BASIC_CONSTRAINTS_free(bs);
465
- x->ex_flags |= EXFLAG_BCONS;
466
- } else if (j != -1) {
467
- x->ex_flags |= EXFLAG_INVALID;
468
- }
469
- /* Handle proxy certificates */
470
- if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &j, NULL))) {
471
- if (x->ex_flags & EXFLAG_CA
472
- || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
473
- || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
474
- x->ex_flags |= EXFLAG_INVALID;
475
- }
476
- if (pci->pcPathLengthConstraint) {
477
- x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
478
- } else
479
- x->ex_pcpathlen = -1;
480
- PROXY_CERT_INFO_EXTENSION_free(pci);
481
- x->ex_flags |= EXFLAG_PROXY;
482
- } else if (j != -1) {
483
- x->ex_flags |= EXFLAG_INVALID;
484
- }
485
- /* Handle key usage */
486
- if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
487
- if (usage->length > 0) {
488
- x->ex_kusage = usage->data[0];
489
- if (usage->length > 1)
490
- x->ex_kusage |= usage->data[1] << 8;
491
- } else
492
- x->ex_kusage = 0;
493
- x->ex_flags |= EXFLAG_KUSAGE;
494
- ASN1_BIT_STRING_free(usage);
495
- } else if (j != -1) {
496
- x->ex_flags |= EXFLAG_INVALID;
497
- }
498
- x->ex_xkusage = 0;
499
- if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) {
500
- x->ex_flags |= EXFLAG_XKUSAGE;
501
- for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
502
- switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
503
- case NID_server_auth:
504
- x->ex_xkusage |= XKU_SSL_SERVER;
505
- break;
506
-
507
- case NID_client_auth:
508
- x->ex_xkusage |= XKU_SSL_CLIENT;
509
- break;
510
-
511
- case NID_email_protect:
512
- x->ex_xkusage |= XKU_SMIME;
513
- break;
514
-
515
- case NID_code_sign:
516
- x->ex_xkusage |= XKU_CODE_SIGN;
517
- break;
518
-
519
- case NID_ms_sgc:
520
- case NID_ns_sgc:
521
- x->ex_xkusage |= XKU_SGC;
522
- break;
523
-
524
- case NID_OCSP_sign:
525
- x->ex_xkusage |= XKU_OCSP_SIGN;
526
- break;
527
-
528
- case NID_time_stamp:
529
- x->ex_xkusage |= XKU_TIMESTAMP;
530
- break;
531
-
532
- case NID_dvcs:
533
- x->ex_xkusage |= XKU_DVCS;
534
- break;
535
-
536
- case NID_anyExtendedKeyUsage:
537
- x->ex_xkusage |= XKU_ANYEKU;
538
- break;
539
- }
540
- }
541
- sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
542
- } else if (j != -1) {
543
- x->ex_flags |= EXFLAG_INVALID;
386
+ static int setup_crldp(X509 *x) {
387
+ int j;
388
+ x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &j, NULL);
389
+ if (x->crldp == NULL && j != -1) {
390
+ return 0;
391
+ }
392
+ for (size_t i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
393
+ if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i))) {
394
+ return 0;
544
395
  }
396
+ }
397
+ return 1;
398
+ }
545
399
 
546
- if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
547
- if (ns->length > 0)
548
- x->ex_nscert = ns->data[0];
549
- else
550
- x->ex_nscert = 0;
551
- x->ex_flags |= EXFLAG_NSCERT;
552
- ASN1_BIT_STRING_free(ns);
553
- } else if (j != -1) {
554
- x->ex_flags |= EXFLAG_INVALID;
555
- }
556
- x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
557
- if (x->skid == NULL && j != -1) {
558
- x->ex_flags |= EXFLAG_INVALID;
559
- }
560
- x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL);
561
- if (x->akid == NULL && j != -1) {
562
- x->ex_flags |= EXFLAG_INVALID;
563
- }
564
- /* Does subject name match issuer ? */
565
- if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
566
- x->ex_flags |= EXFLAG_SI;
567
- /* If SKID matches AKID also indicate self signed */
568
- if (X509_check_akid(x, x->akid) == X509_V_OK &&
569
- !ku_reject(x, KU_KEY_CERT_SIGN))
570
- x->ex_flags |= EXFLAG_SS;
571
- }
572
- x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
573
- if (x->altname == NULL && j != -1) {
574
- x->ex_flags |= EXFLAG_INVALID;
575
- }
576
- x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
577
- if (x->nc == NULL && j != -1) {
578
- x->ex_flags |= EXFLAG_INVALID;
579
- }
580
- if (!setup_crldp(x)) {
581
- x->ex_flags |= EXFLAG_INVALID;
582
- }
400
+ int x509v3_cache_extensions(X509 *x) {
401
+ BASIC_CONSTRAINTS *bs;
402
+ ASN1_BIT_STRING *usage;
403
+ ASN1_BIT_STRING *ns;
404
+ EXTENDED_KEY_USAGE *extusage;
405
+ size_t i;
406
+ int j;
583
407
 
584
- for (j = 0; j < X509_get_ext_count(x); j++) {
585
- ex = X509_get_ext(x, j);
586
- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
587
- == NID_freshest_crl)
588
- x->ex_flags |= EXFLAG_FRESHEST;
589
- if (!X509_EXTENSION_get_critical(ex))
590
- continue;
591
- if (!X509_supported_extension(ex)) {
592
- x->ex_flags |= EXFLAG_CRITICAL;
593
- break;
594
- }
595
- }
596
- x->ex_flags |= EXFLAG_SET;
408
+ CRYPTO_MUTEX_lock_read(&x->lock);
409
+ const int is_set = x->ex_flags & EXFLAG_SET;
410
+ CRYPTO_MUTEX_unlock_read(&x->lock);
597
411
 
598
- CRYPTO_MUTEX_unlock_write(&x->lock);
412
+ if (is_set) {
599
413
  return (x->ex_flags & EXFLAG_INVALID) == 0;
600
- }
414
+ }
601
415
 
602
- /* check_ca returns one if |x| should be considered a CA certificate and zero
603
- * otherwise. */
604
- static int check_ca(const X509 *x)
605
- {
606
- /* keyUsage if present should allow cert signing */
607
- if (ku_reject(x, KU_KEY_CERT_SIGN))
608
- return 0;
609
- /* Version 1 certificates are considered CAs and don't have extensions. */
610
- if ((x->ex_flags & V1_ROOT) == V1_ROOT) {
611
- return 1;
612
- }
613
- /* Otherwise, it's only a CA if basicConstraints says so. */
614
- return ((x->ex_flags & EXFLAG_BCONS) &&
615
- (x->ex_flags & EXFLAG_CA));
416
+ CRYPTO_MUTEX_lock_write(&x->lock);
417
+ if (x->ex_flags & EXFLAG_SET) {
418
+ CRYPTO_MUTEX_unlock_write(&x->lock);
419
+ return (x->ex_flags & EXFLAG_INVALID) == 0;
420
+ }
421
+
422
+ if (!X509_digest(x, EVP_sha256(), x->cert_hash, NULL)) {
423
+ x->ex_flags |= EXFLAG_INVALID;
424
+ }
425
+ // V1 should mean no extensions ...
426
+ if (X509_get_version(x) == X509_VERSION_1) {
427
+ x->ex_flags |= EXFLAG_V1;
428
+ }
429
+ // Handle basic constraints
430
+ if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &j, NULL))) {
431
+ if (bs->ca) {
432
+ x->ex_flags |= EXFLAG_CA;
433
+ }
434
+ if (bs->pathlen) {
435
+ if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) || !bs->ca) {
436
+ x->ex_flags |= EXFLAG_INVALID;
437
+ x->ex_pathlen = 0;
438
+ } else {
439
+ // TODO(davidben): |ASN1_INTEGER_get| returns -1 on overflow,
440
+ // which currently acts as if the constraint isn't present. This
441
+ // works (an overflowing path length constraint may as well be
442
+ // infinity), but Chromium's verifier simply treats values above
443
+ // 255 as an error.
444
+ x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
445
+ }
446
+ } else {
447
+ x->ex_pathlen = -1;
448
+ }
449
+ BASIC_CONSTRAINTS_free(bs);
450
+ x->ex_flags |= EXFLAG_BCONS;
451
+ } else if (j != -1) {
452
+ x->ex_flags |= EXFLAG_INVALID;
453
+ }
454
+ // Handle key usage
455
+ if ((usage = X509_get_ext_d2i(x, NID_key_usage, &j, NULL))) {
456
+ if (usage->length > 0) {
457
+ x->ex_kusage = usage->data[0];
458
+ if (usage->length > 1) {
459
+ x->ex_kusage |= usage->data[1] << 8;
460
+ }
461
+ } else {
462
+ x->ex_kusage = 0;
463
+ }
464
+ x->ex_flags |= EXFLAG_KUSAGE;
465
+ ASN1_BIT_STRING_free(usage);
466
+ } else if (j != -1) {
467
+ x->ex_flags |= EXFLAG_INVALID;
468
+ }
469
+ x->ex_xkusage = 0;
470
+ if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &j, NULL))) {
471
+ x->ex_flags |= EXFLAG_XKUSAGE;
472
+ for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
473
+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
474
+ case NID_server_auth:
475
+ x->ex_xkusage |= XKU_SSL_SERVER;
476
+ break;
477
+
478
+ case NID_client_auth:
479
+ x->ex_xkusage |= XKU_SSL_CLIENT;
480
+ break;
481
+
482
+ case NID_email_protect:
483
+ x->ex_xkusage |= XKU_SMIME;
484
+ break;
485
+
486
+ case NID_code_sign:
487
+ x->ex_xkusage |= XKU_CODE_SIGN;
488
+ break;
489
+
490
+ case NID_ms_sgc:
491
+ case NID_ns_sgc:
492
+ x->ex_xkusage |= XKU_SGC;
493
+ break;
494
+
495
+ case NID_OCSP_sign:
496
+ x->ex_xkusage |= XKU_OCSP_SIGN;
497
+ break;
498
+
499
+ case NID_time_stamp:
500
+ x->ex_xkusage |= XKU_TIMESTAMP;
501
+ break;
502
+
503
+ case NID_dvcs:
504
+ x->ex_xkusage |= XKU_DVCS;
505
+ break;
506
+
507
+ case NID_anyExtendedKeyUsage:
508
+ x->ex_xkusage |= XKU_ANYEKU;
509
+ break;
510
+ }
511
+ }
512
+ sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
513
+ } else if (j != -1) {
514
+ x->ex_flags |= EXFLAG_INVALID;
515
+ }
516
+
517
+ if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
518
+ if (ns->length > 0) {
519
+ x->ex_nscert = ns->data[0];
520
+ } else {
521
+ x->ex_nscert = 0;
522
+ }
523
+ x->ex_flags |= EXFLAG_NSCERT;
524
+ ASN1_BIT_STRING_free(ns);
525
+ } else if (j != -1) {
526
+ x->ex_flags |= EXFLAG_INVALID;
527
+ }
528
+ x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
529
+ if (x->skid == NULL && j != -1) {
530
+ x->ex_flags |= EXFLAG_INVALID;
531
+ }
532
+ x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &j, NULL);
533
+ if (x->akid == NULL && j != -1) {
534
+ x->ex_flags |= EXFLAG_INVALID;
535
+ }
536
+ // Does subject name match issuer ?
537
+ if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
538
+ x->ex_flags |= EXFLAG_SI;
539
+ // If SKID matches AKID also indicate self signed
540
+ if (X509_check_akid(x, x->akid) == X509_V_OK &&
541
+ !ku_reject(x, KU_KEY_CERT_SIGN)) {
542
+ x->ex_flags |= EXFLAG_SS;
543
+ }
544
+ }
545
+ x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &j, NULL);
546
+ if (x->altname == NULL && j != -1) {
547
+ x->ex_flags |= EXFLAG_INVALID;
548
+ }
549
+ x->nc = X509_get_ext_d2i(x, NID_name_constraints, &j, NULL);
550
+ if (x->nc == NULL && j != -1) {
551
+ x->ex_flags |= EXFLAG_INVALID;
552
+ }
553
+ if (!setup_crldp(x)) {
554
+ x->ex_flags |= EXFLAG_INVALID;
555
+ }
556
+
557
+ for (j = 0; j < X509_get_ext_count(x); j++) {
558
+ const X509_EXTENSION *ex = X509_get_ext(x, j);
559
+ if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) {
560
+ x->ex_flags |= EXFLAG_FRESHEST;
561
+ }
562
+ if (!X509_EXTENSION_get_critical(ex)) {
563
+ continue;
564
+ }
565
+ if (!X509_supported_extension(ex)) {
566
+ x->ex_flags |= EXFLAG_CRITICAL;
567
+ break;
568
+ }
569
+ }
570
+ x->ex_flags |= EXFLAG_SET;
571
+
572
+ CRYPTO_MUTEX_unlock_write(&x->lock);
573
+ return (x->ex_flags & EXFLAG_INVALID) == 0;
574
+ }
575
+
576
+ // check_ca returns one if |x| should be considered a CA certificate and zero
577
+ // otherwise.
578
+ static int check_ca(const X509 *x) {
579
+ // keyUsage if present should allow cert signing
580
+ if (ku_reject(x, KU_KEY_CERT_SIGN)) {
581
+ return 0;
582
+ }
583
+ // Version 1 certificates are considered CAs and don't have extensions.
584
+ if ((x->ex_flags & V1_ROOT) == V1_ROOT) {
585
+ return 1;
586
+ }
587
+ // Otherwise, it's only a CA if basicConstraints says so.
588
+ return ((x->ex_flags & EXFLAG_BCONS) && (x->ex_flags & EXFLAG_CA));
616
589
  }
617
590
 
618
- int X509_check_ca(X509 *x)
619
- {
620
- if (!x509v3_cache_extensions(x)) {
621
- return 0;
622
- }
623
- return check_ca(x);
591
+ int X509_check_ca(X509 *x) {
592
+ if (!x509v3_cache_extensions(x)) {
593
+ return 0;
594
+ }
595
+ return check_ca(x);
624
596
  }
625
597
 
626
598
  static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
627
- int ca)
628
- {
629
- if (xku_reject(x, XKU_SSL_CLIENT))
630
- return 0;
631
- if (ca)
632
- return check_ca(x);
633
- /* We need to do digital signatures or key agreement */
634
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
635
- return 0;
636
- /* nsCertType if present should allow SSL client use */
637
- if (ns_reject(x, NS_SSL_CLIENT))
638
- return 0;
639
- return 1;
599
+ int ca) {
600
+ if (xku_reject(x, XKU_SSL_CLIENT)) {
601
+ return 0;
602
+ }
603
+ if (ca) {
604
+ return check_ca(x);
605
+ }
606
+ // We need to do digital signatures or key agreement
607
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) {
608
+ return 0;
609
+ }
610
+ // nsCertType if present should allow SSL client use
611
+ if (ns_reject(x, NS_SSL_CLIENT)) {
612
+ return 0;
613
+ }
614
+ return 1;
640
615
  }
641
616
 
642
- /*
643
- * Key usage needed for TLS/SSL server: digital signature, encipherment or
644
- * key agreement. The ssl code can check this more thoroughly for individual
645
- * key types.
646
- */
647
- #define KU_TLS \
648
- (KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT)
617
+ // Key usage needed for TLS/SSL server: digital signature, encipherment or
618
+ // key agreement. The ssl code can check this more thoroughly for individual
619
+ // key types.
620
+ #define KU_TLS (KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT | KU_KEY_AGREEMENT)
649
621
 
650
622
  static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
651
- int ca)
652
- {
653
- if (xku_reject(x, XKU_SSL_SERVER))
654
- return 0;
655
- if (ca)
656
- return check_ca(x);
657
-
658
- if (ns_reject(x, NS_SSL_SERVER))
659
- return 0;
660
- if (ku_reject(x, KU_TLS))
661
- return 0;
623
+ int ca) {
624
+ if (xku_reject(x, XKU_SSL_SERVER)) {
625
+ return 0;
626
+ }
627
+ if (ca) {
628
+ return check_ca(x);
629
+ }
662
630
 
663
- return 1;
631
+ if (ns_reject(x, NS_SSL_SERVER)) {
632
+ return 0;
633
+ }
634
+ if (ku_reject(x, KU_TLS)) {
635
+ return 0;
636
+ }
664
637
 
638
+ return 1;
665
639
  }
666
640
 
667
641
  static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
668
- int ca)
669
- {
670
- int ret;
671
- ret = check_purpose_ssl_server(xp, x, ca);
672
- if (!ret || ca)
673
- return ret;
674
- /* We need to encipher or Netscape complains */
675
- if (ku_reject(x, KU_KEY_ENCIPHERMENT))
676
- return 0;
642
+ int ca) {
643
+ int ret;
644
+ ret = check_purpose_ssl_server(xp, x, ca);
645
+ if (!ret || ca) {
677
646
  return ret;
647
+ }
648
+ // We need to encipher or Netscape complains
649
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
650
+ return 0;
651
+ }
652
+ return ret;
678
653
  }
679
654
 
680
- /* purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
681
- * (|ca| is one) certificate, and zero otherwise. */
682
- static int purpose_smime(const X509 *x, int ca)
683
- {
684
- if (xku_reject(x, XKU_SMIME))
685
- return 0;
686
- if (ca) {
687
- /* check nsCertType if present */
688
- if ((x->ex_flags & EXFLAG_NSCERT) &&
689
- (x->ex_nscert & NS_SMIME_CA) == 0) {
690
- return 0;
691
- }
692
-
693
- return check_ca(x);
694
- }
695
- if (x->ex_flags & EXFLAG_NSCERT) {
696
- return (x->ex_nscert & NS_SMIME) == NS_SMIME;
655
+ // purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
656
+ // (|ca| is one) certificate, and zero otherwise.
657
+ static int purpose_smime(const X509 *x, int ca) {
658
+ if (xku_reject(x, XKU_SMIME)) {
659
+ return 0;
660
+ }
661
+ if (ca) {
662
+ // check nsCertType if present
663
+ if ((x->ex_flags & EXFLAG_NSCERT) && (x->ex_nscert & NS_SMIME_CA) == 0) {
664
+ return 0;
697
665
  }
698
- return 1;
666
+
667
+ return check_ca(x);
668
+ }
669
+ if (x->ex_flags & EXFLAG_NSCERT) {
670
+ return (x->ex_nscert & NS_SMIME) == NS_SMIME;
671
+ }
672
+ return 1;
699
673
  }
700
674
 
701
675
  static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
702
- int ca)
703
- {
704
- int ret;
705
- ret = purpose_smime(x, ca);
706
- if (!ret || ca)
707
- return ret;
708
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
709
- return 0;
676
+ int ca) {
677
+ int ret;
678
+ ret = purpose_smime(x, ca);
679
+ if (!ret || ca) {
710
680
  return ret;
681
+ }
682
+ if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) {
683
+ return 0;
684
+ }
685
+ return ret;
711
686
  }
712
687
 
713
688
  static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
714
- int ca)
715
- {
716
- int ret;
717
- ret = purpose_smime(x, ca);
718
- if (!ret || ca)
719
- return ret;
720
- if (ku_reject(x, KU_KEY_ENCIPHERMENT))
721
- return 0;
689
+ int ca) {
690
+ int ret;
691
+ ret = purpose_smime(x, ca);
692
+ if (!ret || ca) {
722
693
  return ret;
694
+ }
695
+ if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
696
+ return 0;
697
+ }
698
+ return ret;
723
699
  }
724
700
 
725
701
  static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
726
- int ca)
727
- {
728
- if (ca) {
729
- return check_ca(x);
730
- }
731
- if (ku_reject(x, KU_CRL_SIGN))
732
- return 0;
733
- return 1;
702
+ int ca) {
703
+ if (ca) {
704
+ return check_ca(x);
705
+ }
706
+ if (ku_reject(x, KU_CRL_SIGN)) {
707
+ return 0;
708
+ }
709
+ return 1;
734
710
  }
735
711
 
736
- /*
737
- * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
738
- * is valid. Additional checks must be made on the chain.
739
- */
712
+ // OCSP helper: this is *not* a full OCSP check. It just checks that each CA
713
+ // is valid. Additional checks must be made on the chain.
740
714
 
741
- static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
742
- {
743
- if (ca)
744
- return check_ca(x);
745
- /* leaf certificate is checked in OCSP_verify() */
746
- return 1;
715
+ static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) {
716
+ if (ca) {
717
+ return check_ca(x);
718
+ }
719
+ // leaf certificate is checked in OCSP_verify()
720
+ return 1;
747
721
  }
748
722
 
749
723
  static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
750
- int ca)
751
- {
752
- int i_ext;
753
-
754
- /* If ca is true we must return if this is a valid CA certificate. */
755
- if (ca)
756
- return check_ca(x);
757
-
758
- /*
759
- * Check the optional key usage field:
760
- * if Key Usage is present, it must be one of digitalSignature
761
- * and/or nonRepudiation (other values are not consistent and shall
762
- * be rejected).
763
- */
764
- if ((x->ex_flags & EXFLAG_KUSAGE)
765
- && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
766
- !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
767
- return 0;
768
-
769
- /* Only time stamp key usage is permitted and it's required. */
770
- if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
771
- return 0;
772
-
773
- /* Extended Key Usage MUST be critical */
774
- i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
775
- if (i_ext >= 0) {
776
- X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
777
- if (!X509_EXTENSION_get_critical(ext))
778
- return 0;
724
+ int ca) {
725
+ int i_ext;
726
+
727
+ // If ca is true we must return if this is a valid CA certificate.
728
+ if (ca) {
729
+ return check_ca(x);
730
+ }
731
+
732
+ // Check the optional key usage field:
733
+ // if Key Usage is present, it must be one of digitalSignature
734
+ // and/or nonRepudiation (other values are not consistent and shall
735
+ // be rejected).
736
+ if ((x->ex_flags & EXFLAG_KUSAGE) &&
737
+ ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
738
+ !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) {
739
+ return 0;
740
+ }
741
+
742
+ // Only time stamp key usage is permitted and it's required.
743
+ if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) {
744
+ return 0;
745
+ }
746
+
747
+ // Extended Key Usage MUST be critical
748
+ i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
749
+ if (i_ext >= 0) {
750
+ const X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
751
+ if (!X509_EXTENSION_get_critical(ext)) {
752
+ return 0;
779
753
  }
754
+ }
780
755
 
781
- return 1;
756
+ return 1;
782
757
  }
783
758
 
784
- static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
785
- {
786
- return 1;
787
- }
759
+ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; }
788
760
 
789
- /*
790
- * Various checks to see if one certificate issued the second. This can be
791
- * used to prune a set of possible issuer certificates which have been looked
792
- * up using some simple method such as by subject name. These are: 1. Check
793
- * issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
794
- * check it matches issuer 3. If key_usage(issuer) exists check it supports
795
- * certificate signing returns 0 for OK, positive for reason for mismatch,
796
- * reasons match codes for X509_verify_cert()
797
- */
761
+ // Various checks to see if one certificate issued the second. This can be
762
+ // used to prune a set of possible issuer certificates which have been looked
763
+ // up using some simple method such as by subject name. These are: 1. Check
764
+ // issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
765
+ // check it matches issuer 3. If key_usage(issuer) exists check it supports
766
+ // certificate signing returns 0 for OK, positive for reason for mismatch,
767
+ // reasons match codes for X509_verify_cert()
798
768
 
799
- int X509_check_issued(X509 *issuer, X509 *subject)
800
- {
801
- if (X509_NAME_cmp(X509_get_subject_name(issuer),
802
- X509_get_issuer_name(subject)))
803
- return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
804
- if (!x509v3_cache_extensions(issuer) ||
805
- !x509v3_cache_extensions(subject)) {
806
- return X509_V_ERR_UNSPECIFIED;
807
- }
769
+ int X509_check_issued(X509 *issuer, X509 *subject) {
770
+ if (X509_NAME_cmp(X509_get_subject_name(issuer),
771
+ X509_get_issuer_name(subject))) {
772
+ return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
773
+ }
774
+ if (!x509v3_cache_extensions(issuer) || !x509v3_cache_extensions(subject)) {
775
+ return X509_V_ERR_UNSPECIFIED;
776
+ }
808
777
 
809
- if (subject->akid) {
810
- int ret = X509_check_akid(issuer, subject->akid);
811
- if (ret != X509_V_OK)
812
- return ret;
778
+ if (subject->akid) {
779
+ int ret = X509_check_akid(issuer, subject->akid);
780
+ if (ret != X509_V_OK) {
781
+ return ret;
813
782
  }
783
+ }
814
784
 
815
- if (subject->ex_flags & EXFLAG_PROXY) {
816
- if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
817
- return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
818
- } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
819
- return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
820
- return X509_V_OK;
785
+ if (ku_reject(issuer, KU_KEY_CERT_SIGN)) {
786
+ return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
787
+ }
788
+ return X509_V_OK;
821
789
  }
822
790
 
823
- int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
824
- {
825
-
826
- if (!akid)
827
- return X509_V_OK;
828
-
829
- /* Check key ids (if present) */
830
- if (akid->keyid && issuer->skid &&
831
- ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
832
- return X509_V_ERR_AKID_SKID_MISMATCH;
833
- /* Check serial number */
834
- if (akid->serial &&
835
- ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
836
- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
837
- /* Check issuer name */
838
- if (akid->issuer) {
839
- /*
840
- * Ugh, for some peculiar reason AKID includes SEQUENCE OF
841
- * GeneralName. So look for a DirName. There may be more than one but
842
- * we only take any notice of the first.
843
- */
844
- GENERAL_NAMES *gens;
845
- GENERAL_NAME *gen;
846
- X509_NAME *nm = NULL;
847
- size_t i;
848
- gens = akid->issuer;
849
- for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
850
- gen = sk_GENERAL_NAME_value(gens, i);
851
- if (gen->type == GEN_DIRNAME) {
852
- nm = gen->d.dirn;
853
- break;
854
- }
855
- }
856
- if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
857
- return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
858
- }
791
+ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) {
792
+ if (!akid) {
859
793
  return X509_V_OK;
794
+ }
795
+
796
+ // Check key ids (if present)
797
+ if (akid->keyid && issuer->skid &&
798
+ ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid)) {
799
+ return X509_V_ERR_AKID_SKID_MISMATCH;
800
+ }
801
+ // Check serial number
802
+ if (akid->serial &&
803
+ ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) {
804
+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
805
+ }
806
+ // Check issuer name
807
+ if (akid->issuer) {
808
+ // Ugh, for some peculiar reason AKID includes SEQUENCE OF
809
+ // GeneralName. So look for a DirName. There may be more than one but
810
+ // we only take any notice of the first.
811
+ GENERAL_NAMES *gens;
812
+ GENERAL_NAME *gen;
813
+ X509_NAME *nm = NULL;
814
+ size_t i;
815
+ gens = akid->issuer;
816
+ for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
817
+ gen = sk_GENERAL_NAME_value(gens, i);
818
+ if (gen->type == GEN_DIRNAME) {
819
+ nm = gen->d.dirn;
820
+ break;
821
+ }
822
+ }
823
+ if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) {
824
+ return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
825
+ }
826
+ }
827
+ return X509_V_OK;
860
828
  }
861
829
 
862
- uint32_t X509_get_extension_flags(X509 *x)
863
- {
864
- /* Ignore the return value. On failure, |x->ex_flags| will include
865
- * |EXFLAG_INVALID|. */
866
- x509v3_cache_extensions(x);
867
- return x->ex_flags;
830
+ uint32_t X509_get_extension_flags(X509 *x) {
831
+ // Ignore the return value. On failure, |x->ex_flags| will include
832
+ // |EXFLAG_INVALID|.
833
+ x509v3_cache_extensions(x);
834
+ return x->ex_flags;
868
835
  }
869
836
 
870
- uint32_t X509_get_key_usage(X509 *x)
871
- {
872
- if (!x509v3_cache_extensions(x)) {
873
- return 0;
874
- }
875
- if (x->ex_flags & EXFLAG_KUSAGE)
876
- return x->ex_kusage;
877
- return UINT32_MAX;
837
+ uint32_t X509_get_key_usage(X509 *x) {
838
+ if (!x509v3_cache_extensions(x)) {
839
+ return 0;
840
+ }
841
+ if (x->ex_flags & EXFLAG_KUSAGE) {
842
+ return x->ex_kusage;
843
+ }
844
+ return UINT32_MAX;
878
845
  }
879
846
 
880
- uint32_t X509_get_extended_key_usage(X509 *x)
881
- {
882
- if (!x509v3_cache_extensions(x)) {
883
- return 0;
884
- }
885
- if (x->ex_flags & EXFLAG_XKUSAGE)
886
- return x->ex_xkusage;
887
- return UINT32_MAX;
847
+ uint32_t X509_get_extended_key_usage(X509 *x) {
848
+ if (!x509v3_cache_extensions(x)) {
849
+ return 0;
850
+ }
851
+ if (x->ex_flags & EXFLAG_XKUSAGE) {
852
+ return x->ex_xkusage;
853
+ }
854
+ return UINT32_MAX;
888
855
  }
889
856
 
890
- const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509)
891
- {
892
- if (!x509v3_cache_extensions(x509)) {
893
- return NULL;
894
- }
895
- return x509->skid;
857
+ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509) {
858
+ if (!x509v3_cache_extensions(x509)) {
859
+ return NULL;
860
+ }
861
+ return x509->skid;
896
862
  }
897
863
 
898
- const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509)
899
- {
900
- if (!x509v3_cache_extensions(x509)) {
901
- return NULL;
902
- }
903
- return x509->akid != NULL ? x509->akid->keyid : NULL;
864
+ const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509) {
865
+ if (!x509v3_cache_extensions(x509)) {
866
+ return NULL;
867
+ }
868
+ return x509->akid != NULL ? x509->akid->keyid : NULL;
904
869
  }
905
870
 
906
- const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509)
907
- {
908
- if (!x509v3_cache_extensions(x509)) {
909
- return NULL;
910
- }
911
- return x509->akid != NULL ? x509->akid->issuer : NULL;
871
+ const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509) {
872
+ if (!x509v3_cache_extensions(x509)) {
873
+ return NULL;
874
+ }
875
+ return x509->akid != NULL ? x509->akid->issuer : NULL;
912
876
  }
913
877
 
914
- const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509)
915
- {
916
- if (!x509v3_cache_extensions(x509)) {
917
- return NULL;
918
- }
919
- return x509->akid != NULL ? x509->akid->serial : NULL;
878
+ const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509) {
879
+ if (!x509v3_cache_extensions(x509)) {
880
+ return NULL;
881
+ }
882
+ return x509->akid != NULL ? x509->akid->serial : NULL;
920
883
  }
921
884
 
922
- long X509_get_pathlen(X509 *x509)
923
- {
924
- if (!x509v3_cache_extensions(x509) ||
925
- (x509->ex_flags & EXFLAG_BCONS) == 0) {
926
- return -1;
927
- }
928
- return x509->ex_pathlen;
885
+ long X509_get_pathlen(X509 *x509) {
886
+ if (!x509v3_cache_extensions(x509) || (x509->ex_flags & EXFLAG_BCONS) == 0) {
887
+ return -1;
888
+ }
889
+ return x509->ex_pathlen;
929
890
  }