grpc 1.59.2 → 1.62.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (2709) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +1065 -955
  3. data/include/grpc/event_engine/event_engine.h +25 -16
  4. data/include/grpc/event_engine/extensible.h +68 -0
  5. data/include/grpc/event_engine/internal/memory_allocator_impl.h +6 -0
  6. data/include/grpc/event_engine/internal/slice_cast.h +12 -0
  7. data/include/grpc/event_engine/memory_allocator.h +3 -1
  8. data/include/grpc/event_engine/slice.h +5 -0
  9. data/include/grpc/grpc_crl_provider.h +94 -0
  10. data/include/grpc/grpc_security.h +38 -1
  11. data/include/grpc/impl/call.h +29 -0
  12. data/include/grpc/impl/channel_arg_names.h +26 -1
  13. data/include/grpc/impl/slice_type.h +1 -1
  14. data/include/grpc/module.modulemap +2 -0
  15. data/include/grpc/support/port_platform.h +12 -20
  16. data/src/core/client_channel/backend_metric.cc +95 -0
  17. data/src/core/client_channel/backend_metric.h +47 -0
  18. data/src/core/client_channel/backup_poller.cc +178 -0
  19. data/src/core/client_channel/backup_poller.h +37 -0
  20. data/src/core/client_channel/channel_connectivity.cc +265 -0
  21. data/src/core/client_channel/client_channel_channelz.cc +93 -0
  22. data/src/core/client_channel/client_channel_channelz.h +85 -0
  23. data/src/core/client_channel/client_channel_factory.cc +32 -0
  24. data/src/core/client_channel/client_channel_factory.h +46 -0
  25. data/src/core/client_channel/client_channel_filter.cc +3654 -0
  26. data/src/core/client_channel/client_channel_filter.h +636 -0
  27. data/src/core/client_channel/client_channel_internal.h +79 -0
  28. data/src/core/client_channel/client_channel_plugin.cc +55 -0
  29. data/src/core/client_channel/client_channel_service_config.cc +153 -0
  30. data/src/core/client_channel/client_channel_service_config.h +111 -0
  31. data/src/core/client_channel/config_selector.cc +60 -0
  32. data/src/core/client_channel/config_selector.h +125 -0
  33. data/src/core/client_channel/connector.h +87 -0
  34. data/src/core/client_channel/dynamic_filters.cc +174 -0
  35. data/src/core/client_channel/dynamic_filters.h +110 -0
  36. data/src/core/client_channel/global_subchannel_pool.cc +65 -0
  37. data/src/core/client_channel/global_subchannel_pool.h +63 -0
  38. data/src/core/client_channel/http_proxy_mapper.cc +305 -0
  39. data/src/core/client_channel/http_proxy_mapper.h +53 -0
  40. data/src/core/client_channel/local_subchannel_pool.cc +60 -0
  41. data/src/core/client_channel/local_subchannel_pool.h +59 -0
  42. data/src/core/client_channel/retry_filter.cc +160 -0
  43. data/src/core/client_channel/retry_filter.h +122 -0
  44. data/src/core/client_channel/retry_filter_legacy_call_data.cc +2054 -0
  45. data/src/core/client_channel/retry_filter_legacy_call_data.h +443 -0
  46. data/src/core/client_channel/retry_service_config.cc +283 -0
  47. data/src/core/client_channel/retry_service_config.h +105 -0
  48. data/src/core/client_channel/retry_throttle.cc +139 -0
  49. data/src/core/client_channel/retry_throttle.h +92 -0
  50. data/src/core/client_channel/service_config_channel_arg_filter.cc +136 -0
  51. data/src/core/client_channel/subchannel.cc +812 -0
  52. data/src/core/client_channel/subchannel.h +387 -0
  53. data/src/core/client_channel/subchannel_interface_internal.h +41 -0
  54. data/src/core/client_channel/subchannel_pool_interface.cc +66 -0
  55. data/src/core/client_channel/subchannel_pool_interface.h +100 -0
  56. data/src/core/client_channel/subchannel_stream_client.cc +468 -0
  57. data/src/core/client_channel/subchannel_stream_client.h +225 -0
  58. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +55 -15
  59. data/src/core/ext/filters/backend_metrics/backend_metric_filter.h +20 -6
  60. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +28 -39
  61. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +18 -10
  62. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.cc +326 -0
  63. data/src/core/ext/filters/channel_idle/legacy_channel_idle_filter.h +143 -0
  64. data/src/core/ext/filters/deadline/deadline_filter.cc +20 -23
  65. data/src/core/ext/filters/deadline/deadline_filter.h +0 -4
  66. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +19 -14
  67. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +13 -4
  68. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
  69. data/src/core/ext/filters/http/client/http_client_filter.cc +29 -39
  70. data/src/core/ext/filters/http/client/http_client_filter.h +10 -5
  71. data/src/core/ext/filters/http/client_authority_filter.cc +22 -24
  72. data/src/core/ext/filters/http/client_authority_filter.h +12 -4
  73. data/src/core/ext/filters/http/http_filters_plugin.cc +58 -38
  74. data/src/core/ext/filters/http/message_compress/compression_filter.cc +55 -84
  75. data/src/core/ext/filters/http/message_compress/compression_filter.h +54 -12
  76. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +325 -0
  77. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.h +139 -0
  78. data/src/core/ext/filters/http/server/http_server_filter.cc +41 -43
  79. data/src/core/ext/filters/http/server/http_server_filter.h +11 -4
  80. data/src/core/ext/filters/message_size/message_size_filter.cc +79 -109
  81. data/src/core/ext/filters/message_size/message_size_filter.h +36 -24
  82. data/src/core/ext/filters/rbac/rbac_filter.cc +24 -20
  83. data/src/core/ext/filters/rbac/rbac_filter.h +11 -4
  84. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
  85. data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
  86. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +28 -15
  87. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +60 -65
  88. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +43 -9
  89. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
  90. data/src/core/ext/gcp/metadata_query.cc +0 -1
  91. data/src/core/ext/transport/chttp2/alpn/alpn.cc +5 -2
  92. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +9 -12
  93. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  94. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +20 -19
  95. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +240 -273
  96. data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +47 -4
  97. data/src/core/ext/transport/chttp2/transport/context_list_entry.h +12 -2
  98. data/src/core/ext/transport/chttp2/transport/flow_control.cc +45 -83
  99. data/src/core/ext/transport/chttp2/transport/flow_control.h +58 -8
  100. data/src/core/ext/transport/chttp2/transport/frame.cc +506 -0
  101. data/src/core/ext/transport/chttp2/transport/frame.h +214 -0
  102. data/src/core/ext/transport/chttp2/transport/frame_data.cc +4 -3
  103. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +0 -2
  104. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +0 -2
  105. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +1 -3
  106. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +33 -81
  107. data/src/core/ext/transport/chttp2/transport/frame_settings.h +4 -7
  108. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +1 -3
  109. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +15 -21
  110. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +12 -3
  111. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +3 -4
  112. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.cc +37 -29
  113. data/src/core/ext/transport/chttp2/transport/hpack_parse_result.h +61 -36
  114. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -5
  115. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
  116. data/src/core/ext/transport/chttp2/transport/http2_settings.cc +122 -32
  117. data/src/core/ext/transport/chttp2/transport/http2_settings.h +142 -37
  118. data/src/core/ext/transport/chttp2/transport/internal.h +63 -61
  119. data/src/core/ext/transport/chttp2/transport/parsing.cc +35 -39
  120. data/src/core/ext/transport/chttp2/transport/ping_rate_policy.cc +2 -2
  121. data/src/core/ext/transport/chttp2/transport/writing.cc +45 -61
  122. data/src/core/ext/transport/inproc/inproc_transport.cc +168 -1237
  123. data/src/core/ext/transport/inproc/inproc_transport.h +8 -4
  124. data/src/core/ext/transport/inproc/legacy_inproc_transport.cc +1303 -0
  125. data/src/core/ext/transport/inproc/legacy_inproc_transport.h +30 -0
  126. data/src/core/ext/upb-gen/envoy/admin/v3/certs.upb.h +725 -0
  127. data/src/core/ext/upb-gen/envoy/admin/v3/certs.upb_minitable.c +149 -0
  128. data/src/core/ext/upb-gen/envoy/admin/v3/certs.upb_minitable.h +34 -0
  129. data/src/core/ext/upb-gen/envoy/admin/v3/clusters.upb.h +827 -0
  130. data/src/core/ext/upb-gen/envoy/admin/v3/clusters.upb_minitable.c +180 -0
  131. data/src/core/ext/upb-gen/envoy/admin/v3/clusters.upb_minitable.h +33 -0
  132. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump.upb.h +733 -0
  133. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump.upb_minitable.c +157 -0
  134. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump.upb_minitable.h +34 -0
  135. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb.h +2772 -0
  136. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb_minitable.c +532 -0
  137. data/src/core/ext/upb-gen/envoy/admin/v3/config_dump_shared.upb_minitable.h +48 -0
  138. data/src/core/ext/upb-gen/envoy/admin/v3/init_dump.upb.h +248 -0
  139. data/src/core/ext/upb-gen/envoy/admin/v3/init_dump.upb_minitable.c +66 -0
  140. data/src/core/ext/upb-gen/envoy/admin/v3/init_dump.upb_minitable.h +31 -0
  141. data/src/core/ext/upb-gen/envoy/admin/v3/listeners.upb.h +280 -0
  142. data/src/core/ext/upb-gen/envoy/admin/v3/listeners.upb_minitable.c +74 -0
  143. data/src/core/ext/upb-gen/envoy/admin/v3/listeners.upb_minitable.h +31 -0
  144. data/src/core/ext/upb-gen/envoy/admin/v3/memory.upb.h +162 -0
  145. data/src/core/ext/upb-gen/envoy/admin/v3/memory.upb_minitable.c +56 -0
  146. data/src/core/ext/upb-gen/envoy/admin/v3/memory.upb_minitable.h +30 -0
  147. data/src/core/ext/upb-gen/envoy/admin/v3/metrics.upb.h +122 -0
  148. data/src/core/ext/upb-gen/envoy/admin/v3/metrics.upb_minitable.c +49 -0
  149. data/src/core/ext/upb-gen/envoy/admin/v3/metrics.upb_minitable.h +30 -0
  150. data/src/core/ext/upb-gen/envoy/admin/v3/mutex_stats.upb.h +117 -0
  151. data/src/core/ext/upb-gen/envoy/admin/v3/mutex_stats.upb_minitable.c +49 -0
  152. data/src/core/ext/upb-gen/envoy/admin/v3/mutex_stats.upb_minitable.h +30 -0
  153. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb.h +928 -0
  154. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb_minitable.c +150 -0
  155. data/src/core/ext/upb-gen/envoy/admin/v3/server_info.upb_minitable.h +31 -0
  156. data/src/core/ext/upb-gen/envoy/admin/v3/tap.upb.h +117 -0
  157. data/src/core/ext/upb-gen/envoy/admin/v3/tap.upb_minitable.c +54 -0
  158. data/src/core/ext/upb-gen/envoy/admin/v3/tap.upb_minitable.h +30 -0
  159. data/src/core/ext/upb-gen/envoy/annotations/deprecation.upb.h +122 -0
  160. data/src/core/ext/upb-gen/envoy/annotations/deprecation.upb_minitable.c +58 -0
  161. data/src/core/ext/upb-gen/envoy/annotations/deprecation.upb_minitable.h +33 -0
  162. data/src/core/ext/upb-gen/envoy/annotations/resource.upb.h +109 -0
  163. data/src/core/ext/upb-gen/envoy/annotations/resource.upb_minitable.c +55 -0
  164. data/src/core/ext/upb-gen/envoy/annotations/resource.upb_minitable.h +31 -0
  165. data/src/core/ext/upb-gen/envoy/config/accesslog/v3/accesslog.upb.h +1753 -0
  166. data/src/core/ext/upb-gen/envoy/config/accesslog/v3/accesslog.upb_minitable.c +375 -0
  167. data/src/core/ext/upb-gen/envoy/config/accesslog/v3/accesslog.upb_minitable.h +45 -0
  168. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +3607 -0
  169. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +651 -0
  170. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +51 -0
  171. data/src/core/ext/upb-gen/envoy/config/cluster/v3/circuit_breaker.upb.h +526 -0
  172. data/src/core/ext/upb-gen/envoy/config/cluster/v3/circuit_breaker.upb_minitable.c +125 -0
  173. data/src/core/ext/upb-gen/envoy/config/cluster/v3/circuit_breaker.upb_minitable.h +32 -0
  174. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +3934 -0
  175. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +737 -0
  176. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.h +53 -0
  177. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +146 -0
  178. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +57 -0
  179. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.h +30 -0
  180. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +687 -0
  181. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +125 -0
  182. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.h +30 -0
  183. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +1829 -0
  184. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +394 -0
  185. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.h +44 -0
  186. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +1070 -0
  187. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +227 -0
  188. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.h +37 -0
  189. data/src/core/ext/upb-gen/envoy/config/core/v3/backoff.upb.h +129 -0
  190. data/src/core/ext/upb-gen/envoy/config/core/v3/backoff.upb_minitable.c +55 -0
  191. data/src/core/ext/upb-gen/envoy/config/core/v3/backoff.upb_minitable.h +30 -0
  192. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +2436 -0
  193. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +578 -0
  194. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.h +53 -0
  195. data/src/core/ext/upb-gen/envoy/config/core/v3/config_source.upb.h +1130 -0
  196. data/src/core/ext/upb-gen/envoy/config/core/v3/config_source.upb_minitable.c +225 -0
  197. data/src/core/ext/upb-gen/envoy/config/core/v3/config_source.upb_minitable.h +36 -0
  198. data/src/core/ext/upb-gen/envoy/config/core/v3/event_service_config.upb.h +110 -0
  199. data/src/core/ext/upb-gen/envoy/config/core/v3/event_service_config.upb_minitable.c +51 -0
  200. data/src/core/ext/upb-gen/envoy/config/core/v3/event_service_config.upb_minitable.h +30 -0
  201. data/src/core/ext/upb-gen/envoy/config/core/v3/extension.upb.h +116 -0
  202. data/src/core/ext/upb-gen/envoy/config/core/v3/extension.upb_minitable.c +53 -0
  203. data/src/core/ext/upb-gen/envoy/config/core/v3/extension.upb_minitable.h +30 -0
  204. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_method_list.upb.h +250 -0
  205. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_method_list.upb_minitable.c +68 -0
  206. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_method_list.upb_minitable.h +31 -0
  207. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_service.upb.h +1688 -0
  208. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_service.upb_minitable.c +378 -0
  209. data/src/core/ext/upb-gen/envoy/config/core/v3/grpc_service.upb_minitable.h +43 -0
  210. data/src/core/ext/upb-gen/envoy/config/core/v3/health_check.upb.h +1938 -0
  211. data/src/core/ext/upb-gen/envoy/config/core/v3/health_check.upb_minitable.c +315 -0
  212. data/src/core/ext/upb-gen/envoy/config/core/v3/health_check.upb_minitable.h +38 -0
  213. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
  214. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
  215. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
  216. data/src/core/ext/upb-gen/envoy/config/core/v3/http_uri.upb.h +144 -0
  217. data/src/core/ext/upb-gen/envoy/config/core/v3/http_uri.upb_minitable.c +55 -0
  218. data/src/core/ext/upb-gen/envoy/config/core/v3/http_uri.upb_minitable.h +30 -0
  219. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +2275 -0
  220. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +483 -0
  221. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.h +45 -0
  222. data/src/core/ext/upb-gen/envoy/config/core/v3/proxy_protocol.upb.h +238 -0
  223. data/src/core/ext/upb-gen/envoy/config/core/v3/proxy_protocol.upb_minitable.c +70 -0
  224. data/src/core/ext/upb-gen/envoy/config/core/v3/proxy_protocol.upb_minitable.h +31 -0
  225. data/src/core/ext/upb-gen/envoy/config/core/v3/resolver.upb.h +232 -0
  226. data/src/core/ext/upb-gen/envoy/config/core/v3/resolver.upb_minitable.c +72 -0
  227. data/src/core/ext/upb-gen/envoy/config/core/v3/resolver.upb_minitable.h +31 -0
  228. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb.h +287 -0
  229. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.c +76 -0
  230. data/src/core/ext/upb-gen/envoy/config/core/v3/socket_option.upb_minitable.h +31 -0
  231. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +335 -0
  232. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +83 -0
  233. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +31 -0
  234. data/src/core/ext/upb-gen/envoy/config/core/v3/udp_socket_config.upb.h +129 -0
  235. data/src/core/ext/upb-gen/envoy/config/core/v3/udp_socket_config.upb_minitable.c +54 -0
  236. data/src/core/ext/upb-gen/envoy/config/core/v3/udp_socket_config.upb_minitable.h +30 -0
  237. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +504 -0
  238. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +139 -0
  239. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.h +33 -0
  240. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint_components.upb.h +993 -0
  241. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint_components.upb_minitable.c +229 -0
  242. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint_components.upb_minitable.h +36 -0
  243. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/load_report.upb.h +911 -0
  244. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/load_report.upb_minitable.c +179 -0
  245. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/load_report.upb_minitable.h +34 -0
  246. data/src/core/ext/upb-gen/envoy/config/listener/v3/api_listener.upb.h +101 -0
  247. data/src/core/ext/upb-gen/envoy/config/listener/v3/api_listener.upb_minitable.c +50 -0
  248. data/src/core/ext/upb-gen/envoy/config/listener/v3/api_listener.upb_minitable.h +30 -0
  249. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener.upb.h +1613 -0
  250. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener.upb_minitable.c +268 -0
  251. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener.upb_minitable.h +39 -0
  252. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb.h +1447 -0
  253. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.c +260 -0
  254. data/src/core/ext/upb-gen/envoy/config/listener/v3/listener_components.upb_minitable.h +36 -0
  255. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb.h +327 -0
  256. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.c +86 -0
  257. data/src/core/ext/upb-gen/envoy/config/listener/v3/quic_config.upb_minitable.h +30 -0
  258. data/src/core/ext/upb-gen/envoy/config/listener/v3/udp_listener_config.upb.h +197 -0
  259. data/src/core/ext/upb-gen/envoy/config/listener/v3/udp_listener_config.upb_minitable.c +77 -0
  260. data/src/core/ext/upb-gen/envoy/config/listener/v3/udp_listener_config.upb_minitable.h +31 -0
  261. data/src/core/ext/upb-gen/envoy/config/metrics/v3/metrics_service.upb.h +183 -0
  262. data/src/core/ext/upb-gen/envoy/config/metrics/v3/metrics_service.upb_minitable.c +64 -0
  263. data/src/core/ext/upb-gen/envoy/config/metrics/v3/metrics_service.upb_minitable.h +30 -0
  264. data/src/core/ext/upb-gen/envoy/config/metrics/v3/stats.upb.h +974 -0
  265. data/src/core/ext/upb-gen/envoy/config/metrics/v3/stats.upb_minitable.c +219 -0
  266. data/src/core/ext/upb-gen/envoy/config/metrics/v3/stats.upb_minitable.h +37 -0
  267. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb.h +1183 -0
  268. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb_minitable.c +250 -0
  269. data/src/core/ext/upb-gen/envoy/config/overload/v3/overload.upb_minitable.h +39 -0
  270. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb.h +1704 -0
  271. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.c +348 -0
  272. data/src/core/ext/upb-gen/envoy/config/rbac/v3/rbac.upb_minitable.h +40 -0
  273. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +885 -0
  274. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +151 -0
  275. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.h +32 -0
  276. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +9754 -0
  277. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +1670 -0
  278. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.h +87 -0
  279. data/src/core/ext/upb-gen/envoy/config/route/v3/scoped_route.upb.h +341 -0
  280. data/src/core/ext/upb-gen/envoy/config/route/v3/scoped_route.upb_minitable.c +97 -0
  281. data/src/core/ext/upb-gen/envoy/config/route/v3/scoped_route.upb_minitable.h +32 -0
  282. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +1545 -0
  283. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +328 -0
  284. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.h +41 -0
  285. data/src/core/ext/upb-gen/envoy/config/trace/v3/datadog.upb.h +119 -0
  286. data/src/core/ext/upb-gen/envoy/config/trace/v3/datadog.upb_minitable.c +51 -0
  287. data/src/core/ext/upb-gen/envoy/config/trace/v3/datadog.upb_minitable.h +30 -0
  288. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +119 -0
  289. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +56 -0
  290. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.h +30 -0
  291. data/src/core/ext/upb-gen/envoy/config/trace/v3/http_tracer.upb.h +190 -0
  292. data/src/core/ext/upb-gen/envoy/config/trace/v3/http_tracer.upb_minitable.c +73 -0
  293. data/src/core/ext/upb-gen/envoy/config/trace/v3/http_tracer.upb_minitable.h +31 -0
  294. data/src/core/ext/upb-gen/envoy/config/trace/v3/lightstep.upb.h +202 -0
  295. data/src/core/ext/upb-gen/envoy/config/trace/v3/lightstep.upb_minitable.c +62 -0
  296. data/src/core/ext/upb-gen/envoy/config/trace/v3/lightstep.upb_minitable.h +30 -0
  297. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb.h +409 -0
  298. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.c +81 -0
  299. data/src/core/ext/upb-gen/envoy/config/trace/v3/opencensus.upb_minitable.h +30 -0
  300. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +237 -0
  301. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +65 -0
  302. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.h +30 -0
  303. data/src/core/ext/upb-gen/envoy/config/trace/v3/service.upb.h +102 -0
  304. data/src/core/ext/upb-gen/envoy/config/trace/v3/service.upb_minitable.c +51 -0
  305. data/src/core/ext/upb-gen/envoy/config/trace/v3/service.upb_minitable.h +30 -0
  306. data/src/core/ext/upb-gen/envoy/config/trace/v3/skywalking.upb.h +254 -0
  307. data/src/core/ext/upb-gen/envoy/config/trace/v3/skywalking.upb_minitable.c +85 -0
  308. data/src/core/ext/upb-gen/envoy/config/trace/v3/skywalking.upb_minitable.h +31 -0
  309. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb.h +49 -0
  310. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.c +33 -0
  311. data/src/core/ext/upb-gen/envoy/config/trace/v3/trace.upb_minitable.h +39 -0
  312. data/src/core/ext/upb-gen/envoy/config/trace/v3/xray.upb.h +256 -0
  313. data/src/core/ext/upb-gen/envoy/config/trace/v3/xray.upb_minitable.c +87 -0
  314. data/src/core/ext/upb-gen/envoy/config/trace/v3/xray.upb_minitable.h +31 -0
  315. data/src/core/ext/upb-gen/envoy/config/trace/v3/zipkin.upb.h +201 -0
  316. data/src/core/ext/upb-gen/envoy/config/trace/v3/zipkin.upb_minitable.c +65 -0
  317. data/src/core/ext/upb-gen/envoy/config/trace/v3/zipkin.upb_minitable.h +30 -0
  318. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +2709 -0
  319. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +556 -0
  320. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.h +45 -0
  321. data/src/core/ext/upb-gen/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +134 -0
  322. data/src/core/ext/upb-gen/envoy/extensions/clusters/aggregate/v3/cluster.upb_minitable.c +46 -0
  323. data/src/core/ext/upb-gen/envoy/extensions/clusters/aggregate/v3/cluster.upb_minitable.h +30 -0
  324. data/src/core/ext/upb-gen/envoy/extensions/filters/common/fault/v3/fault.upb.h +428 -0
  325. data/src/core/ext/upb-gen/envoy/extensions/filters/common/fault/v3/fault.upb_minitable.c +116 -0
  326. data/src/core/ext/upb-gen/envoy/extensions/filters/common/fault/v3/fault.upb_minitable.h +34 -0
  327. data/src/core/ext/upb-gen/envoy/extensions/filters/http/fault/v3/fault.upb.h +656 -0
  328. data/src/core/ext/upb-gen/envoy/extensions/filters/http/fault/v3/fault.upb_minitable.c +141 -0
  329. data/src/core/ext/upb-gen/envoy/extensions/filters/http/fault/v3/fault.upb_minitable.h +32 -0
  330. data/src/core/ext/upb-gen/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +266 -0
  331. data/src/core/ext/upb-gen/envoy/extensions/filters/http/rbac/v3/rbac.upb_minitable.c +87 -0
  332. data/src/core/ext/upb-gen/envoy/extensions/filters/http/rbac/v3/rbac.upb_minitable.h +31 -0
  333. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +463 -0
  334. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +102 -0
  335. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.h +31 -0
  336. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +209 -0
  337. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +75 -0
  338. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.h +31 -0
  339. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +3985 -0
  340. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +682 -0
  341. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.h +50 -0
  342. data/src/core/ext/upb-gen/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +101 -0
  343. data/src/core/ext/upb-gen/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb_minitable.c +50 -0
  344. data/src/core/ext/upb-gen/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb_minitable.h +30 -0
  345. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +239 -0
  346. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.c +67 -0
  347. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb_minitable.h +30 -0
  348. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +488 -0
  349. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/common/v3/common.upb_minitable.c +135 -0
  350. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/common/v3/common.upb_minitable.h +34 -0
  351. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.h +86 -0
  352. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb_minitable.c +44 -0
  353. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb_minitable.h +30 -0
  354. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +250 -0
  355. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb_minitable.c +68 -0
  356. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb_minitable.h +30 -0
  357. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +101 -0
  358. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb_minitable.c +50 -0
  359. data/src/core/ext/upb-gen/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb_minitable.h +30 -0
  360. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +39 -0
  361. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/cert.upb_minitable.c +28 -0
  362. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/cert.upb_minitable.h +34 -0
  363. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +1484 -0
  364. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +267 -0
  365. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.h +36 -0
  366. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +361 -0
  367. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/secret.upb_minitable.c +108 -0
  368. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/secret.upb_minitable.h +32 -0
  369. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +1509 -0
  370. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +270 -0
  371. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.h +36 -0
  372. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +217 -0
  373. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb_minitable.c +72 -0
  374. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb_minitable.h +31 -0
  375. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb.h +712 -0
  376. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.c +151 -0
  377. data/src/core/ext/upb-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upb_minitable.h +33 -0
  378. data/src/core/ext/upb-gen/envoy/service/discovery/v3/ads.upb.h +73 -0
  379. data/src/core/ext/upb-gen/envoy/service/discovery/v3/ads.upb_minitable.c +38 -0
  380. data/src/core/ext/upb-gen/envoy/service/discovery/v3/ads.upb_minitable.h +30 -0
  381. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb.h +2141 -0
  382. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.c +402 -0
  383. data/src/core/ext/upb-gen/envoy/service/discovery/v3/discovery.upb_minitable.h +43 -0
  384. data/src/core/ext/upb-gen/envoy/service/load_stats/v3/lrs.upb.h +324 -0
  385. data/src/core/ext/upb-gen/envoy/service/load_stats/v3/lrs.upb_minitable.c +84 -0
  386. data/src/core/ext/upb-gen/envoy/service/load_stats/v3/lrs.upb_minitable.h +31 -0
  387. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +940 -0
  388. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +188 -0
  389. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.h +34 -0
  390. data/src/core/ext/upb-gen/envoy/type/http/v3/cookie.upb.h +131 -0
  391. data/src/core/ext/upb-gen/envoy/type/http/v3/cookie.upb_minitable.c +54 -0
  392. data/src/core/ext/upb-gen/envoy/type/http/v3/cookie.upb_minitable.h +30 -0
  393. data/src/core/ext/upb-gen/envoy/type/http/v3/path_transformation.upb.h +312 -0
  394. data/src/core/ext/upb-gen/envoy/type/http/v3/path_transformation.upb_minitable.c +86 -0
  395. data/src/core/ext/upb-gen/envoy/type/http/v3/path_transformation.upb_minitable.h +33 -0
  396. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb.h +124 -0
  397. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb_minitable.c +53 -0
  398. data/src/core/ext/upb-gen/envoy/type/matcher/v3/filter_state.upb_minitable.h +30 -0
  399. data/src/core/ext/upb-gen/envoy/type/matcher/v3/http_inputs.upb.h +299 -0
  400. data/src/core/ext/upb-gen/envoy/type/matcher/v3/http_inputs.upb_minitable.c +105 -0
  401. data/src/core/ext/upb-gen/envoy/type/matcher/v3/http_inputs.upb_minitable.h +34 -0
  402. data/src/core/ext/upb-gen/envoy/type/matcher/v3/metadata.upb.h +260 -0
  403. data/src/core/ext/upb-gen/envoy/type/matcher/v3/metadata.upb_minitable.c +76 -0
  404. data/src/core/ext/upb-gen/envoy/type/matcher/v3/metadata.upb_minitable.h +31 -0
  405. data/src/core/ext/upb-gen/envoy/type/matcher/v3/node.upb.h +166 -0
  406. data/src/core/ext/upb-gen/envoy/type/matcher/v3/node.upb_minitable.c +55 -0
  407. data/src/core/ext/upb-gen/envoy/type/matcher/v3/node.upb_minitable.h +30 -0
  408. data/src/core/ext/upb-gen/envoy/type/matcher/v3/number.upb.h +130 -0
  409. data/src/core/ext/upb-gen/envoy/type/matcher/v3/number.upb_minitable.c +54 -0
  410. data/src/core/ext/upb-gen/envoy/type/matcher/v3/number.upb_minitable.h +30 -0
  411. data/src/core/ext/upb-gen/envoy/type/matcher/v3/path.upb.h +110 -0
  412. data/src/core/ext/upb-gen/envoy/type/matcher/v3/path.upb_minitable.c +51 -0
  413. data/src/core/ext/upb-gen/envoy/type/matcher/v3/path.upb_minitable.h +30 -0
  414. data/src/core/ext/upb-gen/envoy/type/matcher/v3/regex.upb.h +271 -0
  415. data/src/core/ext/upb-gen/envoy/type/matcher/v3/regex.upb_minitable.c +96 -0
  416. data/src/core/ext/upb-gen/envoy/type/matcher/v3/regex.upb_minitable.h +32 -0
  417. data/src/core/ext/upb-gen/envoy/type/matcher/v3/status_code_input.upb.h +109 -0
  418. data/src/core/ext/upb-gen/envoy/type/matcher/v3/status_code_input.upb_minitable.c +43 -0
  419. data/src/core/ext/upb-gen/envoy/type/matcher/v3/status_code_input.upb_minitable.h +31 -0
  420. data/src/core/ext/upb-gen/envoy/type/matcher/v3/string.upb.h +306 -0
  421. data/src/core/ext/upb-gen/envoy/type/matcher/v3/string.upb_minitable.c +81 -0
  422. data/src/core/ext/upb-gen/envoy/type/matcher/v3/string.upb_minitable.h +31 -0
  423. data/src/core/ext/upb-gen/envoy/type/matcher/v3/struct.upb.h +230 -0
  424. data/src/core/ext/upb-gen/envoy/type/matcher/v3/struct.upb_minitable.c +70 -0
  425. data/src/core/ext/upb-gen/envoy/type/matcher/v3/struct.upb_minitable.h +31 -0
  426. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +476 -0
  427. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +113 -0
  428. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +33 -0
  429. data/src/core/ext/upb-gen/envoy/type/metadata/v3/metadata.upb.h +525 -0
  430. data/src/core/ext/upb-gen/envoy/type/metadata/v3/metadata.upb_minitable.c +127 -0
  431. data/src/core/ext/upb-gen/envoy/type/metadata/v3/metadata.upb_minitable.h +36 -0
  432. data/src/core/ext/upb-gen/envoy/type/tracing/v3/custom_tag.upb.h +506 -0
  433. data/src/core/ext/upb-gen/envoy/type/tracing/v3/custom_tag.upb_minitable.c +139 -0
  434. data/src/core/ext/upb-gen/envoy/type/tracing/v3/custom_tag.upb_minitable.h +34 -0
  435. data/src/core/ext/upb-gen/envoy/type/v3/hash_policy.upb.h +227 -0
  436. data/src/core/ext/upb-gen/envoy/type/v3/hash_policy.upb_minitable.c +76 -0
  437. data/src/core/ext/upb-gen/envoy/type/v3/hash_policy.upb_minitable.h +32 -0
  438. data/src/core/ext/upb-gen/envoy/type/v3/http.upb.h +38 -0
  439. data/src/core/ext/upb-gen/envoy/type/v3/http.upb_minitable.c +26 -0
  440. data/src/core/ext/upb-gen/envoy/type/v3/http.upb_minitable.h +29 -0
  441. data/src/core/ext/upb-gen/envoy/type/v3/http_status.upb.h +148 -0
  442. data/src/core/ext/upb-gen/envoy/type/v3/http_status.upb_minitable.c +46 -0
  443. data/src/core/ext/upb-gen/envoy/type/v3/http_status.upb_minitable.h +30 -0
  444. data/src/core/ext/upb-gen/envoy/type/v3/percent.upb.h +162 -0
  445. data/src/core/ext/upb-gen/envoy/type/v3/percent.upb_minitable.c +64 -0
  446. data/src/core/ext/upb-gen/envoy/type/v3/percent.upb_minitable.h +31 -0
  447. data/src/core/ext/upb-gen/envoy/type/v3/range.upb.h +238 -0
  448. data/src/core/ext/upb-gen/envoy/type/v3/range.upb_minitable.c +84 -0
  449. data/src/core/ext/upb-gen/envoy/type/v3/range.upb_minitable.h +32 -0
  450. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_strategy.upb.h +232 -0
  451. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_strategy.upb_minitable.c +75 -0
  452. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_strategy.upb_minitable.h +31 -0
  453. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_unit.upb.h +42 -0
  454. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_unit.upb_minitable.c +26 -0
  455. data/src/core/ext/upb-gen/envoy/type/v3/ratelimit_unit.upb_minitable.h +29 -0
  456. data/src/core/ext/upb-gen/envoy/type/v3/semantic_version.upb.h +117 -0
  457. data/src/core/ext/upb-gen/envoy/type/v3/semantic_version.upb_minitable.c +49 -0
  458. data/src/core/ext/upb-gen/envoy/type/v3/semantic_version.upb_minitable.h +30 -0
  459. data/src/core/ext/upb-gen/envoy/type/v3/token_bucket.upb.h +146 -0
  460. data/src/core/ext/upb-gen/envoy/type/v3/token_bucket.upb_minitable.c +57 -0
  461. data/src/core/ext/upb-gen/envoy/type/v3/token_bucket.upb_minitable.h +30 -0
  462. data/src/core/ext/upb-gen/google/api/annotations.upb.h +56 -0
  463. data/src/core/ext/upb-gen/google/api/annotations.upb_minitable.c +38 -0
  464. data/src/core/ext/upb-gen/google/api/annotations.upb_minitable.h +30 -0
  465. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb.h +1743 -0
  466. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.c +369 -0
  467. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/checked.upb_minitable.h +42 -0
  468. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb.h +1829 -0
  469. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.c +399 -0
  470. data/src/core/ext/upb-gen/google/api/expr/v1alpha1/syntax.upb_minitable.h +43 -0
  471. data/src/core/ext/upb-gen/google/api/http.upb.h +496 -0
  472. data/src/core/ext/upb-gen/google/api/http.upb_minitable.c +111 -0
  473. data/src/core/ext/upb-gen/google/api/http.upb_minitable.h +32 -0
  474. data/src/core/ext/upb-gen/google/api/httpbody.upb.h +165 -0
  475. data/src/core/ext/upb-gen/google/api/httpbody.upb_minitable.c +52 -0
  476. data/src/core/ext/upb-gen/google/api/httpbody.upb_minitable.h +30 -0
  477. data/src/core/ext/upb-gen/google/protobuf/any.upb.h +99 -0
  478. data/src/core/ext/upb-gen/google/protobuf/any.upb_minitable.c +46 -0
  479. data/src/core/ext/upb-gen/google/protobuf/any.upb_minitable.h +30 -0
  480. data/src/core/ext/upb-gen/google/protobuf/descriptor.upb.h +6397 -0
  481. data/src/core/ext/upb-gen/google/protobuf/descriptor.upb_minitable.c +1357 -0
  482. data/src/core/ext/upb-gen/google/protobuf/descriptor.upb_minitable.h +78 -0
  483. data/src/core/ext/upb-gen/google/protobuf/duration.upb.h +99 -0
  484. data/src/core/ext/upb-gen/google/protobuf/duration.upb_minitable.c +46 -0
  485. data/src/core/ext/upb-gen/google/protobuf/duration.upb_minitable.h +30 -0
  486. data/src/core/ext/upb-gen/google/protobuf/empty.upb.h +69 -0
  487. data/src/core/ext/upb-gen/google/protobuf/empty.upb_minitable.c +35 -0
  488. data/src/core/ext/upb-gen/google/protobuf/empty.upb_minitable.h +30 -0
  489. data/src/core/ext/upb-gen/google/protobuf/struct.upb.h +422 -0
  490. data/src/core/ext/upb-gen/google/protobuf/struct.upb_minitable.c +115 -0
  491. data/src/core/ext/upb-gen/google/protobuf/struct.upb_minitable.h +33 -0
  492. data/src/core/ext/upb-gen/google/protobuf/timestamp.upb.h +99 -0
  493. data/src/core/ext/upb-gen/google/protobuf/timestamp.upb_minitable.c +46 -0
  494. data/src/core/ext/upb-gen/google/protobuf/timestamp.upb_minitable.h +30 -0
  495. data/src/core/ext/upb-gen/google/protobuf/wrappers.upb.h +508 -0
  496. data/src/core/ext/upb-gen/google/protobuf/wrappers.upb_minitable.c +163 -0
  497. data/src/core/ext/upb-gen/google/protobuf/wrappers.upb_minitable.h +38 -0
  498. data/src/core/ext/upb-gen/google/rpc/status.upb.h +165 -0
  499. data/src/core/ext/upb-gen/google/rpc/status.upb_minitable.c +52 -0
  500. data/src/core/ext/upb-gen/google/rpc/status.upb_minitable.h +30 -0
  501. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb.h +385 -0
  502. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.c +106 -0
  503. data/src/core/ext/upb-gen/opencensus/proto/trace/v1/trace_config.upb_minitable.h +33 -0
  504. data/src/core/ext/upb-gen/src/proto/grpc/gcp/altscontext.upb.h +237 -0
  505. data/src/core/ext/upb-gen/src/proto/grpc/gcp/altscontext.upb_minitable.c +79 -0
  506. data/src/core/ext/upb-gen/src/proto/grpc/gcp/altscontext.upb_minitable.h +31 -0
  507. data/src/core/ext/upb-gen/src/proto/grpc/gcp/handshaker.upb.h +1658 -0
  508. data/src/core/ext/upb-gen/src/proto/grpc/gcp/handshaker.upb_minitable.c +342 -0
  509. data/src/core/ext/upb-gen/src/proto/grpc/gcp/handshaker.upb_minitable.h +41 -0
  510. data/src/core/ext/upb-gen/src/proto/grpc/gcp/transport_security_common.upb.h +197 -0
  511. data/src/core/ext/upb-gen/src/proto/grpc/gcp/transport_security_common.upb_minitable.c +69 -0
  512. data/src/core/ext/upb-gen/src/proto/grpc/gcp/transport_security_common.upb_minitable.h +31 -0
  513. data/src/core/ext/upb-gen/src/proto/grpc/health/v1/health.upb.h +144 -0
  514. data/src/core/ext/upb-gen/src/proto/grpc/health/v1/health.upb_minitable.c +58 -0
  515. data/src/core/ext/upb-gen/src/proto/grpc/health/v1/health.upb_minitable.h +31 -0
  516. data/src/core/ext/upb-gen/src/proto/grpc/lb/v1/load_balancer.upb.h +877 -0
  517. data/src/core/ext/upb-gen/src/proto/grpc/lb/v1/load_balancer.upb_minitable.c +221 -0
  518. data/src/core/ext/upb-gen/src/proto/grpc/lb/v1/load_balancer.upb_minitable.h +38 -0
  519. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls.upb.h +297 -0
  520. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls.upb_minitable.c +92 -0
  521. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls.upb_minitable.h +32 -0
  522. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls_config.upb.h +1333 -0
  523. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls_config.upb_minitable.c +243 -0
  524. data/src/core/ext/upb-gen/src/proto/grpc/lookup/v1/rls_config.upb_minitable.h +38 -0
  525. data/src/core/ext/upb-gen/udpa/annotations/migrate.upb.h +322 -0
  526. data/src/core/ext/upb-gen/udpa/annotations/migrate.upb_minitable.c +118 -0
  527. data/src/core/ext/upb-gen/udpa/annotations/migrate.upb_minitable.h +37 -0
  528. data/src/core/ext/upb-gen/udpa/annotations/security.upb.h +125 -0
  529. data/src/core/ext/upb-gen/udpa/annotations/security.upb_minitable.c +59 -0
  530. data/src/core/ext/upb-gen/udpa/annotations/security.upb_minitable.h +31 -0
  531. data/src/core/ext/upb-gen/udpa/annotations/sensitive.upb.h +55 -0
  532. data/src/core/ext/upb-gen/udpa/annotations/sensitive.upb_minitable.c +37 -0
  533. data/src/core/ext/upb-gen/udpa/annotations/sensitive.upb_minitable.h +30 -0
  534. data/src/core/ext/upb-gen/udpa/annotations/status.upb.h +131 -0
  535. data/src/core/ext/upb-gen/udpa/annotations/status.upb_minitable.c +58 -0
  536. data/src/core/ext/upb-gen/udpa/annotations/status.upb_minitable.h +31 -0
  537. data/src/core/ext/upb-gen/udpa/annotations/versioning.upb.h +109 -0
  538. data/src/core/ext/upb-gen/udpa/annotations/versioning.upb_minitable.c +55 -0
  539. data/src/core/ext/upb-gen/udpa/annotations/versioning.upb_minitable.h +31 -0
  540. data/src/core/ext/upb-gen/validate/validate.upb.h +6507 -0
  541. data/src/core/ext/upb-gen/validate/validate.upb_minitable.c +943 -0
  542. data/src/core/ext/upb-gen/validate/validate.upb_minitable.h +57 -0
  543. data/src/core/ext/upb-gen/xds/annotations/v3/migrate.upb.h +322 -0
  544. data/src/core/ext/upb-gen/xds/annotations/v3/migrate.upb_minitable.c +118 -0
  545. data/src/core/ext/upb-gen/xds/annotations/v3/migrate.upb_minitable.h +37 -0
  546. data/src/core/ext/upb-gen/xds/annotations/v3/security.upb.h +125 -0
  547. data/src/core/ext/upb-gen/xds/annotations/v3/security.upb_minitable.c +59 -0
  548. data/src/core/ext/upb-gen/xds/annotations/v3/security.upb_minitable.h +31 -0
  549. data/src/core/ext/upb-gen/xds/annotations/v3/sensitive.upb.h +55 -0
  550. data/src/core/ext/upb-gen/xds/annotations/v3/sensitive.upb_minitable.c +37 -0
  551. data/src/core/ext/upb-gen/xds/annotations/v3/sensitive.upb_minitable.h +30 -0
  552. data/src/core/ext/upb-gen/xds/annotations/v3/status.upb.h +336 -0
  553. data/src/core/ext/upb-gen/xds/annotations/v3/status.upb_minitable.c +117 -0
  554. data/src/core/ext/upb-gen/xds/annotations/v3/status.upb_minitable.h +36 -0
  555. data/src/core/ext/upb-gen/xds/annotations/v3/versioning.upb.h +109 -0
  556. data/src/core/ext/upb-gen/xds/annotations/v3/versioning.upb_minitable.c +55 -0
  557. data/src/core/ext/upb-gen/xds/annotations/v3/versioning.upb_minitable.h +31 -0
  558. data/src/core/ext/upb-gen/xds/core/v3/authority.upb.h +87 -0
  559. data/src/core/ext/upb-gen/xds/core/v3/authority.upb_minitable.c +45 -0
  560. data/src/core/ext/upb-gen/xds/core/v3/authority.upb_minitable.h +30 -0
  561. data/src/core/ext/upb-gen/xds/core/v3/cidr.upb.h +116 -0
  562. data/src/core/ext/upb-gen/xds/core/v3/cidr.upb_minitable.c +53 -0
  563. data/src/core/ext/upb-gen/xds/core/v3/cidr.upb_minitable.h +30 -0
  564. data/src/core/ext/upb-gen/xds/core/v3/collection_entry.upb.h +234 -0
  565. data/src/core/ext/upb-gen/xds/core/v3/collection_entry.upb_minitable.c +78 -0
  566. data/src/core/ext/upb-gen/xds/core/v3/collection_entry.upb_minitable.h +31 -0
  567. data/src/core/ext/upb-gen/xds/core/v3/context_params.upb.h +134 -0
  568. data/src/core/ext/upb-gen/xds/core/v3/context_params.upb_minitable.c +62 -0
  569. data/src/core/ext/upb-gen/xds/core/v3/context_params.upb_minitable.h +31 -0
  570. data/src/core/ext/upb-gen/xds/core/v3/extension.upb.h +115 -0
  571. data/src/core/ext/upb-gen/xds/core/v3/extension.upb_minitable.c +52 -0
  572. data/src/core/ext/upb-gen/xds/core/v3/extension.upb_minitable.h +30 -0
  573. data/src/core/ext/upb-gen/xds/core/v3/resource.upb.h +144 -0
  574. data/src/core/ext/upb-gen/xds/core/v3/resource.upb_minitable.c +55 -0
  575. data/src/core/ext/upb-gen/xds/core/v3/resource.upb_minitable.h +30 -0
  576. data/src/core/ext/upb-gen/xds/core/v3/resource_locator.upb.h +331 -0
  577. data/src/core/ext/upb-gen/xds/core/v3/resource_locator.upb_minitable.c +84 -0
  578. data/src/core/ext/upb-gen/xds/core/v3/resource_locator.upb_minitable.h +31 -0
  579. data/src/core/ext/upb-gen/xds/core/v3/resource_name.upb.h +146 -0
  580. data/src/core/ext/upb-gen/xds/core/v3/resource_name.upb_minitable.c +59 -0
  581. data/src/core/ext/upb-gen/xds/core/v3/resource_name.upb_minitable.h +30 -0
  582. data/src/core/ext/upb-gen/xds/data/orca/v3/orca_load_report.upb.h +350 -0
  583. data/src/core/ext/upb-gen/xds/data/orca/v3/orca_load_report.upb_minitable.c +126 -0
  584. data/src/core/ext/upb-gen/xds/data/orca/v3/orca_load_report.upb_minitable.h +33 -0
  585. data/src/core/ext/upb-gen/xds/service/orca/v3/orca.upb.h +161 -0
  586. data/src/core/ext/upb-gen/xds/service/orca/v3/orca.upb_minitable.c +52 -0
  587. data/src/core/ext/upb-gen/xds/service/orca/v3/orca.upb_minitable.h +30 -0
  588. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +116 -0
  589. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +53 -0
  590. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.h +30 -0
  591. data/src/core/ext/upb-gen/xds/type/matcher/v3/domain.upb.h +263 -0
  592. data/src/core/ext/upb-gen/xds/type/matcher/v3/domain.upb_minitable.c +72 -0
  593. data/src/core/ext/upb-gen/xds/type/matcher/v3/domain.upb_minitable.h +31 -0
  594. data/src/core/ext/upb-gen/xds/type/matcher/v3/http_inputs.upb.h +71 -0
  595. data/src/core/ext/upb-gen/xds/type/matcher/v3/http_inputs.upb_minitable.c +36 -0
  596. data/src/core/ext/upb-gen/xds/type/matcher/v3/http_inputs.upb_minitable.h +30 -0
  597. data/src/core/ext/upb-gen/xds/type/matcher/v3/ip.upb.h +282 -0
  598. data/src/core/ext/upb-gen/xds/type/matcher/v3/ip.upb_minitable.c +75 -0
  599. data/src/core/ext/upb-gen/xds/type/matcher/v3/ip.upb_minitable.h +31 -0
  600. data/src/core/ext/upb-gen/xds/type/matcher/v3/matcher.upb.h +1107 -0
  601. data/src/core/ext/upb-gen/xds/type/matcher/v3/matcher.upb_minitable.c +265 -0
  602. data/src/core/ext/upb-gen/xds/type/matcher/v3/matcher.upb_minitable.h +39 -0
  603. data/src/core/ext/upb-gen/xds/type/matcher/v3/range.upb.h +726 -0
  604. data/src/core/ext/upb-gen/xds/type/matcher/v3/range.upb_minitable.c +157 -0
  605. data/src/core/ext/upb-gen/xds/type/matcher/v3/range.upb_minitable.h +35 -0
  606. data/src/core/ext/upb-gen/xds/type/matcher/v3/regex.upb.h +159 -0
  607. data/src/core/ext/upb-gen/xds/type/matcher/v3/regex.upb_minitable.c +58 -0
  608. data/src/core/ext/upb-gen/xds/type/matcher/v3/regex.upb_minitable.h +31 -0
  609. data/src/core/ext/upb-gen/xds/type/matcher/v3/string.upb.h +304 -0
  610. data/src/core/ext/upb-gen/xds/type/matcher/v3/string.upb_minitable.c +79 -0
  611. data/src/core/ext/upb-gen/xds/type/matcher/v3/string.upb_minitable.h +31 -0
  612. data/src/core/ext/upb-gen/xds/type/v3/cel.upb.h +233 -0
  613. data/src/core/ext/upb-gen/xds/type/v3/cel.upb_minitable.c +79 -0
  614. data/src/core/ext/upb-gen/xds/type/v3/cel.upb_minitable.h +31 -0
  615. data/src/core/ext/upb-gen/xds/type/v3/range.upb.h +235 -0
  616. data/src/core/ext/upb-gen/xds/type/v3/range.upb_minitable.c +82 -0
  617. data/src/core/ext/upb-gen/xds/type/v3/range.upb_minitable.h +32 -0
  618. data/src/core/ext/upb-gen/xds/type/v3/typed_struct.upb.h +114 -0
  619. data/src/core/ext/upb-gen/xds/type/v3/typed_struct.upb_minitable.c +51 -0
  620. data/src/core/ext/upb-gen/xds/type/v3/typed_struct.upb_minitable.h +30 -0
  621. data/src/core/ext/upbdefs-gen/envoy/admin/v3/certs.upbdefs.c +83 -0
  622. data/src/core/ext/upbdefs-gen/envoy/admin/v3/certs.upbdefs.h +55 -0
  623. data/src/core/ext/upbdefs-gen/envoy/admin/v3/clusters.upbdefs.c +127 -0
  624. data/src/core/ext/upbdefs-gen/envoy/admin/v3/clusters.upbdefs.h +50 -0
  625. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump.upbdefs.c +101 -0
  626. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump.upbdefs.h +55 -0
  627. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.c +276 -0
  628. data/src/core/ext/upbdefs-gen/envoy/admin/v3/config_dump_shared.upbdefs.h +125 -0
  629. data/src/core/ext/upbdefs-gen/envoy/admin/v3/init_dump.upbdefs.c +42 -0
  630. data/src/core/ext/upbdefs-gen/envoy/admin/v3/init_dump.upbdefs.h +40 -0
  631. data/src/core/ext/upbdefs-gen/envoy/admin/v3/listeners.upbdefs.c +55 -0
  632. data/src/core/ext/upbdefs-gen/envoy/admin/v3/listeners.upbdefs.h +40 -0
  633. data/src/core/ext/upbdefs-gen/envoy/admin/v3/memory.upbdefs.c +48 -0
  634. data/src/core/ext/upbdefs-gen/envoy/admin/v3/memory.upbdefs.h +35 -0
  635. data/src/core/ext/upbdefs-gen/envoy/admin/v3/metrics.upbdefs.c +45 -0
  636. data/src/core/ext/upbdefs-gen/envoy/admin/v3/metrics.upbdefs.h +35 -0
  637. data/src/core/ext/upbdefs-gen/envoy/admin/v3/mutex_stats.upbdefs.c +45 -0
  638. data/src/core/ext/upbdefs-gen/envoy/admin/v3/mutex_stats.upbdefs.h +35 -0
  639. data/src/core/ext/upbdefs-gen/envoy/admin/v3/server_info.upbdefs.c +141 -0
  640. data/src/core/ext/upbdefs-gen/envoy/admin/v3/server_info.upbdefs.h +40 -0
  641. data/src/core/ext/upbdefs-gen/envoy/admin/v3/tap.upbdefs.c +50 -0
  642. data/src/core/ext/upbdefs-gen/envoy/admin/v3/tap.upbdefs.h +35 -0
  643. data/src/core/ext/upbdefs-gen/envoy/annotations/deprecation.upbdefs.c +47 -0
  644. data/src/core/ext/upbdefs-gen/envoy/annotations/deprecation.upbdefs.h +30 -0
  645. data/src/core/ext/upbdefs-gen/envoy/annotations/resource.upbdefs.c +37 -0
  646. data/src/core/ext/upbdefs-gen/envoy/annotations/resource.upbdefs.h +35 -0
  647. data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +233 -0
  648. data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.h +110 -0
  649. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +444 -0
  650. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +140 -0
  651. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +97 -0
  652. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +45 -0
  653. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +574 -0
  654. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.h +150 -0
  655. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +57 -0
  656. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.h +35 -0
  657. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +142 -0
  658. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.h +35 -0
  659. data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +201 -0
  660. data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.h +105 -0
  661. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +139 -0
  662. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.h +70 -0
  663. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/backoff.upbdefs.c +53 -0
  664. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/backoff.upbdefs.h +35 -0
  665. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +274 -0
  666. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.h +150 -0
  667. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/config_source.upbdefs.c +167 -0
  668. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/config_source.upbdefs.h +65 -0
  669. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/event_service_config.upbdefs.c +52 -0
  670. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/event_service_config.upbdefs.h +35 -0
  671. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/extension.upbdefs.c +46 -0
  672. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/extension.upbdefs.h +35 -0
  673. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/grpc_method_list.upbdefs.c +52 -0
  674. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/grpc_method_list.upbdefs.h +40 -0
  675. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/grpc_service.upbdefs.c +236 -0
  676. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/grpc_service.upbdefs.h +100 -0
  677. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/health_check.upbdefs.c +244 -0
  678. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/health_check.upbdefs.h +75 -0
  679. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
  680. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
  681. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +53 -0
  682. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.h +35 -0
  683. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +314 -0
  684. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.h +110 -0
  685. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/proxy_protocol.upbdefs.c +56 -0
  686. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/proxy_protocol.upbdefs.h +40 -0
  687. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/resolver.upbdefs.c +54 -0
  688. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/resolver.upbdefs.h +40 -0
  689. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.c +60 -0
  690. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/socket_option.upbdefs.h +40 -0
  691. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +75 -0
  692. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +40 -0
  693. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/udp_socket_config.upbdefs.c +48 -0
  694. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
  695. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +101 -0
  696. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.h +50 -0
  697. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +139 -0
  698. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +65 -0
  699. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/load_report.upbdefs.c +135 -0
  700. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/load_report.upbdefs.h +55 -0
  701. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/api_listener.upbdefs.c +47 -0
  702. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/api_listener.upbdefs.h +35 -0
  703. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener.upbdefs.c +231 -0
  704. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener.upbdefs.h +80 -0
  705. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.c +189 -0
  706. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/listener_components.upbdefs.h +65 -0
  707. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.c +100 -0
  708. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
  709. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/udp_listener_config.upbdefs.c +70 -0
  710. data/src/core/ext/upbdefs-gen/envoy/config/listener/v3/udp_listener_config.upbdefs.h +40 -0
  711. data/src/core/ext/upbdefs-gen/envoy/config/metrics/v3/metrics_service.upbdefs.c +75 -0
  712. data/src/core/ext/upbdefs-gen/envoy/config/metrics/v3/metrics_service.upbdefs.h +35 -0
  713. data/src/core/ext/upbdefs-gen/envoy/config/metrics/v3/stats.upbdefs.c +124 -0
  714. data/src/core/ext/upbdefs-gen/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
  715. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.c +141 -0
  716. data/src/core/ext/upbdefs-gen/envoy/config/overload/v3/overload.upbdefs.h +80 -0
  717. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.c +222 -0
  718. data/src/core/ext/upbdefs-gen/envoy/config/rbac/v3/rbac.upbdefs.h +85 -0
  719. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +125 -0
  720. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.h +45 -0
  721. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +984 -0
  722. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.h +320 -0
  723. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/scoped_route.upbdefs.c +76 -0
  724. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/scoped_route.upbdefs.h +45 -0
  725. data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +205 -0
  726. data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.h +90 -0
  727. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/datadog.upbdefs.c +55 -0
  728. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/datadog.upbdefs.h +35 -0
  729. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +60 -0
  730. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.h +35 -0
  731. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/http_tracer.upbdefs.c +56 -0
  732. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/http_tracer.upbdefs.h +40 -0
  733. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/lightstep.upbdefs.c +71 -0
  734. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/lightstep.upbdefs.h +35 -0
  735. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +104 -0
  736. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.h +35 -0
  737. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +66 -0
  738. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.h +35 -0
  739. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/service.upbdefs.c +51 -0
  740. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/service.upbdefs.h +35 -0
  741. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/skywalking.upbdefs.c +70 -0
  742. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/skywalking.upbdefs.h +40 -0
  743. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.c +60 -0
  744. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/trace.upbdefs.h +30 -0
  745. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/xray.upbdefs.c +74 -0
  746. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/xray.upbdefs.h +40 -0
  747. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/zipkin.upbdefs.c +78 -0
  748. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/zipkin.upbdefs.h +35 -0
  749. data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +404 -0
  750. data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.h +110 -0
  751. data/src/core/ext/upbdefs-gen/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +49 -0
  752. data/src/core/ext/upbdefs-gen/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  753. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +91 -0
  754. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
  755. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +122 -0
  756. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
  757. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +79 -0
  758. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +40 -0
  759. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +108 -0
  760. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.h +40 -0
  761. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +60 -0
  762. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +40 -0
  763. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +605 -0
  764. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +135 -0
  765. data/src/core/ext/upbdefs-gen/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +49 -0
  766. data/src/core/ext/upbdefs-gen/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +35 -0
  767. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +47 -0
  768. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +30 -0
  769. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +216 -0
  770. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +65 -0
  771. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +90 -0
  772. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +45 -0
  773. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +263 -0
  774. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +65 -0
  775. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +57 -0
  776. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +40 -0
  777. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.c +133 -0
  778. data/src/core/ext/upbdefs-gen/envoy/extensions/upstreams/http/v3/http_protocol_options.upbdefs.h +50 -0
  779. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/ads.upbdefs.c +57 -0
  780. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/ads.upbdefs.h +35 -0
  781. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.c +199 -0
  782. data/src/core/ext/upbdefs-gen/envoy/service/discovery/v3/discovery.upbdefs.h +100 -0
  783. data/src/core/ext/upbdefs-gen/envoy/service/load_stats/v3/lrs.upbdefs.c +75 -0
  784. data/src/core/ext/upbdefs-gen/envoy/service/load_stats/v3/lrs.upbdefs.h +40 -0
  785. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +155 -0
  786. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.h +55 -0
  787. data/src/core/ext/upbdefs-gen/envoy/type/http/v3/cookie.upbdefs.c +45 -0
  788. data/src/core/ext/upbdefs-gen/envoy/type/http/v3/cookie.upbdefs.h +35 -0
  789. data/src/core/ext/upbdefs-gen/envoy/type/http/v3/path_transformation.upbdefs.c +55 -0
  790. data/src/core/ext/upbdefs-gen/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
  791. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/filter_state.upbdefs.c +47 -0
  792. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/filter_state.upbdefs.h +35 -0
  793. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/http_inputs.upbdefs.c +54 -0
  794. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/http_inputs.upbdefs.h +55 -0
  795. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/metadata.upbdefs.c +60 -0
  796. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/metadata.upbdefs.h +40 -0
  797. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/node.upbdefs.c +53 -0
  798. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/node.upbdefs.h +35 -0
  799. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/number.upbdefs.c +51 -0
  800. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/number.upbdefs.h +35 -0
  801. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/path.upbdefs.c +50 -0
  802. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/path.upbdefs.h +35 -0
  803. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/regex.upbdefs.c +70 -0
  804. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/regex.upbdefs.h +45 -0
  805. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/status_code_input.upbdefs.c +39 -0
  806. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/status_code_input.upbdefs.h +40 -0
  807. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/string.upbdefs.c +64 -0
  808. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/string.upbdefs.h +40 -0
  809. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/struct.upbdefs.c +57 -0
  810. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
  811. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +81 -0
  812. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +50 -0
  813. data/src/core/ext/upbdefs-gen/envoy/type/metadata/v3/metadata.upbdefs.c +77 -0
  814. data/src/core/ext/upbdefs-gen/envoy/type/metadata/v3/metadata.upbdefs.h +65 -0
  815. data/src/core/ext/upbdefs-gen/envoy/type/tracing/v3/custom_tag.upbdefs.c +84 -0
  816. data/src/core/ext/upbdefs-gen/envoy/type/tracing/v3/custom_tag.upbdefs.h +55 -0
  817. data/src/core/ext/upbdefs-gen/envoy/type/v3/hash_policy.upbdefs.c +52 -0
  818. data/src/core/ext/upbdefs-gen/envoy/type/v3/hash_policy.upbdefs.h +45 -0
  819. data/src/core/ext/upbdefs-gen/envoy/type/v3/http.upbdefs.c +35 -0
  820. data/src/core/ext/upbdefs-gen/envoy/type/v3/http.upbdefs.h +30 -0
  821. data/src/core/ext/upbdefs-gen/envoy/type/v3/http_status.upbdefs.c +93 -0
  822. data/src/core/ext/upbdefs-gen/envoy/type/v3/http_status.upbdefs.h +35 -0
  823. data/src/core/ext/upbdefs-gen/envoy/type/v3/percent.upbdefs.c +53 -0
  824. data/src/core/ext/upbdefs-gen/envoy/type/v3/percent.upbdefs.h +40 -0
  825. data/src/core/ext/upbdefs-gen/envoy/type/v3/range.upbdefs.c +47 -0
  826. data/src/core/ext/upbdefs-gen/envoy/type/v3/range.upbdefs.h +45 -0
  827. data/src/core/ext/upbdefs-gen/envoy/type/v3/ratelimit_strategy.upbdefs.c +68 -0
  828. data/src/core/ext/upbdefs-gen/envoy/type/v3/ratelimit_strategy.upbdefs.h +40 -0
  829. data/src/core/ext/upbdefs-gen/envoy/type/v3/ratelimit_unit.upbdefs.c +38 -0
  830. data/src/core/ext/upbdefs-gen/envoy/type/v3/ratelimit_unit.upbdefs.h +30 -0
  831. data/src/core/ext/upbdefs-gen/envoy/type/v3/semantic_version.upbdefs.c +43 -0
  832. data/src/core/ext/upbdefs-gen/envoy/type/v3/semantic_version.upbdefs.h +35 -0
  833. data/src/core/ext/upbdefs-gen/envoy/type/v3/token_bucket.upbdefs.c +56 -0
  834. data/src/core/ext/upbdefs-gen/envoy/type/v3/token_bucket.upbdefs.h +35 -0
  835. data/src/core/ext/upbdefs-gen/google/api/annotations.upbdefs.c +39 -0
  836. data/src/core/ext/upbdefs-gen/google/api/annotations.upbdefs.h +30 -0
  837. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.c +153 -0
  838. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/checked.upbdefs.h +95 -0
  839. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.c +152 -0
  840. data/src/core/ext/upbdefs-gen/google/api/expr/v1alpha1/syntax.upbdefs.h +100 -0
  841. data/src/core/ext/upbdefs-gen/google/api/http.upbdefs.c +51 -0
  842. data/src/core/ext/upbdefs-gen/google/api/http.upbdefs.h +45 -0
  843. data/src/core/ext/upbdefs-gen/google/api/httpbody.upbdefs.c +38 -0
  844. data/src/core/ext/upbdefs-gen/google/api/httpbody.upbdefs.h +35 -0
  845. data/src/core/ext/upbdefs-gen/google/protobuf/any.upbdefs.c +33 -0
  846. data/src/core/ext/upbdefs-gen/google/protobuf/any.upbdefs.h +35 -0
  847. data/src/core/ext/upbdefs-gen/google/protobuf/descriptor.upbdefs.c +488 -0
  848. data/src/core/ext/upbdefs-gen/google/protobuf/descriptor.upbdefs.h +190 -0
  849. data/src/core/ext/upbdefs-gen/google/protobuf/duration.upbdefs.c +34 -0
  850. data/src/core/ext/upbdefs-gen/google/protobuf/duration.upbdefs.h +35 -0
  851. data/src/core/ext/upbdefs-gen/google/protobuf/empty.upbdefs.c +31 -0
  852. data/src/core/ext/upbdefs-gen/google/protobuf/empty.upbdefs.h +35 -0
  853. data/src/core/ext/upbdefs-gen/google/protobuf/struct.upbdefs.c +53 -0
  854. data/src/core/ext/upbdefs-gen/google/protobuf/struct.upbdefs.h +50 -0
  855. data/src/core/ext/upbdefs-gen/google/protobuf/timestamp.upbdefs.c +34 -0
  856. data/src/core/ext/upbdefs-gen/google/protobuf/timestamp.upbdefs.h +35 -0
  857. data/src/core/ext/upbdefs-gen/google/protobuf/wrappers.upbdefs.c +44 -0
  858. data/src/core/ext/upbdefs-gen/google/protobuf/wrappers.upbdefs.h +75 -0
  859. data/src/core/ext/upbdefs-gen/google/rpc/status.upbdefs.c +36 -0
  860. data/src/core/ext/upbdefs-gen/google/rpc/status.upbdefs.h +35 -0
  861. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.c +66 -0
  862. data/src/core/ext/upbdefs-gen/opencensus/proto/trace/v1/trace_config.upbdefs.h +50 -0
  863. data/src/core/ext/upbdefs-gen/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +98 -0
  864. data/src/core/ext/upbdefs-gen/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +75 -0
  865. data/src/core/ext/upbdefs-gen/udpa/annotations/migrate.upbdefs.c +61 -0
  866. data/src/core/ext/upbdefs-gen/udpa/annotations/migrate.upbdefs.h +45 -0
  867. data/src/core/ext/upbdefs-gen/udpa/annotations/security.upbdefs.c +46 -0
  868. data/src/core/ext/upbdefs-gen/udpa/annotations/security.upbdefs.h +35 -0
  869. data/src/core/ext/upbdefs-gen/udpa/annotations/sensitive.upbdefs.c +33 -0
  870. data/src/core/ext/upbdefs-gen/udpa/annotations/sensitive.upbdefs.h +30 -0
  871. data/src/core/ext/upbdefs-gen/udpa/annotations/status.upbdefs.c +45 -0
  872. data/src/core/ext/upbdefs-gen/udpa/annotations/status.upbdefs.h +35 -0
  873. data/src/core/ext/upbdefs-gen/udpa/annotations/versioning.upbdefs.c +38 -0
  874. data/src/core/ext/upbdefs-gen/udpa/annotations/versioning.upbdefs.h +35 -0
  875. data/src/core/ext/upbdefs-gen/validate/validate.upbdefs.c +282 -0
  876. data/src/core/ext/upbdefs-gen/validate/validate.upbdefs.h +145 -0
  877. data/src/core/ext/upbdefs-gen/xds/annotations/v3/migrate.upbdefs.c +62 -0
  878. data/src/core/ext/upbdefs-gen/xds/annotations/v3/migrate.upbdefs.h +45 -0
  879. data/src/core/ext/upbdefs-gen/xds/annotations/v3/security.upbdefs.c +46 -0
  880. data/src/core/ext/upbdefs-gen/xds/annotations/v3/security.upbdefs.h +35 -0
  881. data/src/core/ext/upbdefs-gen/xds/annotations/v3/sensitive.upbdefs.c +34 -0
  882. data/src/core/ext/upbdefs-gen/xds/annotations/v3/sensitive.upbdefs.h +30 -0
  883. data/src/core/ext/upbdefs-gen/xds/annotations/v3/status.upbdefs.c +63 -0
  884. data/src/core/ext/upbdefs-gen/xds/annotations/v3/status.upbdefs.h +50 -0
  885. data/src/core/ext/upbdefs-gen/xds/annotations/v3/versioning.upbdefs.c +39 -0
  886. data/src/core/ext/upbdefs-gen/xds/annotations/v3/versioning.upbdefs.h +35 -0
  887. data/src/core/ext/upbdefs-gen/xds/core/v3/authority.upbdefs.c +37 -0
  888. data/src/core/ext/upbdefs-gen/xds/core/v3/authority.upbdefs.h +35 -0
  889. data/src/core/ext/upbdefs-gen/xds/core/v3/cidr.upbdefs.c +44 -0
  890. data/src/core/ext/upbdefs-gen/xds/core/v3/cidr.upbdefs.h +35 -0
  891. data/src/core/ext/upbdefs-gen/xds/core/v3/collection_entry.upbdefs.c +55 -0
  892. data/src/core/ext/upbdefs-gen/xds/core/v3/collection_entry.upbdefs.h +40 -0
  893. data/src/core/ext/upbdefs-gen/xds/core/v3/context_params.upbdefs.c +38 -0
  894. data/src/core/ext/upbdefs-gen/xds/core/v3/context_params.upbdefs.h +40 -0
  895. data/src/core/ext/upbdefs-gen/xds/core/v3/extension.upbdefs.c +40 -0
  896. data/src/core/ext/upbdefs-gen/xds/core/v3/extension.upbdefs.h +35 -0
  897. data/src/core/ext/upbdefs-gen/xds/core/v3/resource.upbdefs.c +44 -0
  898. data/src/core/ext/upbdefs-gen/xds/core/v3/resource.upbdefs.h +35 -0
  899. data/src/core/ext/upbdefs-gen/xds/core/v3/resource_locator.upbdefs.c +60 -0
  900. data/src/core/ext/upbdefs-gen/xds/core/v3/resource_locator.upbdefs.h +40 -0
  901. data/src/core/ext/upbdefs-gen/xds/core/v3/resource_name.upbdefs.c +45 -0
  902. data/src/core/ext/upbdefs-gen/xds/core/v3/resource_name.upbdefs.h +35 -0
  903. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +44 -0
  904. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.h +35 -0
  905. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/domain.upbdefs.c +50 -0
  906. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/domain.upbdefs.h +40 -0
  907. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/http_inputs.upbdefs.c +35 -0
  908. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/http_inputs.upbdefs.h +35 -0
  909. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/ip.upbdefs.c +54 -0
  910. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/ip.upbdefs.h +40 -0
  911. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/matcher.upbdefs.c +125 -0
  912. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/matcher.upbdefs.h +80 -0
  913. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/range.upbdefs.c +70 -0
  914. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/range.upbdefs.h +60 -0
  915. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/regex.upbdefs.c +39 -0
  916. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/regex.upbdefs.h +40 -0
  917. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/string.upbdefs.c +51 -0
  918. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/string.upbdefs.h +40 -0
  919. data/src/core/ext/upbdefs-gen/xds/type/v3/cel.upbdefs.c +59 -0
  920. data/src/core/ext/upbdefs-gen/xds/type/v3/cel.upbdefs.h +40 -0
  921. data/src/core/ext/upbdefs-gen/xds/type/v3/range.upbdefs.c +35 -0
  922. data/src/core/ext/upbdefs-gen/xds/type/v3/range.upbdefs.h +45 -0
  923. data/src/core/ext/upbdefs-gen/xds/type/v3/typed_struct.upbdefs.c +36 -0
  924. data/src/core/ext/upbdefs-gen/xds/type/v3/typed_struct.upbdefs.h +35 -0
  925. data/src/core/ext/xds/certificate_provider_store.cc +2 -1
  926. data/src/core/ext/xds/certificate_provider_store.h +0 -5
  927. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +0 -1
  928. data/src/core/ext/xds/xds_api.cc +92 -167
  929. data/src/core/ext/xds/xds_api.h +4 -9
  930. data/src/core/ext/xds/xds_bootstrap.h +6 -4
  931. data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -16
  932. data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
  933. data/src/core/ext/xds/xds_certificate_provider.cc +88 -287
  934. data/src/core/ext/xds/xds_certificate_provider.h +44 -111
  935. data/src/core/ext/xds/xds_channel_stack_modifier.cc +17 -28
  936. data/src/core/ext/xds/xds_channel_stack_modifier.h +3 -5
  937. data/src/core/ext/xds/xds_client.cc +527 -468
  938. data/src/core/ext/xds/xds_client.h +50 -36
  939. data/src/core/ext/xds/xds_client_grpc.cc +56 -16
  940. data/src/core/ext/xds/xds_client_grpc.h +4 -1
  941. data/src/core/ext/xds/xds_client_stats.cc +11 -11
  942. data/src/core/ext/xds/xds_client_stats.h +8 -14
  943. data/src/core/ext/xds/xds_cluster.cc +105 -12
  944. data/src/core/ext/xds/xds_cluster.h +12 -2
  945. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +9 -5
  946. data/src/core/ext/xds/xds_common_types.cc +14 -11
  947. data/src/core/ext/xds/xds_endpoint.cc +95 -49
  948. data/src/core/ext/xds/xds_endpoint.h +7 -3
  949. data/src/core/ext/xds/xds_health_status.cc +14 -2
  950. data/src/core/ext/xds/xds_health_status.h +5 -3
  951. data/src/core/ext/xds/xds_http_filters.cc +0 -1
  952. data/src/core/ext/xds/xds_http_rbac_filter.cc +5 -3
  953. data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
  954. data/src/core/ext/xds/xds_listener.cc +15 -11
  955. data/src/core/ext/xds/xds_resource_type_impl.h +6 -4
  956. data/src/core/ext/xds/xds_route_config.cc +35 -24
  957. data/src/core/ext/xds/xds_route_config.h +1 -0
  958. data/src/core/ext/xds/xds_server_config_fetcher.cc +63 -59
  959. data/src/core/ext/xds/xds_transport.h +3 -0
  960. data/src/core/ext/xds/xds_transport_grpc.cc +53 -55
  961. data/src/core/ext/xds/xds_transport_grpc.h +4 -0
  962. data/src/core/lib/address_utils/sockaddr_utils.cc +0 -1
  963. data/src/core/lib/avl/avl.h +1 -0
  964. data/src/core/lib/channel/call_tracer.cc +20 -1
  965. data/src/core/lib/channel/call_tracer.h +24 -3
  966. data/src/core/lib/channel/channel_args.cc +24 -15
  967. data/src/core/lib/channel/channel_args.h +89 -14
  968. data/src/core/lib/channel/channel_args_preconditioning.cc +0 -1
  969. data/src/core/lib/channel/channel_stack.cc +36 -1
  970. data/src/core/lib/channel/channel_stack.h +10 -10
  971. data/src/core/lib/channel/channel_stack_builder.h +4 -15
  972. data/src/core/lib/channel/channel_stack_builder_impl.cc +1 -19
  973. data/src/core/lib/channel/channel_stack_trace.cc +19 -0
  974. data/src/core/lib/channel/channel_stack_trace.h +24 -0
  975. data/src/core/lib/channel/channel_trace.cc +1 -1
  976. data/src/core/lib/channel/connected_channel.cc +151 -91
  977. data/src/core/lib/channel/context.h +3 -0
  978. data/src/core/lib/channel/promise_based_filter.cc +10 -6
  979. data/src/core/lib/channel/promise_based_filter.h +1040 -2
  980. data/src/core/lib/channel/server_call_tracer_filter.cc +43 -42
  981. data/src/core/lib/channel/status_util.cc +0 -1
  982. data/src/core/lib/channel/tcp_tracer.h +140 -0
  983. data/src/core/lib/compression/compression_internal.cc +2 -3
  984. data/src/core/lib/config/config_vars.cc +0 -1
  985. data/src/core/lib/config/config_vars_non_generated.cc +0 -2
  986. data/src/core/lib/config/core_configuration.cc +0 -1
  987. data/src/core/lib/config/core_configuration.h +3 -3
  988. data/src/core/lib/event_engine/ares_resolver.cc +163 -90
  989. data/src/core/lib/event_engine/ares_resolver.h +13 -12
  990. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +4 -0
  991. data/src/core/lib/event_engine/cf_engine/dns_service_resolver.cc +9 -1
  992. data/src/core/lib/event_engine/channel_args_endpoint_config.cc +2 -0
  993. data/src/core/lib/event_engine/event_engine.cc +0 -2
  994. data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
  995. data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
  996. data/src/core/lib/event_engine/forkable.cc +40 -57
  997. data/src/core/lib/event_engine/forkable.h +33 -27
  998. data/src/core/lib/event_engine/grpc_polled_fd.h +23 -4
  999. data/src/core/lib/event_engine/posix.h +11 -122
  1000. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +6 -8
  1001. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +2 -3
  1002. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +11 -16
  1003. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +4 -11
  1004. data/src/core/lib/event_engine/posix_engine/event_poller.h +3 -1
  1005. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +23 -4
  1006. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.h +3 -1
  1007. data/src/core/lib/event_engine/posix_engine/grpc_polled_fd_posix.h +12 -4
  1008. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +0 -2
  1009. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.cc +132 -0
  1010. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +57 -0
  1011. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +32 -9
  1012. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -1
  1013. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +89 -51
  1014. data/src/core/lib/event_engine/posix_engine/posix_engine.h +25 -27
  1015. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
  1016. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +21 -3
  1017. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +9 -4
  1018. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +7 -0
  1019. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +17 -27
  1020. data/src/core/lib/event_engine/posix_engine/timer_manager.h +0 -3
  1021. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +0 -1
  1022. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +0 -1
  1023. data/src/core/lib/event_engine/query_extensions.h +85 -0
  1024. data/src/core/lib/event_engine/ref_counted_dns_resolver_interface.h +55 -0
  1025. data/src/core/lib/event_engine/shim.cc +5 -17
  1026. data/src/core/lib/event_engine/shim.h +0 -2
  1027. data/src/core/lib/event_engine/slice_buffer.cc +0 -1
  1028. data/src/core/lib/event_engine/tcp_socket_utils.cc +0 -1
  1029. data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
  1030. data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
  1031. data/src/core/lib/event_engine/thread_pool/thread_pool_factory.cc +20 -6
  1032. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +116 -8
  1033. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
  1034. data/src/core/lib/event_engine/utils.cc +2 -1
  1035. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +824 -0
  1036. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.h +75 -0
  1037. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +115 -0
  1038. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.h +51 -0
  1039. data/src/core/lib/event_engine/windows/win_socket.cc +20 -13
  1040. data/src/core/lib/event_engine/windows/win_socket.h +19 -7
  1041. data/src/core/lib/event_engine/windows/windows_endpoint.cc +32 -33
  1042. data/src/core/lib/event_engine/windows/windows_endpoint.h +1 -1
  1043. data/src/core/lib/event_engine/windows/windows_engine.cc +83 -38
  1044. data/src/core/lib/event_engine/windows/windows_engine.h +16 -2
  1045. data/src/core/lib/event_engine/windows/windows_listener.cc +2 -3
  1046. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +2 -0
  1047. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +4 -1
  1048. data/src/core/lib/event_engine/work_queue/work_queue.h +4 -0
  1049. data/src/core/lib/experiments/config.cc +23 -2
  1050. data/src/core/lib/experiments/config.h +9 -0
  1051. data/src/core/lib/experiments/experiments.cc +642 -553
  1052. data/src/core/lib/experiments/experiments.h +261 -270
  1053. data/src/core/lib/gpr/alloc.cc +1 -0
  1054. data/src/core/lib/gpr/posix/sync.cc +2 -2
  1055. data/src/core/lib/gpr/posix/time.cc +0 -5
  1056. data/src/core/lib/gpr/windows/sync.cc +2 -2
  1057. data/src/core/lib/gprpp/debug_location.h +15 -0
  1058. data/src/core/lib/gprpp/directory_reader.h +48 -0
  1059. data/src/core/lib/gprpp/down_cast.h +49 -0
  1060. data/src/core/lib/gprpp/dual_ref_counted.h +36 -7
  1061. data/src/core/lib/gprpp/host_port.cc +0 -2
  1062. data/src/core/lib/gprpp/linux/env.cc +1 -19
  1063. data/src/core/lib/gprpp/load_file.cc +2 -1
  1064. data/src/core/lib/gprpp/load_file.h +2 -1
  1065. data/src/core/lib/gprpp/match.h +1 -1
  1066. data/src/core/lib/gprpp/orphanable.h +27 -0
  1067. data/src/core/lib/gprpp/posix/directory_reader.cc +82 -0
  1068. data/src/core/lib/gprpp/posix/stat.cc +0 -1
  1069. data/src/core/lib/gprpp/posix/thd.cc +27 -2
  1070. data/src/core/lib/gprpp/ref_counted.h +63 -22
  1071. data/src/core/lib/gprpp/ref_counted_ptr.h +70 -27
  1072. data/src/core/lib/gprpp/ref_counted_string.h +15 -0
  1073. data/src/core/lib/gprpp/status_helper.cc +1 -3
  1074. data/src/core/lib/gprpp/strerror.cc +0 -2
  1075. data/src/core/lib/gprpp/thd.h +8 -0
  1076. data/src/core/lib/gprpp/time.cc +0 -1
  1077. data/src/core/lib/gprpp/time.h +4 -3
  1078. data/src/core/lib/gprpp/validation_errors.cc +0 -1
  1079. data/src/core/lib/gprpp/windows/directory_reader.cc +81 -0
  1080. data/src/core/lib/gprpp/windows/thd.cc +10 -1
  1081. data/src/core/lib/gprpp/work_serializer.cc +3 -0
  1082. data/src/core/lib/gprpp/xxhash_inline.h +29 -0
  1083. data/src/core/lib/http/format_request.cc +0 -1
  1084. data/src/core/lib/http/httpcli.cc +0 -2
  1085. data/src/core/lib/iomgr/combiner.cc +16 -52
  1086. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +53 -14
  1087. data/src/core/lib/iomgr/event_engine_shims/endpoint.h +16 -0
  1088. data/src/core/lib/iomgr/event_engine_shims/tcp_client.cc +3 -2
  1089. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  1090. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  1091. data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
  1092. data/src/core/lib/iomgr/tcp_client_posix.cc +4 -3
  1093. data/src/core/lib/iomgr/tcp_posix.cc +7 -1
  1094. data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
  1095. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
  1096. data/src/core/lib/iomgr/timer_manager.cc +7 -1
  1097. data/src/core/lib/iomgr/timer_manager.h +2 -0
  1098. data/src/core/lib/json/json_object_loader.h +0 -1
  1099. data/src/core/lib/json/json_reader.cc +0 -1
  1100. data/src/core/lib/json/json_writer.cc +1 -1
  1101. data/src/core/lib/matchers/matchers.cc +0 -1
  1102. data/src/core/lib/promise/activity.cc +17 -3
  1103. data/src/core/lib/promise/activity.h +13 -6
  1104. data/src/core/lib/promise/all_ok.h +80 -0
  1105. data/src/core/lib/promise/cancel_callback.h +0 -2
  1106. data/src/core/lib/promise/context.h +45 -8
  1107. data/src/core/lib/promise/detail/join_state.h +2077 -0
  1108. data/src/core/lib/promise/detail/promise_like.h +8 -1
  1109. data/src/core/lib/promise/detail/seq_state.h +3458 -151
  1110. data/src/core/lib/promise/detail/status.h +42 -5
  1111. data/src/core/lib/promise/for_each.h +13 -6
  1112. data/src/core/lib/promise/if.h +4 -1
  1113. data/src/core/lib/promise/interceptor_list.h +13 -6
  1114. data/src/core/lib/promise/latch.h +9 -8
  1115. data/src/core/lib/promise/loop.h +1 -1
  1116. data/src/core/lib/promise/map.h +0 -1
  1117. data/src/core/lib/promise/party.cc +45 -33
  1118. data/src/core/lib/promise/party.h +176 -10
  1119. data/src/core/lib/promise/pipe.h +6 -10
  1120. data/src/core/lib/promise/poll.h +39 -13
  1121. data/src/core/lib/promise/prioritized_race.h +0 -1
  1122. data/src/core/lib/promise/promise.h +4 -1
  1123. data/src/core/lib/promise/race.h +0 -1
  1124. data/src/core/lib/promise/seq.h +107 -8
  1125. data/src/core/lib/promise/sleep.cc +1 -1
  1126. data/src/core/lib/promise/status_flag.h +226 -0
  1127. data/src/core/lib/promise/try_join.h +132 -0
  1128. data/src/core/lib/promise/try_seq.h +132 -10
  1129. data/src/core/lib/resource_quota/arena.h +2 -2
  1130. data/src/core/lib/resource_quota/memory_quota.cc +74 -22
  1131. data/src/core/lib/resource_quota/memory_quota.h +8 -11
  1132. data/src/core/lib/security/authorization/audit_logging.cc +0 -1
  1133. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +15 -12
  1134. data/src/core/lib/security/authorization/grpc_server_authz_filter.h +14 -5
  1135. data/src/core/lib/security/authorization/matchers.cc +0 -1
  1136. data/src/core/lib/security/authorization/rbac_policy.cc +0 -2
  1137. data/src/core/lib/security/authorization/stdout_logger.cc +0 -1
  1138. data/src/core/lib/security/credentials/alts/alts_credentials.cc +0 -2
  1139. data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
  1140. data/src/core/lib/security/credentials/composite/composite_credentials.h +1 -1
  1141. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +4 -1
  1142. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +4 -0
  1143. data/src/core/lib/security/credentials/external/aws_request_signer.cc +0 -2
  1144. data/src/core/lib/security/credentials/external/external_account_credentials.cc +28 -22
  1145. data/src/core/lib/security/credentials/external/external_account_credentials.h +4 -0
  1146. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +9 -11
  1147. data/src/core/lib/security/credentials/external/file_external_account_credentials.h +4 -0
  1148. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +5 -3
  1149. data/src/core/lib/security/credentials/external/url_external_account_credentials.h +4 -0
  1150. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -11
  1151. data/src/core/lib/security/credentials/iam/iam_credentials.cc +0 -1
  1152. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +0 -2
  1153. data/src/core/lib/security/credentials/jwt/jwt_credentials.h +0 -1
  1154. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -2
  1155. data/src/core/lib/security/credentials/local/local_credentials.cc +0 -2
  1156. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
  1157. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +0 -1
  1158. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +2 -2
  1159. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
  1160. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +0 -1
  1161. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +0 -2
  1162. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
  1163. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +0 -3
  1164. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.cc +33 -0
  1165. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +23 -0
  1166. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.cc +255 -0
  1167. data/src/core/lib/security/credentials/tls/grpc_tls_crl_provider.h +129 -0
  1168. data/src/core/lib/security/credentials/tls/tls_credentials.cc +25 -1
  1169. data/src/core/lib/security/credentials/tls/tls_utils.cc +2 -0
  1170. data/src/core/lib/security/credentials/xds/xds_credentials.cc +22 -30
  1171. data/src/core/lib/security/credentials/xds/xds_credentials.h +2 -4
  1172. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -2
  1173. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
  1174. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  1175. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +0 -2
  1176. data/src/core/lib/security/security_connector/ssl_utils.cc +34 -19
  1177. data/src/core/lib/security/security_connector/ssl_utils.h +4 -0
  1178. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +7 -6
  1179. data/src/core/lib/security/security_connector/tls/tls_security_connector.h +2 -2
  1180. data/src/core/lib/security/transport/auth_filters.h +71 -4
  1181. data/src/core/lib/security/transport/client_auth_filter.cc +2 -5
  1182. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +244 -0
  1183. data/src/core/lib/security/transport/secure_endpoint.cc +3 -6
  1184. data/src/core/lib/security/transport/security_handshaker.cc +1 -11
  1185. data/src/core/lib/security/transport/security_handshaker.h +0 -6
  1186. data/src/core/lib/security/transport/server_auth_filter.cc +70 -94
  1187. data/src/core/lib/slice/slice.h +6 -1
  1188. data/src/core/lib/slice/slice_buffer.h +6 -1
  1189. data/src/core/lib/surface/builtins.cc +6 -25
  1190. data/src/core/lib/surface/call.cc +824 -217
  1191. data/src/core/lib/surface/call.h +26 -13
  1192. data/src/core/lib/surface/call_log_batch.cc +0 -2
  1193. data/src/core/lib/surface/call_trace.cc +46 -6
  1194. data/src/core/lib/surface/channel.cc +18 -29
  1195. data/src/core/lib/surface/channel.h +6 -28
  1196. data/src/core/lib/surface/channel_init.cc +441 -14
  1197. data/src/core/lib/surface/channel_init.h +272 -26
  1198. data/src/core/lib/surface/completion_queue.cc +0 -7
  1199. data/src/core/lib/surface/event_string.cc +0 -1
  1200. data/src/core/lib/surface/init.cc +21 -48
  1201. data/src/core/lib/surface/lame_client.cc +8 -1
  1202. data/src/core/lib/surface/server.cc +438 -265
  1203. data/src/core/lib/surface/server.h +52 -26
  1204. data/src/core/lib/surface/version.cc +2 -2
  1205. data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
  1206. data/src/core/lib/surface/wait_for_cq_end_op.h +72 -0
  1207. data/src/core/lib/transport/batch_builder.cc +6 -7
  1208. data/src/core/lib/transport/batch_builder.h +2 -4
  1209. data/src/core/lib/transport/bdp_estimator.cc +2 -2
  1210. data/src/core/lib/transport/bdp_estimator.h +2 -2
  1211. data/src/core/lib/transport/call_factory.cc +41 -0
  1212. data/src/core/lib/transport/call_factory.h +56 -0
  1213. data/src/core/lib/transport/call_filters.cc +371 -0
  1214. data/src/core/lib/transport/call_filters.h +1500 -0
  1215. data/src/core/lib/transport/call_final_info.cc +38 -0
  1216. data/src/core/lib/transport/call_final_info.h +54 -0
  1217. data/src/core/lib/transport/call_size_estimator.cc +41 -0
  1218. data/src/core/lib/transport/call_size_estimator.h +52 -0
  1219. data/src/core/lib/transport/call_spine.cc +107 -0
  1220. data/src/core/lib/transport/call_spine.h +429 -0
  1221. data/src/core/lib/transport/connectivity_state.cc +3 -4
  1222. data/src/core/lib/transport/connectivity_state.h +4 -0
  1223. data/src/core/lib/transport/error_utils.cc +0 -2
  1224. data/src/core/lib/transport/handshaker.cc +0 -10
  1225. data/src/core/lib/transport/handshaker.h +0 -7
  1226. data/src/core/lib/transport/message.cc +45 -0
  1227. data/src/core/lib/transport/message.h +61 -0
  1228. data/src/core/lib/transport/metadata.cc +37 -0
  1229. data/src/core/lib/transport/metadata.h +78 -0
  1230. data/src/core/lib/transport/metadata_batch.cc +4 -3
  1231. data/src/core/lib/transport/metadata_batch.h +9 -4
  1232. data/src/core/lib/transport/tcp_connect_handshaker.cc +0 -1
  1233. data/src/core/lib/transport/timeout_encoding.h +2 -2
  1234. data/src/core/lib/transport/transport.cc +13 -105
  1235. data/src/core/lib/transport/transport.h +105 -157
  1236. data/src/core/lib/transport/transport_fwd.h +3 -1
  1237. data/src/core/lib/transport/transport_op_string.cc +0 -2
  1238. data/src/core/lib/uri/uri_parser.cc +0 -1
  1239. data/src/core/load_balancing/address_filtering.cc +108 -0
  1240. data/src/core/load_balancing/address_filtering.h +118 -0
  1241. data/src/core/load_balancing/backend_metric_data.h +57 -0
  1242. data/src/core/load_balancing/child_policy_handler.cc +317 -0
  1243. data/src/core/load_balancing/child_policy_handler.h +88 -0
  1244. data/src/core/load_balancing/delegating_helper.h +116 -0
  1245. data/src/core/load_balancing/endpoint_list.cc +187 -0
  1246. data/src/core/load_balancing/endpoint_list.h +220 -0
  1247. data/src/core/load_balancing/grpclb/client_load_reporting_filter.cc +83 -0
  1248. data/src/core/load_balancing/grpclb/client_load_reporting_filter.h +46 -0
  1249. data/src/core/load_balancing/grpclb/grpclb.cc +1935 -0
  1250. data/src/core/load_balancing/grpclb/grpclb.h +39 -0
  1251. data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.cc +89 -0
  1252. data/src/core/load_balancing/grpclb/grpclb_balancer_addresses.h +39 -0
  1253. data/src/core/load_balancing/grpclb/grpclb_client_stats.cc +90 -0
  1254. data/src/core/load_balancing/grpclb/grpclb_client_stats.h +81 -0
  1255. data/src/core/load_balancing/grpclb/load_balancer_api.cc +202 -0
  1256. data/src/core/load_balancing/grpclb/load_balancer_api.h +77 -0
  1257. data/src/core/load_balancing/health_check_client.cc +520 -0
  1258. data/src/core/load_balancing/health_check_client.h +52 -0
  1259. data/src/core/load_balancing/health_check_client_internal.h +204 -0
  1260. data/src/core/load_balancing/lb_policy.cc +98 -0
  1261. data/src/core/load_balancing/lb_policy.h +481 -0
  1262. data/src/core/load_balancing/lb_policy_factory.h +49 -0
  1263. data/src/core/load_balancing/lb_policy_registry.cc +142 -0
  1264. data/src/core/load_balancing/lb_policy_registry.h +82 -0
  1265. data/src/core/load_balancing/oob_backend_metric.cc +340 -0
  1266. data/src/core/load_balancing/oob_backend_metric.h +57 -0
  1267. data/src/core/load_balancing/oob_backend_metric_internal.h +119 -0
  1268. data/src/core/load_balancing/outlier_detection/outlier_detection.cc +1208 -0
  1269. data/src/core/load_balancing/outlier_detection/outlier_detection.h +94 -0
  1270. data/src/core/load_balancing/pick_first/pick_first.cc +1232 -0
  1271. data/src/core/load_balancing/pick_first/pick_first.h +36 -0
  1272. data/src/core/load_balancing/priority/priority.cc +900 -0
  1273. data/src/core/load_balancing/ring_hash/ring_hash.cc +878 -0
  1274. data/src/core/load_balancing/ring_hash/ring_hash.h +62 -0
  1275. data/src/core/load_balancing/rls/rls.cc +2477 -0
  1276. data/src/core/load_balancing/round_robin/round_robin.cc +916 -0
  1277. data/src/core/load_balancing/subchannel_interface.h +141 -0
  1278. data/src/core/load_balancing/subchannel_list.h +455 -0
  1279. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.cc +198 -0
  1280. data/src/core/load_balancing/weighted_round_robin/static_stride_scheduler.h +71 -0
  1281. data/src/core/load_balancing/weighted_round_robin/weighted_round_robin.cc +1819 -0
  1282. data/src/core/load_balancing/weighted_target/weighted_target.cc +755 -0
  1283. data/src/core/load_balancing/xds/cds.cc +757 -0
  1284. data/src/core/load_balancing/xds/xds_channel_args.h +37 -0
  1285. data/src/core/load_balancing/xds/xds_cluster_impl.cc +863 -0
  1286. data/src/core/load_balancing/xds/xds_cluster_manager.cc +652 -0
  1287. data/src/core/load_balancing/xds/xds_override_host.cc +1313 -0
  1288. data/src/core/load_balancing/xds/xds_override_host.h +63 -0
  1289. data/src/core/load_balancing/xds/xds_wrr_locality.cc +300 -0
  1290. data/src/core/plugin_registry/grpc_plugin_registry.cc +5 -0
  1291. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +0 -3
  1292. data/src/core/resolver/binder/binder_resolver.cc +147 -0
  1293. data/src/core/resolver/dns/c_ares/dns_resolver_ares.cc +758 -0
  1294. data/src/core/resolver/dns/c_ares/dns_resolver_ares.h +30 -0
  1295. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver.h +90 -0
  1296. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +206 -0
  1297. data/src/core/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +818 -0
  1298. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.cc +1219 -0
  1299. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper.h +140 -0
  1300. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +29 -0
  1301. data/src/core/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +35 -0
  1302. data/src/core/resolver/dns/dns_resolver_plugin.cc +68 -0
  1303. data/src/core/resolver/dns/dns_resolver_plugin.h +27 -0
  1304. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +588 -0
  1305. data/src/core/resolver/dns/event_engine/event_engine_client_channel_resolver.h +35 -0
  1306. data/src/core/resolver/dns/event_engine/service_config_helper.cc +97 -0
  1307. data/src/core/resolver/dns/event_engine/service_config_helper.h +32 -0
  1308. data/src/core/resolver/dns/native/dns_resolver.cc +183 -0
  1309. data/src/core/resolver/dns/native/dns_resolver.h +24 -0
  1310. data/src/core/resolver/endpoint_addresses.cc +147 -0
  1311. data/src/core/resolver/endpoint_addresses.h +164 -0
  1312. data/src/core/resolver/fake/fake_resolver.cc +255 -0
  1313. data/src/core/resolver/fake/fake_resolver.h +129 -0
  1314. data/src/core/resolver/google_c2p/google_c2p_resolver.cc +326 -0
  1315. data/src/core/resolver/polling_resolver.cc +272 -0
  1316. data/src/core/resolver/polling_resolver.h +121 -0
  1317. data/src/core/resolver/resolver.cc +37 -0
  1318. data/src/core/resolver/resolver.h +139 -0
  1319. data/src/core/resolver/resolver_factory.h +78 -0
  1320. data/src/core/resolver/resolver_registry.cc +162 -0
  1321. data/src/core/resolver/resolver_registry.h +123 -0
  1322. data/src/core/resolver/server_address.h +35 -0
  1323. data/src/core/resolver/sockaddr/sockaddr_resolver.cc +202 -0
  1324. data/src/core/resolver/xds/xds_dependency_manager.cc +1031 -0
  1325. data/src/core/resolver/xds/xds_dependency_manager.h +277 -0
  1326. data/src/core/resolver/xds/xds_resolver.cc +1135 -0
  1327. data/src/core/resolver/xds/xds_resolver_attributes.h +62 -0
  1328. data/src/core/resolver/xds/xds_resolver_trace.cc +25 -0
  1329. data/src/core/resolver/xds/xds_resolver_trace.h +30 -0
  1330. data/src/core/service_config/service_config.h +89 -0
  1331. data/src/core/service_config/service_config_call_data.h +116 -0
  1332. data/src/core/service_config/service_config_impl.cc +198 -0
  1333. data/src/core/service_config/service_config_impl.h +125 -0
  1334. data/src/core/service_config/service_config_parser.cc +81 -0
  1335. data/src/core/service_config/service_config_parser.h +105 -0
  1336. data/src/core/tsi/alts/crypt/aes_gcm.cc +137 -109
  1337. data/src/core/tsi/alts/crypt/gsec.h +387 -319
  1338. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +11 -7
  1339. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -1
  1340. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -7
  1341. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -1
  1342. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -12
  1343. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.h +26 -25
  1344. data/src/core/tsi/fake_transport_security.cc +1 -1
  1345. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +9 -1
  1346. data/src/core/tsi/ssl_transport_security.cc +182 -60
  1347. data/src/core/tsi/ssl_transport_security.h +19 -1
  1348. data/src/ruby/bin/math_pb.rb +1 -1
  1349. data/src/ruby/ext/grpc/extconf.rb +77 -16
  1350. data/src/ruby/ext/grpc/rb_channel.c +11 -5
  1351. data/src/ruby/ext/grpc/rb_channel_args.c +3 -1
  1352. data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
  1353. data/src/ruby/ext/grpc/rb_grpc.c +0 -1
  1354. data/src/ruby/ext/grpc/rb_grpc.h +0 -2
  1355. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +8 -0
  1356. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +12 -0
  1357. data/src/ruby/lib/grpc/version.rb +1 -1
  1358. data/src/ruby/pb/grpc/health/v1/health_pb.rb +1 -1
  1359. data/src/ruby/pb/src/proto/grpc/testing/empty_pb.rb +1 -1
  1360. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -2
  1361. data/src/ruby/pb/src/proto/grpc/testing/test_pb.rb +2 -2
  1362. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +22 -0
  1363. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
  1364. data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
  1365. data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
  1366. data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
  1367. data/third_party/abseil-cpp/absl/base/casts.h +1 -1
  1368. data/third_party/abseil-cpp/absl/base/config.h +91 -24
  1369. data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
  1370. data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
  1371. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
  1372. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  1373. data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
  1374. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
  1375. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
  1376. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
  1377. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
  1378. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
  1379. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
  1380. data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
  1381. data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
  1382. data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
  1383. data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
  1384. data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
  1385. data/third_party/abseil-cpp/absl/base/options.h +27 -1
  1386. data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
  1387. data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
  1388. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
  1389. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
  1390. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
  1391. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
  1392. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
  1393. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
  1394. data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
  1395. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
  1396. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
  1397. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
  1398. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
  1399. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
  1400. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
  1401. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
  1402. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
  1403. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_x86_arm_combined.cc +450 -0
  1404. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
  1405. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
  1406. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
  1407. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
  1408. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
  1409. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
  1410. data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
  1411. data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
  1412. data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
  1413. data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
  1414. data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
  1415. data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
  1416. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
  1417. data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
  1418. data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
  1419. data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
  1420. data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
  1421. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
  1422. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
  1423. data/third_party/abseil-cpp/absl/status/status.cc +36 -238
  1424. data/third_party/abseil-cpp/absl/status/status.h +95 -53
  1425. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
  1426. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
  1427. data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
  1428. data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
  1429. data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
  1430. data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
  1431. data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
  1432. data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
  1433. data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
  1434. data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
  1435. data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
  1436. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
  1437. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
  1438. data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
  1439. data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
  1440. data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
  1441. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
  1442. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
  1443. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
  1444. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
  1445. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
  1446. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
  1447. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
  1448. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
  1449. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
  1450. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
  1451. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
  1452. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
  1453. data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
  1454. data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
  1455. data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
  1456. data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
  1457. data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
  1458. data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
  1459. data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
  1460. data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
  1461. data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
  1462. data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
  1463. data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
  1464. data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
  1465. data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
  1466. data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
  1467. data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
  1468. data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
  1469. data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
  1470. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
  1471. data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
  1472. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
  1473. data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
  1474. data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
  1475. data/third_party/abseil-cpp/absl/time/clock.h +5 -1
  1476. data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
  1477. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
  1478. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  1479. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
  1480. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
  1481. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
  1482. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
  1483. data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
  1484. data/third_party/abseil-cpp/absl/types/optional.h +3 -2
  1485. data/third_party/abseil-cpp/absl/types/span.h +9 -4
  1486. data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
  1487. data/third_party/boringssl-with-bazel/err_data.c +278 -276
  1488. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  1489. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
  1490. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
  1491. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  1492. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
  1493. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  1494. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
  1495. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
  1496. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
  1497. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
  1498. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
  1499. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
  1500. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
  1501. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
  1502. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
  1503. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
  1504. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
  1505. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
  1506. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
  1507. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
  1508. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
  1509. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
  1510. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
  1511. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
  1512. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
  1513. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
  1514. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
  1515. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
  1516. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  1517. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
  1518. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
  1519. data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
  1520. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
  1521. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
  1522. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
  1523. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
  1524. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
  1525. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
  1526. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
  1527. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
  1528. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
  1529. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
  1530. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
  1531. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
  1532. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
  1533. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
  1534. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
  1535. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
  1536. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
  1537. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
  1538. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
  1539. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
  1540. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
  1541. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
  1542. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
  1543. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
  1544. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
  1545. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
  1546. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
  1547. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
  1548. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
  1549. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
  1550. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
  1551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
  1552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
  1553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
  1554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
  1555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
  1556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
  1557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
  1558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
  1559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
  1560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
  1561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
  1562. data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
  1563. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
  1564. data/third_party/boringssl-with-bazel/src/crypto/keccak/keccak.c +279 -0
  1565. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
  1566. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
  1567. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
  1568. data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
  1569. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
  1570. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
  1571. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
  1572. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
  1573. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
  1574. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
  1575. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
  1576. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
  1577. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
  1578. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
  1579. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
  1580. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
  1581. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
  1582. data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
  1583. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
  1584. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
  1585. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
  1586. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
  1587. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
  1588. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
  1589. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
  1590. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
  1591. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
  1592. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
  1593. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
  1594. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
  1595. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
  1596. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
  1597. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
  1598. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
  1599. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
  1600. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
  1601. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
  1602. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
  1603. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
  1604. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
  1605. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
  1606. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
  1607. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akey.c +221 -0
  1608. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_akeya.c +73 -0
  1609. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_alt.c +634 -0
  1610. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bcons.c +135 -0
  1611. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_bitst.c +141 -0
  1612. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_conf.c +416 -0
  1613. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_cpols.c +477 -0
  1614. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_crld.c +598 -0
  1615. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_enum.c +112 -0
  1616. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_extku.c +154 -0
  1617. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_genn.c +270 -0
  1618. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ia5.c +122 -0
  1619. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_info.c +211 -0
  1620. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_int.c +121 -0
  1621. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_lib.c +342 -0
  1622. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ncons.c +555 -0
  1623. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_ocsp.c +81 -0
  1624. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pcons.c +142 -0
  1625. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_pmaps.c +150 -0
  1626. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_prn.c +224 -0
  1627. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_purp.c +645 -0
  1628. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_skey.c +170 -0
  1629. data/third_party/boringssl-with-bazel/src/crypto/x509/v3_utl.c +1357 -0
  1630. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
  1631. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
  1632. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
  1633. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
  1634. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
  1635. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
  1636. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
  1637. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
  1638. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
  1639. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
  1640. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  1641. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
  1642. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
  1643. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
  1644. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
  1645. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
  1646. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
  1647. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
  1648. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
  1649. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
  1650. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
  1651. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
  1652. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
  1653. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
  1654. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
  1655. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
  1656. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
  1657. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
  1658. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  1659. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
  1660. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
  1661. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
  1662. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
  1663. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  1664. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
  1665. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
  1666. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
  1667. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
  1668. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
  1669. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
  1670. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
  1671. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
  1672. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
  1673. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
  1674. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
  1675. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
  1676. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
  1677. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
  1678. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
  1679. data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
  1680. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
  1681. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
  1682. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
  1683. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
  1684. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
  1685. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
  1686. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
  1687. data/third_party/cares/config_linux/ares_config.h +2 -38
  1688. data/third_party/upb/upb/base/descriptor_constants.h +7 -27
  1689. data/third_party/upb/upb/base/internal/log2.h +38 -0
  1690. data/third_party/upb/upb/base/status.c +6 -26
  1691. data/third_party/upb/upb/base/status.h +6 -26
  1692. data/third_party/upb/upb/base/status.hpp +50 -0
  1693. data/third_party/upb/upb/base/string_view.h +11 -28
  1694. data/third_party/upb/upb/generated_code_support.h +13 -34
  1695. data/third_party/upb/upb/hash/common.c +7 -44
  1696. data/third_party/upb/upb/hash/common.h +16 -42
  1697. data/third_party/upb/upb/hash/int_table.h +6 -26
  1698. data/third_party/upb/upb/hash/str_table.h +6 -26
  1699. data/third_party/upb/upb/json/decode.c +31 -28
  1700. data/third_party/upb/upb/json/decode.h +32 -29
  1701. data/third_party/upb/upb/json/encode.c +31 -28
  1702. data/third_party/upb/upb/json/encode.h +35 -32
  1703. data/third_party/upb/upb/lex/atoi.c +6 -26
  1704. data/third_party/upb/upb/lex/atoi.h +8 -26
  1705. data/third_party/upb/upb/lex/round_trip.c +6 -26
  1706. data/third_party/upb/upb/lex/round_trip.h +6 -26
  1707. data/third_party/upb/upb/lex/strtod.c +6 -26
  1708. data/third_party/upb/upb/lex/strtod.h +6 -26
  1709. data/third_party/upb/upb/lex/unicode.c +6 -26
  1710. data/third_party/upb/upb/lex/unicode.h +8 -26
  1711. data/third_party/upb/upb/mem/alloc.c +6 -26
  1712. data/third_party/upb/upb/mem/alloc.h +6 -26
  1713. data/third_party/upb/upb/mem/arena.c +30 -29
  1714. data/third_party/upb/upb/mem/arena.h +16 -44
  1715. data/third_party/upb/upb/mem/arena.hpp +54 -0
  1716. data/third_party/upb/upb/mem/internal/arena.h +94 -0
  1717. data/third_party/upb/upb/message/accessors.c +10 -31
  1718. data/third_party/upb/upb/message/accessors.h +12 -32
  1719. data/third_party/upb/upb/message/array.c +154 -0
  1720. data/third_party/upb/upb/message/array.h +98 -0
  1721. data/third_party/upb/upb/message/internal/accessors.h +367 -0
  1722. data/third_party/upb/upb/message/internal/array.h +138 -0
  1723. data/third_party/upb/upb/message/internal/extension.h +63 -0
  1724. data/third_party/upb/upb/message/internal/map.h +173 -0
  1725. data/third_party/upb/upb/message/internal/map_entry.h +35 -33
  1726. data/third_party/upb/upb/message/internal/map_sorter.h +112 -0
  1727. data/third_party/upb/upb/message/internal/message.h +106 -0
  1728. data/third_party/upb/upb/message/internal/types.h +23 -0
  1729. data/third_party/upb/upb/message/map.c +145 -0
  1730. data/third_party/upb/upb/message/map.h +147 -0
  1731. data/third_party/upb/upb/message/map_gencode_util.h +81 -0
  1732. data/third_party/upb/upb/message/map_sorter.c +170 -0
  1733. data/third_party/upb/upb/message/message.c +8 -28
  1734. data/third_party/upb/upb/message/message.h +9 -26
  1735. data/third_party/upb/upb/message/tagged_ptr.h +8 -28
  1736. data/third_party/upb/upb/message/types.h +15 -0
  1737. data/third_party/upb/upb/message/value.h +46 -0
  1738. data/third_party/upb/upb/mini_descriptor/build_enum.c +6 -26
  1739. data/third_party/upb/upb/mini_descriptor/build_enum.h +7 -28
  1740. data/third_party/upb/upb/mini_descriptor/decode.c +21 -26
  1741. data/third_party/upb/upb/mini_descriptor/decode.h +6 -26
  1742. data/third_party/upb/upb/mini_descriptor/internal/base92.c +6 -26
  1743. data/third_party/upb/upb/mini_descriptor/internal/base92.h +9 -27
  1744. data/third_party/upb/upb/mini_descriptor/internal/decoder.h +6 -26
  1745. data/third_party/upb/upb/mini_descriptor/internal/encode.c +25 -28
  1746. data/third_party/upb/upb/mini_descriptor/internal/encode.h +8 -26
  1747. data/third_party/upb/upb/mini_descriptor/internal/encode.hpp +21 -39
  1748. data/third_party/upb/upb/mini_descriptor/internal/modifiers.h +8 -26
  1749. data/third_party/upb/upb/mini_descriptor/internal/wire_constants.h +7 -26
  1750. data/third_party/upb/upb/mini_descriptor/link.c +8 -28
  1751. data/third_party/upb/upb/mini_descriptor/link.h +6 -26
  1752. data/third_party/upb/upb/mini_table/enum.h +14 -26
  1753. data/third_party/upb/upb/mini_table/extension.h +6 -31
  1754. data/third_party/upb/upb/mini_table/extension_registry.c +6 -26
  1755. data/third_party/upb/upb/mini_table/extension_registry.h +7 -27
  1756. data/third_party/upb/upb/mini_table/field.h +6 -26
  1757. data/third_party/upb/upb/mini_table/file.h +6 -26
  1758. data/third_party/upb/upb/mini_table/internal/enum.h +8 -26
  1759. data/third_party/upb/upb/mini_table/internal/extension.h +6 -26
  1760. data/third_party/upb/upb/mini_table/internal/field.h +8 -30
  1761. data/third_party/upb/upb/mini_table/internal/file.h +9 -29
  1762. data/third_party/upb/upb/mini_table/internal/message.c +6 -26
  1763. data/third_party/upb/upb/mini_table/internal/message.h +7 -32
  1764. data/third_party/upb/upb/mini_table/internal/sub.h +6 -27
  1765. data/third_party/upb/upb/mini_table/message.c +6 -26
  1766. data/third_party/upb/upb/mini_table/message.h +6 -26
  1767. data/third_party/upb/upb/mini_table/sub.h +6 -26
  1768. data/third_party/upb/upb/port/atomic.h +8 -26
  1769. data/third_party/upb/upb/port/def.inc +28 -29
  1770. data/third_party/upb/upb/port/undef.inc +8 -26
  1771. data/third_party/upb/upb/port/vsnprintf_compat.h +6 -26
  1772. data/third_party/upb/upb/reflection/common.h +11 -27
  1773. data/third_party/upb/upb/reflection/def.h +8 -26
  1774. data/third_party/upb/upb/reflection/def.hpp +10 -27
  1775. data/third_party/upb/upb/reflection/def_pool.c +16 -35
  1776. data/third_party/upb/upb/reflection/def_pool.h +17 -38
  1777. data/third_party/upb/upb/reflection/def_type.c +6 -26
  1778. data/third_party/upb/upb/reflection/def_type.h +6 -27
  1779. data/third_party/upb/upb/reflection/desc_state.c +7 -27
  1780. data/third_party/upb/upb/reflection/enum_def.c +18 -36
  1781. data/third_party/upb/upb/reflection/enum_def.h +13 -33
  1782. data/third_party/upb/upb/reflection/enum_reserved_range.c +9 -30
  1783. data/third_party/upb/upb/reflection/enum_reserved_range.h +6 -26
  1784. data/third_party/upb/upb/reflection/enum_value_def.c +13 -32
  1785. data/third_party/upb/upb/reflection/enum_value_def.h +8 -28
  1786. data/third_party/upb/upb/reflection/extension_range.c +9 -28
  1787. data/third_party/upb/upb/reflection/extension_range.h +6 -26
  1788. data/third_party/upb/upb/reflection/field_def.c +68 -51
  1789. data/third_party/upb/upb/reflection/field_def.h +25 -42
  1790. data/third_party/upb/upb/reflection/file_def.c +23 -48
  1791. data/third_party/upb/upb/reflection/file_def.h +10 -30
  1792. data/third_party/upb/upb/reflection/internal/def_builder.c +339 -0
  1793. data/third_party/upb/upb/reflection/internal/def_builder.h +137 -0
  1794. data/third_party/upb/upb/reflection/internal/def_pool.h +57 -0
  1795. data/third_party/upb/upb/reflection/internal/desc_state.h +44 -0
  1796. data/third_party/upb/upb/reflection/internal/enum_def.h +36 -0
  1797. data/third_party/upb/upb/reflection/internal/enum_reserved_range.h +35 -0
  1798. data/third_party/upb/upb/reflection/internal/enum_value_def.h +37 -0
  1799. data/third_party/upb/upb/reflection/internal/extension_range.h +34 -0
  1800. data/third_party/upb/upb/reflection/internal/field_def.h +56 -0
  1801. data/third_party/upb/upb/reflection/internal/file_def.h +37 -0
  1802. data/third_party/upb/upb/reflection/internal/message_def.h +43 -0
  1803. data/third_party/upb/upb/reflection/internal/message_reserved_range.h +35 -0
  1804. data/third_party/upb/upb/reflection/internal/method_def.h +33 -0
  1805. data/third_party/upb/upb/reflection/internal/oneof_def.h +37 -0
  1806. data/third_party/upb/upb/reflection/internal/service_def.h +33 -0
  1807. data/third_party/upb/upb/reflection/internal/strdup2.c +33 -0
  1808. data/third_party/upb/upb/reflection/internal/strdup2.h +32 -0
  1809. data/third_party/upb/upb/reflection/message.c +8 -28
  1810. data/third_party/upb/upb/reflection/message.h +27 -40
  1811. data/third_party/upb/upb/reflection/message.hpp +5 -23
  1812. data/third_party/upb/upb/reflection/message_def.c +70 -54
  1813. data/third_party/upb/upb/reflection/message_def.h +25 -43
  1814. data/third_party/upb/upb/reflection/message_reserved_range.c +8 -28
  1815. data/third_party/upb/upb/reflection/message_reserved_range.h +6 -26
  1816. data/third_party/upb/upb/reflection/method_def.c +10 -29
  1817. data/third_party/upb/upb/reflection/method_def.h +6 -26
  1818. data/third_party/upb/upb/reflection/oneof_def.c +15 -33
  1819. data/third_party/upb/upb/reflection/oneof_def.h +11 -30
  1820. data/third_party/upb/upb/reflection/service_def.c +12 -31
  1821. data/third_party/upb/upb/reflection/service_def.h +6 -26
  1822. data/third_party/upb/upb/text/encode.c +8 -28
  1823. data/third_party/upb/upb/text/encode.h +6 -26
  1824. data/third_party/upb/upb/wire/decode.c +39 -40
  1825. data/third_party/upb/upb/wire/decode.h +10 -26
  1826. data/third_party/upb/upb/wire/decode_fast.c +10 -28
  1827. data/third_party/upb/upb/wire/decode_fast.h +6 -26
  1828. data/third_party/upb/upb/wire/encode.c +30 -34
  1829. data/third_party/upb/upb/wire/encode.h +14 -30
  1830. data/third_party/upb/upb/wire/eps_copy_input_stream.c +6 -26
  1831. data/third_party/upb/upb/wire/eps_copy_input_stream.h +6 -26
  1832. data/third_party/upb/upb/wire/internal/constants.h +27 -0
  1833. data/third_party/upb/upb/wire/internal/decode.h +143 -0
  1834. data/third_party/upb/upb/wire/internal/swap.h +45 -0
  1835. data/third_party/upb/upb/wire/reader.c +6 -26
  1836. data/third_party/upb/upb/wire/reader.h +8 -28
  1837. data/third_party/upb/upb/wire/types.h +6 -26
  1838. data/third_party/zlib/adler32.c +5 -27
  1839. data/third_party/zlib/compress.c +5 -16
  1840. data/third_party/zlib/crc32.c +86 -162
  1841. data/third_party/zlib/deflate.c +233 -336
  1842. data/third_party/zlib/deflate.h +8 -8
  1843. data/third_party/zlib/gzguts.h +11 -12
  1844. data/third_party/zlib/infback.c +7 -23
  1845. data/third_party/zlib/inffast.c +1 -4
  1846. data/third_party/zlib/inffast.h +1 -1
  1847. data/third_party/zlib/inflate.c +30 -99
  1848. data/third_party/zlib/inftrees.c +6 -11
  1849. data/third_party/zlib/inftrees.h +3 -3
  1850. data/third_party/zlib/trees.c +224 -302
  1851. data/third_party/zlib/uncompr.c +4 -12
  1852. data/third_party/zlib/zconf.h +6 -2
  1853. data/third_party/zlib/zlib.h +191 -188
  1854. data/third_party/zlib/zutil.c +16 -44
  1855. data/third_party/zlib/zutil.h +10 -10
  1856. metadata +1085 -860
  1857. data/src/core/ext/filters/client_channel/backend_metric.cc +0 -95
  1858. data/src/core/ext/filters/client_channel/backend_metric.h +0 -47
  1859. data/src/core/ext/filters/client_channel/backup_poller.cc +0 -178
  1860. data/src/core/ext/filters/client_channel/backup_poller.h +0 -37
  1861. data/src/core/ext/filters/client_channel/channel_connectivity.cc +0 -265
  1862. data/src/core/ext/filters/client_channel/client_channel.cc +0 -3612
  1863. data/src/core/ext/filters/client_channel/client_channel.h +0 -639
  1864. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -93
  1865. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -85
  1866. data/src/core/ext/filters/client_channel/client_channel_factory.cc +0 -32
  1867. data/src/core/ext/filters/client_channel/client_channel_factory.h +0 -46
  1868. data/src/core/ext/filters/client_channel/client_channel_internal.h +0 -77
  1869. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +0 -56
  1870. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +0 -153
  1871. data/src/core/ext/filters/client_channel/client_channel_service_config.h +0 -111
  1872. data/src/core/ext/filters/client_channel/config_selector.cc +0 -60
  1873. data/src/core/ext/filters/client_channel/config_selector.h +0 -125
  1874. data/src/core/ext/filters/client_channel/connector.h +0 -88
  1875. data/src/core/ext/filters/client_channel/dynamic_filters.cc +0 -175
  1876. data/src/core/ext/filters/client_channel/dynamic_filters.h +0 -110
  1877. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +0 -65
  1878. data/src/core/ext/filters/client_channel/global_subchannel_pool.h +0 -63
  1879. data/src/core/ext/filters/client_channel/http_proxy_mapper.cc +0 -238
  1880. data/src/core/ext/filters/client_channel/http_proxy_mapper.h +0 -52
  1881. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +0 -74
  1882. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +0 -117
  1883. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +0 -57
  1884. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +0 -315
  1885. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.h +0 -88
  1886. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.cc +0 -188
  1887. data/src/core/ext/filters/client_channel/lb_policy/endpoint_list.h +0 -214
  1888. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +0 -85
  1889. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.h +0 -46
  1890. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +0 -1880
  1891. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +0 -39
  1892. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -89
  1893. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -39
  1894. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +0 -90
  1895. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +0 -81
  1896. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +0 -202
  1897. data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +0 -77
  1898. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +0 -515
  1899. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +0 -52
  1900. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +0 -204
  1901. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +0 -335
  1902. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +0 -57
  1903. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric_internal.h +0 -119
  1904. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +0 -1116
  1905. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +0 -94
  1906. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +0 -875
  1907. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.h +0 -36
  1908. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +0 -897
  1909. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +0 -856
  1910. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +0 -64
  1911. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +0 -2457
  1912. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +0 -921
  1913. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +0 -456
  1914. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +0 -198
  1915. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.h +0 -71
  1916. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +0 -1813
  1917. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +0 -752
  1918. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +0 -712
  1919. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +0 -37
  1920. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +0 -750
  1921. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +0 -650
  1922. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +0 -1173
  1923. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +0 -832
  1924. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.h +0 -67
  1925. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +0 -301
  1926. data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +0 -60
  1927. data/src/core/ext/filters/client_channel/local_subchannel_pool.h +0 -59
  1928. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +0 -148
  1929. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +0 -758
  1930. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.h +0 -30
  1931. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +0 -90
  1932. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +0 -206
  1933. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +0 -818
  1934. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1218
  1935. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +0 -139
  1936. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_posix.cc +0 -29
  1937. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +0 -35
  1938. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.cc +0 -66
  1939. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_plugin.h +0 -27
  1940. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +0 -586
  1941. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.h +0 -35
  1942. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +0 -97
  1943. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.h +0 -32
  1944. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +0 -184
  1945. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.h +0 -24
  1946. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +0 -386
  1947. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.h +0 -144
  1948. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +0 -326
  1949. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +0 -274
  1950. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +0 -121
  1951. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +0 -202
  1952. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +0 -1286
  1953. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +0 -61
  1954. data/src/core/ext/filters/client_channel/retry_filter.cc +0 -160
  1955. data/src/core/ext/filters/client_channel/retry_filter.h +0 -122
  1956. data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.cc +0 -2052
  1957. data/src/core/ext/filters/client_channel/retry_filter_legacy_call_data.h +0 -442
  1958. data/src/core/ext/filters/client_channel/retry_service_config.cc +0 -283
  1959. data/src/core/ext/filters/client_channel/retry_service_config.h +0 -105
  1960. data/src/core/ext/filters/client_channel/retry_throttle.cc +0 -139
  1961. data/src/core/ext/filters/client_channel/retry_throttle.h +0 -92
  1962. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +0 -124
  1963. data/src/core/ext/filters/client_channel/subchannel.cc +0 -811
  1964. data/src/core/ext/filters/client_channel/subchannel.h +0 -387
  1965. data/src/core/ext/filters/client_channel/subchannel_interface_internal.h +0 -41
  1966. data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +0 -66
  1967. data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +0 -100
  1968. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +0 -469
  1969. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +0 -225
  1970. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.c +0 -150
  1971. data/src/core/ext/upb-generated/envoy/admin/v3/certs.upb.h +0 -727
  1972. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.c +0 -181
  1973. data/src/core/ext/upb-generated/envoy/admin/v3/clusters.upb.h +0 -827
  1974. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +0 -158
  1975. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +0 -735
  1976. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.c +0 -533
  1977. data/src/core/ext/upb-generated/envoy/admin/v3/config_dump_shared.upb.h +0 -2788
  1978. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.c +0 -67
  1979. data/src/core/ext/upb-generated/envoy/admin/v3/init_dump.upb.h +0 -248
  1980. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.c +0 -75
  1981. data/src/core/ext/upb-generated/envoy/admin/v3/listeners.upb.h +0 -279
  1982. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.c +0 -57
  1983. data/src/core/ext/upb-generated/envoy/admin/v3/memory.upb.h +0 -160
  1984. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.c +0 -50
  1985. data/src/core/ext/upb-generated/envoy/admin/v3/metrics.upb.h +0 -120
  1986. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.c +0 -50
  1987. data/src/core/ext/upb-generated/envoy/admin/v3/mutex_stats.upb.h +0 -115
  1988. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.c +0 -151
  1989. data/src/core/ext/upb-generated/envoy/admin/v3/server_info.upb.h +0 -927
  1990. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.c +0 -55
  1991. data/src/core/ext/upb-generated/envoy/admin/v3/tap.upb.h +0 -114
  1992. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.c +0 -61
  1993. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -126
  1994. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.c +0 -58
  1995. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +0 -110
  1996. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -376
  1997. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +0 -1764
  1998. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +0 -570
  1999. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +0 -3249
  2000. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +0 -126
  2001. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +0 -524
  2002. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +0 -730
  2003. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +0 -3918
  2004. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.c +0 -55
  2005. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +0 -114
  2006. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +0 -124
  2007. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +0 -656
  2008. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.c +0 -396
  2009. data/src/core/ext/upb-generated/envoy/config/common/matcher/v3/matcher.upb.h +0 -1841
  2010. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +0 -225
  2011. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +0 -1046
  2012. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.c +0 -56
  2013. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +0 -126
  2014. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +0 -578
  2015. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +0 -2440
  2016. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +0 -226
  2017. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +0 -1133
  2018. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +0 -52
  2019. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +0 -107
  2020. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +0 -54
  2021. data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +0 -114
  2022. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.c +0 -69
  2023. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_method_list.upb.h +0 -248
  2024. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +0 -379
  2025. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +0 -1699
  2026. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +0 -316
  2027. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +0 -1943
  2028. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.c +0 -56
  2029. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +0 -141
  2030. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +0 -482
  2031. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +0 -2256
  2032. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -71
  2033. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +0 -237
  2034. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +0 -73
  2035. data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +0 -231
  2036. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.c +0 -77
  2037. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +0 -285
  2038. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +0 -67
  2039. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +0 -252
  2040. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +0 -55
  2041. data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +0 -128
  2042. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -139
  2043. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +0 -490
  2044. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +0 -205
  2045. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +0 -867
  2046. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +0 -180
  2047. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +0 -912
  2048. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.c +0 -51
  2049. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +0 -99
  2050. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +0 -267
  2051. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +0 -1592
  2052. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +0 -261
  2053. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +0 -1451
  2054. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +0 -87
  2055. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +0 -323
  2056. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -78
  2057. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +0 -196
  2058. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.c +0 -65
  2059. data/src/core/ext/upb-generated/envoy/config/metrics/v3/metrics_service.upb.h +0 -179
  2060. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +0 -220
  2061. data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +0 -980
  2062. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +0 -251
  2063. data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +0 -1189
  2064. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +0 -349
  2065. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +0 -1709
  2066. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +0 -134
  2067. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +0 -859
  2068. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +0 -1644
  2069. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +0 -9590
  2070. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +0 -98
  2071. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +0 -339
  2072. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.c +0 -326
  2073. data/src/core/ext/upb-generated/envoy/config/tap/v3/common.upb.h +0 -1522
  2074. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.c +0 -52
  2075. data/src/core/ext/upb-generated/envoy/config/trace/v3/datadog.upb.h +0 -115
  2076. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.c +0 -56
  2077. data/src/core/ext/upb-generated/envoy/config/trace/v3/dynamic_ot.upb.h +0 -114
  2078. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -74
  2079. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +0 -188
  2080. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.c +0 -63
  2081. data/src/core/ext/upb-generated/envoy/config/trace/v3/lightstep.upb.h +0 -197
  2082. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.c +0 -82
  2083. data/src/core/ext/upb-generated/envoy/config/trace/v3/opencensus.upb.h +0 -405
  2084. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -53
  2085. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.h +0 -114
  2086. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.c +0 -52
  2087. data/src/core/ext/upb-generated/envoy/config/trace/v3/service.upb.h +0 -99
  2088. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.c +0 -86
  2089. data/src/core/ext/upb-generated/envoy/config/trace/v3/skywalking.upb.h +0 -251
  2090. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.c +0 -34
  2091. data/src/core/ext/upb-generated/envoy/config/trace/v3/trace.upb.h +0 -40
  2092. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.c +0 -88
  2093. data/src/core/ext/upb-generated/envoy/config/trace/v3/xray.upb.h +0 -253
  2094. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.c +0 -66
  2095. data/src/core/ext/upb-generated/envoy/config/trace/v3/zipkin.upb.h +0 -196
  2096. data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.c +0 -556
  2097. data/src/core/ext/upb-generated/envoy/data/accesslog/v3/accesslog.upb.h +0 -2702
  2098. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +0 -47
  2099. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +0 -131
  2100. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +0 -117
  2101. data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +0 -429
  2102. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +0 -142
  2103. data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +0 -656
  2104. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c +0 -88
  2105. data/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h +0 -263
  2106. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +0 -102
  2107. data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +0 -460
  2108. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.c +0 -73
  2109. data/src/core/ext/upb-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +0 -193
  2110. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +0 -680
  2111. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +0 -3965
  2112. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.c +0 -51
  2113. data/src/core/ext/upb-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upb.h +0 -99
  2114. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +0 -68
  2115. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +0 -238
  2116. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.c +0 -136
  2117. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/common/v3/common.upb.h +0 -491
  2118. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.c +0 -45
  2119. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/pick_first/v3/pick_first.upb.h +0 -85
  2120. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +0 -69
  2121. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +0 -249
  2122. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.c +0 -51
  2123. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/wrr_locality/v3/wrr_locality.upb.h +0 -99
  2124. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -29
  2125. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +0 -35
  2126. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +0 -263
  2127. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +0 -1471
  2128. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +0 -109
  2129. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -361
  2130. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -268
  2131. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +0 -1474
  2132. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.c +0 -73
  2133. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upb.h +0 -216
  2134. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.c +0 -39
  2135. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +0 -70
  2136. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +0 -403
  2137. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +0 -2153
  2138. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -85
  2139. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +0 -323
  2140. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +0 -183
  2141. data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +0 -915
  2142. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.c +0 -55
  2143. data/src/core/ext/upb-generated/envoy/type/http/v3/cookie.upb.h +0 -129
  2144. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +0 -87
  2145. data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +0 -313
  2146. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.c +0 -54
  2147. data/src/core/ext/upb-generated/envoy/type/matcher/v3/filter_state.upb.h +0 -122
  2148. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +0 -106
  2149. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +0 -301
  2150. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +0 -77
  2151. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +0 -258
  2152. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +0 -56
  2153. data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +0 -164
  2154. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +0 -55
  2155. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +0 -127
  2156. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +0 -52
  2157. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +0 -107
  2158. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +0 -97
  2159. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +0 -269
  2160. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.c +0 -44
  2161. data/src/core/ext/upb-generated/envoy/type/matcher/v3/status_code_input.upb.h +0 -109
  2162. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -82
  2163. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +0 -304
  2164. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +0 -71
  2165. data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +0 -228
  2166. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +0 -93
  2167. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +0 -346
  2168. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +0 -128
  2169. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +0 -528
  2170. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +0 -140
  2171. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +0 -508
  2172. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.c +0 -77
  2173. data/src/core/ext/upb-generated/envoy/type/v3/hash_policy.upb.h +0 -226
  2174. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.c +0 -27
  2175. data/src/core/ext/upb-generated/envoy/type/v3/http.upb.h +0 -36
  2176. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.c +0 -47
  2177. data/src/core/ext/upb-generated/envoy/type/v3/http_status.upb.h +0 -145
  2178. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.c +0 -65
  2179. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +0 -160
  2180. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.c +0 -85
  2181. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +0 -238
  2182. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.c +0 -76
  2183. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_strategy.upb.h +0 -229
  2184. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.c +0 -27
  2185. data/src/core/ext/upb-generated/envoy/type/v3/ratelimit_unit.upb.h +0 -40
  2186. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.c +0 -50
  2187. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +0 -115
  2188. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.c +0 -58
  2189. data/src/core/ext/upb-generated/envoy/type/v3/token_bucket.upb.h +0 -143
  2190. data/src/core/ext/upb-generated/google/api/annotations.upb.c +0 -41
  2191. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -55
  2192. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +0 -370
  2193. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +0 -1756
  2194. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +0 -400
  2195. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +0 -1841
  2196. data/src/core/ext/upb-generated/google/api/http.upb.c +0 -112
  2197. data/src/core/ext/upb-generated/google/api/http.upb.h +0 -499
  2198. data/src/core/ext/upb-generated/google/api/httpbody.upb.c +0 -53
  2199. data/src/core/ext/upb-generated/google/api/httpbody.upb.h +0 -165
  2200. data/src/core/ext/upb-generated/google/protobuf/any.upb.c +0 -47
  2201. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +0 -100
  2202. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +0 -1327
  2203. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +0 -6236
  2204. data/src/core/ext/upb-generated/google/protobuf/duration.upb.c +0 -47
  2205. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +0 -100
  2206. data/src/core/ext/upb-generated/google/protobuf/empty.upb.c +0 -36
  2207. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +0 -70
  2208. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +0 -116
  2209. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +0 -426
  2210. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.c +0 -47
  2211. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +0 -100
  2212. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.c +0 -164
  2213. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +0 -517
  2214. data/src/core/ext/upb-generated/google/rpc/status.upb.c +0 -53
  2215. data/src/core/ext/upb-generated/google/rpc/status.upb.h +0 -165
  2216. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.c +0 -107
  2217. data/src/core/ext/upb-generated/opencensus/proto/trace/v1/trace_config.upb.h +0 -389
  2218. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +0 -80
  2219. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +0 -238
  2220. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +0 -343
  2221. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +0 -1669
  2222. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.c +0 -70
  2223. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +0 -199
  2224. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.c +0 -59
  2225. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +0 -146
  2226. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.c +0 -222
  2227. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +0 -885
  2228. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.c +0 -93
  2229. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls.upb.h +0 -300
  2230. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.c +0 -244
  2231. data/src/core/ext/upb-generated/src/proto/grpc/lookup/v1/rls_config.upb.h +0 -1341
  2232. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.c +0 -127
  2233. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +0 -333
  2234. data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +0 -62
  2235. data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +0 -125
  2236. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.c +0 -39
  2237. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -55
  2238. data/src/core/ext/upb-generated/udpa/annotations/status.upb.c +0 -61
  2239. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +0 -132
  2240. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +0 -58
  2241. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +0 -110
  2242. data/src/core/ext/upb-generated/validate/validate.upb.c +0 -948
  2243. data/src/core/ext/upb-generated/validate/validate.upb.h +0 -6536
  2244. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.c +0 -127
  2245. data/src/core/ext/upb-generated/xds/annotations/v3/migrate.upb.h +0 -333
  2246. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.c +0 -62
  2247. data/src/core/ext/upb-generated/xds/annotations/v3/security.upb.h +0 -125
  2248. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.c +0 -39
  2249. data/src/core/ext/upb-generated/xds/annotations/v3/sensitive.upb.h +0 -55
  2250. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.c +0 -124
  2251. data/src/core/ext/upb-generated/xds/annotations/v3/status.upb.h +0 -344
  2252. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.c +0 -58
  2253. data/src/core/ext/upb-generated/xds/annotations/v3/versioning.upb.h +0 -110
  2254. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.c +0 -46
  2255. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +0 -85
  2256. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.c +0 -54
  2257. data/src/core/ext/upb-generated/xds/core/v3/cidr.upb.h +0 -114
  2258. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +0 -79
  2259. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +0 -233
  2260. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +0 -63
  2261. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +0 -134
  2262. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.c +0 -53
  2263. data/src/core/ext/upb-generated/xds/core/v3/extension.upb.h +0 -114
  2264. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.c +0 -56
  2265. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +0 -143
  2266. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +0 -85
  2267. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +0 -330
  2268. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +0 -60
  2269. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +0 -144
  2270. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +0 -127
  2271. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +0 -352
  2272. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.c +0 -53
  2273. data/src/core/ext/upb-generated/xds/service/orca/v3/orca.upb.h +0 -160
  2274. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.c +0 -51
  2275. data/src/core/ext/upb-generated/xds/type/matcher/v3/cel.upb.h +0 -99
  2276. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.c +0 -73
  2277. data/src/core/ext/upb-generated/xds/type/matcher/v3/domain.upb.h +0 -262
  2278. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.c +0 -37
  2279. data/src/core/ext/upb-generated/xds/type/matcher/v3/http_inputs.upb.h +0 -70
  2280. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.c +0 -76
  2281. data/src/core/ext/upb-generated/xds/type/matcher/v3/ip.upb.h +0 -281
  2282. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.c +0 -266
  2283. data/src/core/ext/upb-generated/xds/type/matcher/v3/matcher.upb.h +0 -1114
  2284. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.c +0 -158
  2285. data/src/core/ext/upb-generated/xds/type/matcher/v3/range.upb.h +0 -732
  2286. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.c +0 -59
  2287. data/src/core/ext/upb-generated/xds/type/matcher/v3/regex.upb.h +0 -159
  2288. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.c +0 -80
  2289. data/src/core/ext/upb-generated/xds/type/matcher/v3/string.upb.h +0 -304
  2290. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.c +0 -80
  2291. data/src/core/ext/upb-generated/xds/type/v3/cel.upb.h +0 -232
  2292. data/src/core/ext/upb-generated/xds/type/v3/range.upb.c +0 -83
  2293. data/src/core/ext/upb-generated/xds/type/v3/range.upb.h +0 -238
  2294. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.c +0 -52
  2295. data/src/core/ext/upb-generated/xds/type/v3/typed_struct.upb.h +0 -114
  2296. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.c +0 -84
  2297. data/src/core/ext/upbdefs-generated/envoy/admin/v3/certs.upbdefs.h +0 -56
  2298. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.c +0 -128
  2299. data/src/core/ext/upbdefs-generated/envoy/admin/v3/clusters.upbdefs.h +0 -51
  2300. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +0 -102
  2301. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +0 -56
  2302. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.c +0 -277
  2303. data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump_shared.upbdefs.h +0 -126
  2304. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.c +0 -43
  2305. data/src/core/ext/upbdefs-generated/envoy/admin/v3/init_dump.upbdefs.h +0 -41
  2306. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.c +0 -56
  2307. data/src/core/ext/upbdefs-generated/envoy/admin/v3/listeners.upbdefs.h +0 -41
  2308. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.c +0 -49
  2309. data/src/core/ext/upbdefs-generated/envoy/admin/v3/memory.upbdefs.h +0 -36
  2310. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.c +0 -46
  2311. data/src/core/ext/upbdefs-generated/envoy/admin/v3/metrics.upbdefs.h +0 -36
  2312. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.c +0 -46
  2313. data/src/core/ext/upbdefs-generated/envoy/admin/v3/mutex_stats.upbdefs.h +0 -36
  2314. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.c +0 -142
  2315. data/src/core/ext/upbdefs-generated/envoy/admin/v3/server_info.upbdefs.h +0 -41
  2316. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.c +0 -51
  2317. data/src/core/ext/upbdefs-generated/envoy/admin/v3/tap.upbdefs.h +0 -36
  2318. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +0 -48
  2319. data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.h +0 -31
  2320. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.c +0 -38
  2321. data/src/core/ext/upbdefs-generated/envoy/annotations/resource.upbdefs.h +0 -36
  2322. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +0 -234
  2323. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.h +0 -111
  2324. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +0 -408
  2325. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +0 -121
  2326. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.c +0 -98
  2327. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/circuit_breaker.upbdefs.h +0 -46
  2328. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +0 -567
  2329. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +0 -151
  2330. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.c +0 -51
  2331. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/filter.upbdefs.h +0 -36
  2332. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +0 -138
  2333. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.h +0 -36
  2334. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.c +0 -206
  2335. data/src/core/ext/upbdefs-generated/envoy/config/common/matcher/v3/matcher.upbdefs.h +0 -106
  2336. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.c +0 -132
  2337. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/address.upbdefs.h +0 -71
  2338. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.c +0 -54
  2339. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/backoff.upbdefs.h +0 -36
  2340. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +0 -271
  2341. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +0 -151
  2342. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +0 -168
  2343. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.h +0 -66
  2344. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.c +0 -53
  2345. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/event_service_config.upbdefs.h +0 -36
  2346. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.c +0 -47
  2347. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/extension.upbdefs.h +0 -36
  2348. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.c +0 -53
  2349. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_method_list.upbdefs.h +0 -41
  2350. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.c +0 -237
  2351. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/grpc_service.upbdefs.h +0 -101
  2352. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +0 -245
  2353. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.h +0 -76
  2354. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.c +0 -53
  2355. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/http_uri.upbdefs.h +0 -36
  2356. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +0 -311
  2357. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +0 -111
  2358. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +0 -57
  2359. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +0 -41
  2360. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +0 -55
  2361. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +0 -41
  2362. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.c +0 -61
  2363. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/socket_option.upbdefs.h +0 -41
  2364. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +0 -70
  2365. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.h +0 -36
  2366. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +0 -49
  2367. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +0 -36
  2368. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +0 -99
  2369. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.h +0 -51
  2370. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.c +0 -133
  2371. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint_components.upbdefs.h +0 -61
  2372. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.c +0 -136
  2373. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/load_report.upbdefs.h +0 -56
  2374. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.c +0 -48
  2375. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/api_listener.upbdefs.h +0 -36
  2376. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +0 -227
  2377. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +0 -81
  2378. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +0 -190
  2379. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.h +0 -66
  2380. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +0 -101
  2381. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +0 -36
  2382. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +0 -71
  2383. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h +0 -41
  2384. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.c +0 -76
  2385. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/metrics_service.upbdefs.h +0 -36
  2386. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +0 -125
  2387. data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +0 -71
  2388. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +0 -142
  2389. data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +0 -81
  2390. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +0 -223
  2391. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +0 -86
  2392. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +0 -123
  2393. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +0 -46
  2394. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +0 -972
  2395. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +0 -316
  2396. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c +0 -77
  2397. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h +0 -46
  2398. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.c +0 -199
  2399. data/src/core/ext/upbdefs-generated/envoy/config/tap/v3/common.upbdefs.h +0 -91
  2400. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.c +0 -56
  2401. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/datadog.upbdefs.h +0 -36
  2402. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.c +0 -57
  2403. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/dynamic_ot.upbdefs.h +0 -36
  2404. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +0 -57
  2405. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.h +0 -41
  2406. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.c +0 -72
  2407. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/lightstep.upbdefs.h +0 -36
  2408. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.c +0 -99
  2409. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opencensus.upbdefs.h +0 -36
  2410. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +0 -45
  2411. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.h +0 -36
  2412. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.c +0 -52
  2413. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/service.upbdefs.h +0 -36
  2414. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.c +0 -71
  2415. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/skywalking.upbdefs.h +0 -41
  2416. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.c +0 -61
  2417. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/trace.upbdefs.h +0 -31
  2418. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.c +0 -75
  2419. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/xray.upbdefs.h +0 -41
  2420. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.c +0 -79
  2421. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/zipkin.upbdefs.h +0 -36
  2422. data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.c +0 -402
  2423. data/src/core/ext/upbdefs-generated/envoy/data/accesslog/v3/accesslog.upbdefs.h +0 -111
  2424. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +0 -50
  2425. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +0 -36
  2426. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +0 -92
  2427. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +0 -56
  2428. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +0 -123
  2429. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +0 -46
  2430. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c +0 -80
  2431. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h +0 -41
  2432. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +0 -105
  2433. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +0 -41
  2434. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +0 -60
  2435. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.h +0 -41
  2436. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +0 -602
  2437. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +0 -136
  2438. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.c +0 -50
  2439. data/src/core/ext/upbdefs-generated/envoy/extensions/http/stateful_session/cookie/v3/cookie.upbdefs.h +0 -36
  2440. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +0 -48
  2441. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h +0 -31
  2442. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +0 -215
  2443. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.h +0 -66
  2444. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +0 -91
  2445. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.h +0 -46
  2446. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +0 -258
  2447. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.h +0 -66
  2448. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.c +0 -58
  2449. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls_spiffe_validator_config.upbdefs.h +0 -41
  2450. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +0 -58
  2451. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.h +0 -36
  2452. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +0 -200
  2453. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +0 -101
  2454. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +0 -76
  2455. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.h +0 -41
  2456. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +0 -152
  2457. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +0 -56
  2458. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.c +0 -46
  2459. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/cookie.upbdefs.h +0 -36
  2460. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +0 -56
  2461. data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +0 -51
  2462. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.c +0 -48
  2463. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/filter_state.upbdefs.h +0 -36
  2464. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +0 -55
  2465. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +0 -56
  2466. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.c +0 -61
  2467. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/metadata.upbdefs.h +0 -41
  2468. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +0 -54
  2469. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +0 -36
  2470. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.c +0 -52
  2471. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/number.upbdefs.h +0 -36
  2472. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.c +0 -51
  2473. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/path.upbdefs.h +0 -36
  2474. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +0 -71
  2475. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.h +0 -46
  2476. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.c +0 -40
  2477. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/status_code_input.upbdefs.h +0 -41
  2478. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +0 -65
  2479. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.h +0 -41
  2480. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +0 -58
  2481. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +0 -41
  2482. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.c +0 -75
  2483. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/value.upbdefs.h +0 -46
  2484. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.c +0 -78
  2485. data/src/core/ext/upbdefs-generated/envoy/type/metadata/v3/metadata.upbdefs.h +0 -66
  2486. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.c +0 -85
  2487. data/src/core/ext/upbdefs-generated/envoy/type/tracing/v3/custom_tag.upbdefs.h +0 -56
  2488. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.c +0 -53
  2489. data/src/core/ext/upbdefs-generated/envoy/type/v3/hash_policy.upbdefs.h +0 -46
  2490. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.c +0 -36
  2491. data/src/core/ext/upbdefs-generated/envoy/type/v3/http.upbdefs.h +0 -31
  2492. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.c +0 -94
  2493. data/src/core/ext/upbdefs-generated/envoy/type/v3/http_status.upbdefs.h +0 -36
  2494. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c +0 -54
  2495. data/src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.h +0 -41
  2496. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c +0 -48
  2497. data/src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h +0 -46
  2498. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.c +0 -69
  2499. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_strategy.upbdefs.h +0 -41
  2500. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.c +0 -39
  2501. data/src/core/ext/upbdefs-generated/envoy/type/v3/ratelimit_unit.upbdefs.h +0 -31
  2502. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c +0 -44
  2503. data/src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h +0 -36
  2504. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.c +0 -57
  2505. data/src/core/ext/upbdefs-generated/envoy/type/v3/token_bucket.upbdefs.h +0 -36
  2506. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c +0 -40
  2507. data/src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h +0 -31
  2508. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c +0 -154
  2509. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h +0 -96
  2510. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c +0 -153
  2511. data/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h +0 -101
  2512. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.c +0 -52
  2513. data/src/core/ext/upbdefs-generated/google/api/http.upbdefs.h +0 -46
  2514. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.c +0 -39
  2515. data/src/core/ext/upbdefs-generated/google/api/httpbody.upbdefs.h +0 -36
  2516. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c +0 -34
  2517. data/src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h +0 -36
  2518. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c +0 -464
  2519. data/src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h +0 -181
  2520. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c +0 -35
  2521. data/src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.h +0 -36
  2522. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.c +0 -32
  2523. data/src/core/ext/upbdefs-generated/google/protobuf/empty.upbdefs.h +0 -36
  2524. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.c +0 -54
  2525. data/src/core/ext/upbdefs-generated/google/protobuf/struct.upbdefs.h +0 -51
  2526. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.c +0 -35
  2527. data/src/core/ext/upbdefs-generated/google/protobuf/timestamp.upbdefs.h +0 -36
  2528. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.c +0 -45
  2529. data/src/core/ext/upbdefs-generated/google/protobuf/wrappers.upbdefs.h +0 -76
  2530. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +0 -37
  2531. data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.h +0 -36
  2532. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.c +0 -67
  2533. data/src/core/ext/upbdefs-generated/opencensus/proto/trace/v1/trace_config.upbdefs.h +0 -51
  2534. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.c +0 -99
  2535. data/src/core/ext/upbdefs-generated/src/proto/grpc/lookup/v1/rls_config.upbdefs.h +0 -76
  2536. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.c +0 -62
  2537. data/src/core/ext/upbdefs-generated/udpa/annotations/migrate.upbdefs.h +0 -46
  2538. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.c +0 -47
  2539. data/src/core/ext/upbdefs-generated/udpa/annotations/security.upbdefs.h +0 -36
  2540. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.c +0 -34
  2541. data/src/core/ext/upbdefs-generated/udpa/annotations/sensitive.upbdefs.h +0 -31
  2542. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.c +0 -46
  2543. data/src/core/ext/upbdefs-generated/udpa/annotations/status.upbdefs.h +0 -36
  2544. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.c +0 -39
  2545. data/src/core/ext/upbdefs-generated/udpa/annotations/versioning.upbdefs.h +0 -36
  2546. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +0 -283
  2547. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.h +0 -146
  2548. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.c +0 -63
  2549. data/src/core/ext/upbdefs-generated/xds/annotations/v3/migrate.upbdefs.h +0 -46
  2550. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.c +0 -47
  2551. data/src/core/ext/upbdefs-generated/xds/annotations/v3/security.upbdefs.h +0 -36
  2552. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.c +0 -35
  2553. data/src/core/ext/upbdefs-generated/xds/annotations/v3/sensitive.upbdefs.h +0 -31
  2554. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.c +0 -64
  2555. data/src/core/ext/upbdefs-generated/xds/annotations/v3/status.upbdefs.h +0 -51
  2556. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.c +0 -40
  2557. data/src/core/ext/upbdefs-generated/xds/annotations/v3/versioning.upbdefs.h +0 -36
  2558. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +0 -38
  2559. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +0 -36
  2560. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.c +0 -45
  2561. data/src/core/ext/upbdefs-generated/xds/core/v3/cidr.upbdefs.h +0 -36
  2562. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +0 -56
  2563. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +0 -41
  2564. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +0 -39
  2565. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +0 -41
  2566. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.c +0 -41
  2567. data/src/core/ext/upbdefs-generated/xds/core/v3/extension.upbdefs.h +0 -36
  2568. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +0 -45
  2569. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +0 -36
  2570. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +0 -61
  2571. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +0 -41
  2572. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +0 -46
  2573. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +0 -36
  2574. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.c +0 -43
  2575. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/cel.upbdefs.h +0 -36
  2576. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.c +0 -51
  2577. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/domain.upbdefs.h +0 -41
  2578. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.c +0 -36
  2579. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/http_inputs.upbdefs.h +0 -36
  2580. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.c +0 -55
  2581. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/ip.upbdefs.h +0 -41
  2582. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.c +0 -126
  2583. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/matcher.upbdefs.h +0 -81
  2584. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.c +0 -71
  2585. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/range.upbdefs.h +0 -61
  2586. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.c +0 -40
  2587. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/regex.upbdefs.h +0 -41
  2588. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.c +0 -52
  2589. data/src/core/ext/upbdefs-generated/xds/type/matcher/v3/string.upbdefs.h +0 -41
  2590. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.c +0 -60
  2591. data/src/core/ext/upbdefs-generated/xds/type/v3/cel.upbdefs.h +0 -41
  2592. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.c +0 -36
  2593. data/src/core/ext/upbdefs-generated/xds/type/v3/range.upbdefs.h +0 -46
  2594. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.c +0 -37
  2595. data/src/core/ext/upbdefs-generated/xds/type/v3/typed_struct.upbdefs.h +0 -36
  2596. data/src/core/lib/event_engine/memory_allocator.cc +0 -74
  2597. data/src/core/lib/iomgr/load_file.cc +0 -78
  2598. data/src/core/lib/iomgr/load_file.h +0 -35
  2599. data/src/core/lib/load_balancing/delegating_helper.h +0 -115
  2600. data/src/core/lib/load_balancing/lb_policy.cc +0 -98
  2601. data/src/core/lib/load_balancing/lb_policy.h +0 -478
  2602. data/src/core/lib/load_balancing/lb_policy_factory.h +0 -49
  2603. data/src/core/lib/load_balancing/lb_policy_registry.cc +0 -143
  2604. data/src/core/lib/load_balancing/lb_policy_registry.h +0 -82
  2605. data/src/core/lib/load_balancing/subchannel_interface.h +0 -141
  2606. data/src/core/lib/resolver/resolver.cc +0 -37
  2607. data/src/core/lib/resolver/resolver.h +0 -138
  2608. data/src/core/lib/resolver/resolver_factory.h +0 -78
  2609. data/src/core/lib/resolver/resolver_registry.cc +0 -164
  2610. data/src/core/lib/resolver/resolver_registry.h +0 -123
  2611. data/src/core/lib/resolver/server_address.cc +0 -89
  2612. data/src/core/lib/resolver/server_address.h +0 -86
  2613. data/src/core/lib/service_config/service_config.h +0 -89
  2614. data/src/core/lib/service_config/service_config_call_data.h +0 -116
  2615. data/src/core/lib/service_config/service_config_impl.cc +0 -198
  2616. data/src/core/lib/service_config/service_config_impl.h +0 -125
  2617. data/src/core/lib/service_config/service_config_parser.cc +0 -81
  2618. data/src/core/lib/service_config/service_config_parser.h +0 -105
  2619. data/src/core/lib/transport/pid_controller.cc +0 -51
  2620. data/src/core/lib/transport/pid_controller.h +0 -116
  2621. data/src/core/lib/transport/transport_impl.h +0 -102
  2622. data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
  2623. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
  2624. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_x86_64.cc +0 -432
  2625. data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
  2626. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
  2627. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
  2628. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
  2629. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
  2630. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
  2631. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +0 -204
  2632. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
  2633. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
  2634. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
  2635. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +0 -221
  2636. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +0 -71
  2637. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +0 -635
  2638. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +0 -135
  2639. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +0 -141
  2640. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +0 -418
  2641. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +0 -477
  2642. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +0 -599
  2643. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +0 -111
  2644. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +0 -154
  2645. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +0 -270
  2646. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +0 -122
  2647. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +0 -213
  2648. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +0 -121
  2649. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +0 -341
  2650. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +0 -555
  2651. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +0 -81
  2652. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +0 -142
  2653. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +0 -150
  2654. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +0 -225
  2655. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +0 -888
  2656. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +0 -171
  2657. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +0 -1355
  2658. data/third_party/upb/upb/alloc.h +0 -36
  2659. data/third_party/upb/upb/arena.h +0 -36
  2660. data/third_party/upb/upb/array.h +0 -36
  2661. data/third_party/upb/upb/base/log2.h +0 -57
  2662. data/third_party/upb/upb/collections/array.c +0 -151
  2663. data/third_party/upb/upb/collections/array.h +0 -91
  2664. data/third_party/upb/upb/collections/array_internal.h +0 -135
  2665. data/third_party/upb/upb/collections/map.c +0 -142
  2666. data/third_party/upb/upb/collections/map.h +0 -140
  2667. data/third_party/upb/upb/collections/map_gencode_util.h +0 -78
  2668. data/third_party/upb/upb/collections/map_internal.h +0 -170
  2669. data/third_party/upb/upb/collections/map_sorter.c +0 -166
  2670. data/third_party/upb/upb/collections/map_sorter_internal.h +0 -109
  2671. data/third_party/upb/upb/collections/message_value.h +0 -72
  2672. data/third_party/upb/upb/decode.h +0 -36
  2673. data/third_party/upb/upb/def.h +0 -36
  2674. data/third_party/upb/upb/def.hpp +0 -33
  2675. data/third_party/upb/upb/encode.h +0 -36
  2676. data/third_party/upb/upb/extension_registry.h +0 -35
  2677. data/third_party/upb/upb/map.h +0 -36
  2678. data/third_party/upb/upb/mem/arena_internal.h +0 -114
  2679. data/third_party/upb/upb/message/accessors_internal.h +0 -391
  2680. data/third_party/upb/upb/message/extension_internal.h +0 -83
  2681. data/third_party/upb/upb/message/internal.h +0 -131
  2682. data/third_party/upb/upb/msg.h +0 -36
  2683. data/third_party/upb/upb/reflection/def_builder.c +0 -357
  2684. data/third_party/upb/upb/reflection/def_builder_internal.h +0 -157
  2685. data/third_party/upb/upb/reflection/def_pool_internal.h +0 -77
  2686. data/third_party/upb/upb/reflection/desc_state_internal.h +0 -64
  2687. data/third_party/upb/upb/reflection/enum_def_internal.h +0 -56
  2688. data/third_party/upb/upb/reflection/enum_reserved_range_internal.h +0 -55
  2689. data/third_party/upb/upb/reflection/enum_value_def_internal.h +0 -57
  2690. data/third_party/upb/upb/reflection/extension_range_internal.h +0 -54
  2691. data/third_party/upb/upb/reflection/field_def_internal.h +0 -76
  2692. data/third_party/upb/upb/reflection/file_def_internal.h +0 -57
  2693. data/third_party/upb/upb/reflection/message_def_internal.h +0 -63
  2694. data/third_party/upb/upb/reflection/message_reserved_range_internal.h +0 -55
  2695. data/third_party/upb/upb/reflection/method_def_internal.h +0 -53
  2696. data/third_party/upb/upb/reflection/oneof_def_internal.h +0 -57
  2697. data/third_party/upb/upb/reflection/service_def_internal.h +0 -53
  2698. data/third_party/upb/upb/reflection.h +0 -36
  2699. data/third_party/upb/upb/reflection.hpp +0 -33
  2700. data/third_party/upb/upb/status.h +0 -36
  2701. data/third_party/upb/upb/string_view.h +0 -36
  2702. data/third_party/upb/upb/text_encode.h +0 -36
  2703. data/third_party/upb/upb/upb.h +0 -39
  2704. data/third_party/upb/upb/upb.hpp +0 -107
  2705. data/third_party/upb/upb/wire/common.h +0 -44
  2706. data/third_party/upb/upb/wire/common_internal.h +0 -50
  2707. data/third_party/upb/upb/wire/decode_internal.h +0 -163
  2708. data/third_party/upb/upb/wire/swap_internal.h +0 -63
  2709. /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
@@ -63,16 +63,21 @@
63
63
  #ifndef OPENSSL_HEADER_X509_H
64
64
  #define OPENSSL_HEADER_X509_H
65
65
 
66
- #include <openssl/asn1.h>
67
66
  #include <openssl/base.h>
67
+
68
+ #include <time.h>
69
+
70
+ #include <openssl/asn1.h>
68
71
  #include <openssl/bio.h>
69
72
  #include <openssl/cipher.h>
73
+ #include <openssl/conf.h>
70
74
  #include <openssl/dh.h>
71
75
  #include <openssl/dsa.h>
72
76
  #include <openssl/ec.h>
73
77
  #include <openssl/ecdh.h>
74
78
  #include <openssl/ecdsa.h>
75
79
  #include <openssl/evp.h>
80
+ #include <openssl/lhash.h>
76
81
  #include <openssl/obj.h>
77
82
  #include <openssl/pkcs7.h>
78
83
  #include <openssl/pool.h>
@@ -80,7 +85,7 @@
80
85
  #include <openssl/sha.h>
81
86
  #include <openssl/stack.h>
82
87
  #include <openssl/thread.h>
83
- #include <time.h>
88
+ #include <openssl/x509v3_errors.h> // IWYU pragma: export
84
89
 
85
90
  #if defined(__cplusplus)
86
91
  extern "C" {
@@ -193,11 +198,16 @@ OPENSSL_EXPORT X509_NAME *X509_get_subject_name(const X509 *x509);
193
198
  // object.
194
199
  OPENSSL_EXPORT X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509);
195
200
 
196
- // X509_get_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
197
- // public key was unsupported or could not be decoded. This function returns a
198
- // reference to the |EVP_PKEY|. The caller must release the result with
199
- // |EVP_PKEY_free| when done.
200
- OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
201
+ // X509_get0_pubkey returns |x509|'s public key as an |EVP_PKEY|, or NULL if the
202
+ // public key was unsupported or could not be decoded. The |EVP_PKEY| is cached
203
+ // in |x509|, so callers must not mutate the result.
204
+ OPENSSL_EXPORT EVP_PKEY *X509_get0_pubkey(const X509 *x509);
205
+
206
+ // X509_get_pubkey behaves like |X509_get0_pubkey| but increments the reference
207
+ // count on the |EVP_PKEY|. The caller must release the result with
208
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |x509|, so callers
209
+ // must not mutate the result.
210
+ OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(const X509 *x509);
201
211
 
202
212
  // X509_get0_pubkey_bitstr returns the BIT STRING portion of |x509|'s public
203
213
  // key. Note this does not contain the AlgorithmIdentifier portion.
@@ -207,6 +217,11 @@ OPENSSL_EXPORT EVP_PKEY *X509_get_pubkey(X509 *x509);
207
217
  // internal invariants in |x509|.
208
218
  OPENSSL_EXPORT ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x509);
209
219
 
220
+ // X509_check_private_key returns one if |x509|'s public key matches |pkey| and
221
+ // zero otherwise.
222
+ OPENSSL_EXPORT int X509_check_private_key(const X509 *x509,
223
+ const EVP_PKEY *pkey);
224
+
210
225
  // X509_get0_uids sets |*out_issuer_uid| to a non-owning pointer to the
211
226
  // issuerUID field of |x509|, or NULL if |x509| has no issuerUID. It similarly
212
227
  // outputs |x509|'s subjectUID field to |*out_subject_uid|.
@@ -217,6 +232,146 @@ OPENSSL_EXPORT void X509_get0_uids(const X509 *x509,
217
232
  const ASN1_BIT_STRING **out_issuer_uid,
218
233
  const ASN1_BIT_STRING **out_subject_uid);
219
234
 
235
+ // The following bits are returned from |X509_get_extension_flags|.
236
+
237
+ // EXFLAG_BCONS indicates the certificate has a basic constraints extension.
238
+ #define EXFLAG_BCONS 0x1
239
+ // EXFLAG_KUSAGE indicates the certifcate has a key usage extension.
240
+ #define EXFLAG_KUSAGE 0x2
241
+ // EXFLAG_XKUSAGE indicates the certifcate has an extended key usage extension.
242
+ #define EXFLAG_XKUSAGE 0x4
243
+ // EXFLAG_CA indicates the certificate has a basic constraints extension with
244
+ // the CA bit set.
245
+ #define EXFLAG_CA 0x10
246
+ // EXFLAG_SI indicates the certificate is self-issued, i.e. its subject and
247
+ // issuer names match.
248
+ #define EXFLAG_SI 0x20
249
+ // EXFLAG_V1 indicates an X.509v1 certificate.
250
+ #define EXFLAG_V1 0x40
251
+ // EXFLAG_INVALID indicates an error processing some extension. The certificate
252
+ // should not be accepted. Note the lack of this bit does not imply all
253
+ // extensions are valid, only those used to compute extension flags.
254
+ #define EXFLAG_INVALID 0x80
255
+ // EXFLAG_SET is an internal bit that indicates extension flags were computed.
256
+ #define EXFLAG_SET 0x100
257
+ // EXFLAG_CRITICAL indicates an unsupported critical extension. The certificate
258
+ // should not be accepted.
259
+ #define EXFLAG_CRITICAL 0x200
260
+ // EXFLAG_SS indicates the certificate is likely self-signed. That is, if it is
261
+ // self-issued, its authority key identifer (if any) matches itself, and its key
262
+ // usage extension (if any) allows certificate signatures. The signature itself
263
+ // is not checked in computing this bit.
264
+ #define EXFLAG_SS 0x2000
265
+
266
+ // X509_get_extension_flags decodes a set of extensions from |x509| and returns
267
+ // a collection of |EXFLAG_*| bits which reflect |x509|. If there was an error
268
+ // in computing this bitmask, the result will include the |EXFLAG_INVALID| bit.
269
+ OPENSSL_EXPORT uint32_t X509_get_extension_flags(X509 *x509);
270
+
271
+ // X509_get_pathlen returns path length constraint from the basic constraints
272
+ // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
273
+ // constraint is not present, or if some extension in |x509| was invalid.
274
+ //
275
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
276
+ // invalid extensions. To detect the error case, call
277
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
278
+ OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
279
+
280
+ // X509v3_KU_* are key usage bits returned from |X509_get_key_usage|.
281
+ #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
282
+ #define X509v3_KU_NON_REPUDIATION 0x0040
283
+ #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
284
+ #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
285
+ #define X509v3_KU_KEY_AGREEMENT 0x0008
286
+ #define X509v3_KU_KEY_CERT_SIGN 0x0004
287
+ #define X509v3_KU_CRL_SIGN 0x0002
288
+ #define X509v3_KU_ENCIPHER_ONLY 0x0001
289
+ #define X509v3_KU_DECIPHER_ONLY 0x8000
290
+
291
+ // X509_get_key_usage returns a bitmask of key usages (see Section 4.2.1.3 of
292
+ // RFC 5280) which |x509| is valid for. This function only reports the first 16
293
+ // bits, in a little-endian byte order, but big-endian bit order. That is, bits
294
+ // 0 though 7 are reported at 1<<7 through 1<<0, and bits 8 through 15 are
295
+ // reported at 1<<15 through 1<<8.
296
+ //
297
+ // Instead of depending on this bit order, callers should compare against the
298
+ // |X509v3_KU_*| constants.
299
+ //
300
+ // If |x509| has no key usage extension, all key usages are valid and this
301
+ // function returns |UINT32_MAX|. If there was an error processing |x509|'s
302
+ // extensions, or if the first 16 bits in the key usage extension were all zero,
303
+ // this function returns zero.
304
+ OPENSSL_EXPORT uint32_t X509_get_key_usage(X509 *x509);
305
+
306
+ // XKU_* are extended key usage bits returned from
307
+ // |X509_get_extended_key_usage|.
308
+ #define XKU_SSL_SERVER 0x1
309
+ #define XKU_SSL_CLIENT 0x2
310
+ #define XKU_SMIME 0x4
311
+ #define XKU_CODE_SIGN 0x8
312
+ #define XKU_SGC 0x10
313
+ #define XKU_OCSP_SIGN 0x20
314
+ #define XKU_TIMESTAMP 0x40
315
+ #define XKU_DVCS 0x80
316
+ #define XKU_ANYEKU 0x100
317
+
318
+ // X509_get_extended_key_usage returns a bitmask of extended key usages (see
319
+ // Section 4.2.1.12 of RFC 5280) which |x509| is valid for. The result will be
320
+ // a combination of |XKU_*| constants. If checking an extended key usage not
321
+ // defined above, callers should extract the extended key usage extension
322
+ // separately, e.g. via |X509_get_ext_d2i|.
323
+ //
324
+ // If |x509| has no extended key usage extension, all extended key usages are
325
+ // valid and this function returns |UINT32_MAX|. If there was an error
326
+ // processing |x509|'s extensions, or if |x509|'s extended key usage extension
327
+ // contained no recognized usages, this function returns zero.
328
+ OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x509);
329
+
330
+ // X509_get0_subject_key_id returns |x509|'s subject key identifier, if present.
331
+ // (See RFC 5280, section 4.2.1.2.) It returns NULL if the extension is not
332
+ // present or if some extension in |x509| was invalid.
333
+ //
334
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
335
+ // invalid extensions. To detect the error case, call
336
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
337
+ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509);
338
+
339
+ // X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key
340
+ // identifier, if the extension and field are present. (See RFC 5280,
341
+ // section 4.2.1.1.) It returns NULL if the extension is not present, if it is
342
+ // present but lacks a keyIdentifier field, or if some extension in |x509| was
343
+ // invalid.
344
+ //
345
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
346
+ // invalid extensions. To detect the error case, call
347
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
348
+ OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x509);
349
+
350
+ DEFINE_STACK_OF(GENERAL_NAME)
351
+ typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
352
+
353
+ // X509_get0_authority_issuer returns the authorityCertIssuer of |x509|'s
354
+ // authority key identifier, if the extension and field are present. (See
355
+ // RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
356
+ // if it is present but lacks a authorityCertIssuer field, or if some extension
357
+ // in |x509| was invalid.
358
+ //
359
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
360
+ // invalid extensions. To detect the error case, call
361
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
362
+ OPENSSL_EXPORT const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x509);
363
+
364
+ // X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s
365
+ // authority key identifier, if the extension and field are present. (See
366
+ // RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
367
+ // if it is present but lacks a authorityCertSerialNumber field, or if some
368
+ // extension in |x509| was invalid.
369
+ //
370
+ // TODO(crbug.com/boringssl/381): Decoding an |X509| object will not check for
371
+ // invalid extensions. To detect the error case, call
372
+ // |X509_get_extension_flags| and check the |EXFLAG_INVALID| bit.
373
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_get0_authority_serial(X509 *x509);
374
+
220
375
  // X509_get0_extensions returns |x509|'s extension list, or NULL if |x509| omits
221
376
  // it.
222
377
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_get0_extensions(
@@ -244,6 +399,14 @@ OPENSSL_EXPORT int X509_get_ext_by_critical(const X509 *x, int crit,
244
399
  // compatibility, but callers should not mutate the result.
245
400
  OPENSSL_EXPORT X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
246
401
 
402
+ // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
403
+ // |x509|'s extension list.
404
+ //
405
+ // WARNING: This function is difficult to use correctly. See the documentation
406
+ // for |X509V3_get_d2i| for details.
407
+ OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
408
+ int *out_critical, int *out_idx);
409
+
247
410
  // X509_get0_tbs_sigalg returns the signature algorithm in |x509|'s
248
411
  // TBSCertificate. For the outer signature algorithm, see |X509_get0_signature|.
249
412
  //
@@ -283,6 +446,30 @@ OPENSSL_EXPORT int i2d_X509_tbs(X509 *x509, unsigned char **outp);
283
446
  // validation.
284
447
  OPENSSL_EXPORT int X509_verify(X509 *x509, EVP_PKEY *pkey);
285
448
 
449
+ // X509_get1_email returns a newly-allocated list of NUL-terminated strings
450
+ // containing all email addresses in |x509|'s subject and all rfc822name names
451
+ // in |x509|'s subject alternative names. Email addresses which contain embedded
452
+ // NUL bytes are skipped.
453
+ //
454
+ // On error, or if there are no such email addresses, it returns NULL. When
455
+ // done, the caller must release the result with |X509_email_free|.
456
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_email(const X509 *x509);
457
+
458
+ // X509_get1_ocsp returns a newly-allocated list of NUL-terminated strings
459
+ // containing all OCSP URIs in |x509|. That is, it collects all URI
460
+ // AccessDescriptions with an accessMethod of id-ad-ocsp in |x509|'s authority
461
+ // information access extension. URIs which contain embedded NUL bytes are
462
+ // skipped.
463
+ //
464
+ // On error, or if there are no such URIs, it returns NULL. When done, the
465
+ // caller must release the result with |X509_email_free|.
466
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(const X509 *x509);
467
+
468
+ // X509_email_free releases memory associated with |sk|, including |sk| itself.
469
+ // Each |OPENSSL_STRING| in |sk| must be a NUL-terminated string allocated with
470
+ // |OPENSSL_malloc|. If |sk| is NULL, no action is taken.
471
+ OPENSSL_EXPORT void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
472
+
286
473
 
287
474
  // Issuing certificates.
288
475
  //
@@ -347,6 +534,15 @@ OPENSSL_EXPORT X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
347
534
  // list.
348
535
  OPENSSL_EXPORT int X509_add_ext(X509 *x, const X509_EXTENSION *ex, int loc);
349
536
 
537
+ // X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to
538
+ // |x|'s extension list.
539
+ //
540
+ // WARNING: This function may return zero or -1 on error. The caller must also
541
+ // ensure |value|'s type matches |nid|. See the documentation for
542
+ // |X509V3_add1_i2d| for details.
543
+ OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
544
+ unsigned long flags);
545
+
350
546
  // X509_sign signs |x509| with |pkey| and replaces the signature algorithm and
351
547
  // signature fields. It returns the length of the signature on success and zero
352
548
  // on error. This function uses digest algorithm |md|, or |pkey|'s default if
@@ -359,6 +555,9 @@ OPENSSL_EXPORT int X509_sign(X509 *x509, EVP_PKEY *pkey, const EVP_MD *md);
359
555
  // zero on error. The signature algorithm and parameters come from |ctx|, which
360
556
  // must have been initialized with |EVP_DigestSignInit|. The caller should
361
557
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
558
+ //
559
+ // On success or failure, this function mutates |ctx| and resets it to the empty
560
+ // state. Caller should not rely on its contents after the function returns.
362
561
  OPENSSL_EXPORT int X509_sign_ctx(X509 *x509, EVP_MD_CTX *ctx);
363
562
 
364
563
  // i2d_re_X509_tbs serializes the TBSCertificate portion of |x509|, as described
@@ -401,7 +600,9 @@ OPENSSL_EXPORT int X509_set1_signature_value(X509 *x509, const uint8_t *sig,
401
600
  // Unlike similarly-named functions, this function does not output a single
402
601
  // ASN.1 element. Directly embedding the output in a larger ASN.1 structure will
403
602
  // not behave correctly.
404
- OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
603
+ //
604
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
605
+ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, uint8_t **outp);
405
606
 
406
607
  // d2i_X509_AUX parses up to |length| bytes from |*inp| as a DER-encoded X.509
407
608
  // Certificate (RFC 5280), followed optionally by a separate, OpenSSL-specific
@@ -413,19 +614,19 @@ OPENSSL_EXPORT int i2d_X509_AUX(X509 *x509, unsigned char **outp);
413
614
  // Unlike similarly-named functions, this function does not parse a single
414
615
  // ASN.1 element. Trying to parse data directly embedded in a larger ASN.1
415
616
  // structure will not behave correctly.
416
- OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const unsigned char **inp,
617
+ OPENSSL_EXPORT X509 *d2i_X509_AUX(X509 **x509, const uint8_t **inp,
417
618
  long length);
418
619
 
419
620
  // X509_alias_set1 sets |x509|'s alias to |len| bytes from |name|. If |name| is
420
621
  // NULL, the alias is cleared instead. Aliases are not part of the certificate
421
622
  // itself and will not be serialized by |i2d_X509|.
422
- OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const unsigned char *name,
623
+ OPENSSL_EXPORT int X509_alias_set1(X509 *x509, const uint8_t *name,
423
624
  ossl_ssize_t len);
424
625
 
425
626
  // X509_keyid_set1 sets |x509|'s key ID to |len| bytes from |id|. If |id| is
426
627
  // NULL, the key ID is cleared instead. Key IDs are not part of the certificate
427
628
  // itself and will not be serialized by |i2d_X509|.
428
- OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
629
+ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const uint8_t *id,
429
630
  ossl_ssize_t len);
430
631
 
431
632
  // X509_alias_get0 looks up |x509|'s alias. If found, it sets |*out_len| to the
@@ -440,7 +641,7 @@ OPENSSL_EXPORT int X509_keyid_set1(X509 *x509, const unsigned char *id,
440
641
  // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
441
642
  // missing. Callers that target both OpenSSL and BoringSSL should set the value
442
643
  // to zero before calling this function.
443
- OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
644
+ OPENSSL_EXPORT const uint8_t *X509_alias_get0(const X509 *x509, int *out_len);
444
645
 
445
646
  // X509_keyid_get0 looks up |x509|'s key ID. If found, it sets |*out_len| to the
446
647
  // key ID's length and returns a pointer to a buffer containing the contents. If
@@ -450,29 +651,50 @@ OPENSSL_EXPORT unsigned char *X509_alias_get0(X509 *x509, int *out_len);
450
651
  // WARNING: In OpenSSL, this function did not set |*out_len| when the alias was
451
652
  // missing. Callers that target both OpenSSL and BoringSSL should set the value
452
653
  // to zero before calling this function.
453
- OPENSSL_EXPORT unsigned char *X509_keyid_get0(X509 *x509, int *out_len);
654
+ OPENSSL_EXPORT const uint8_t *X509_keyid_get0(const X509 *x509, int *out_len);
655
+
656
+ // X509_add1_trust_object configures |x509| as a valid trust anchor for |obj|.
657
+ // It returns one on success and zero on error. |obj| should be a certificate
658
+ // usage OID associated with an |X509_TRUST| object.
659
+ //
660
+ // See |X509_VERIFY_PARAM_set_trust| for details on how this value is evaluated.
661
+ OPENSSL_EXPORT int X509_add1_trust_object(X509 *x509, const ASN1_OBJECT *obj);
662
+
663
+ // X509_add1_reject_object configures |x509| as distrusted for |obj|. It returns
664
+ // one on success and zero on error. |obj| should be a certificate usage OID
665
+ // associated with an |X509_TRUST| object.
666
+ //
667
+ // See |X509_VERIFY_PARAM_set_trust| for details on how this value is evaluated.
668
+ OPENSSL_EXPORT int X509_add1_reject_object(X509 *x509, const ASN1_OBJECT *obj);
669
+
670
+ // X509_trust_clear clears the list of OIDs for which |x509| is trusted. See
671
+ // also |X509_add1_trust_object|.
672
+ OPENSSL_EXPORT void X509_trust_clear(X509 *x509);
673
+
674
+ // X509_reject_clear clears the list of OIDs for which |x509| is distrusted. See
675
+ // also |X509_add1_reject_object|.
676
+ OPENSSL_EXPORT void X509_reject_clear(X509 *x509);
454
677
 
455
678
 
456
679
  // Certificate revocation lists.
457
680
  //
458
681
  // An |X509_CRL| object represents an X.509 certificate revocation list (CRL),
459
- // defined in RFC 5280. A CRL is a signed list of certificates which are no
460
- // longer considered valid.
682
+ // defined in RFC 5280. A CRL is a signed list of certificates, the
683
+ // revokedCertificates field, which are no longer considered valid. Each entry
684
+ // of this list is represented with an |X509_REVOKED| object, documented in the
685
+ // "CRL entries" section below.
461
686
  //
462
- // Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| can give
463
- // incorrect results. Callers typically obtain |X509_CRL|s by parsing some input
464
- // with |d2i_X509_CRL|, etc. Such objects carry information such as the
465
- // serialized TBSCertList and decoded extensions, which will become inconsistent
466
- // when mutated.
687
+ // Although an |X509_CRL| is a mutable object, mutating an |X509_CRL| or its
688
+ // |X509_REVOKED|s can give incorrect results. Callers typically obtain
689
+ // |X509_CRL|s by parsing some input with |d2i_X509_CRL|, etc. Such objects
690
+ // carry information such as the serialized TBSCertList and decoded extensions,
691
+ // which will become inconsistent when mutated.
467
692
  //
468
693
  // Instead, mutation functions should only be used when issuing new CRLs, as
469
694
  // described in a later section.
470
695
 
471
696
  DEFINE_STACK_OF(X509_CRL)
472
-
473
- // X509_CRL is an |ASN1_ITEM| whose ASN.1 type is X.509 CertificateList (RFC
474
- // 5280) and C type is |X509_CRL*|.
475
- DECLARE_ASN1_ITEM(X509_CRL)
697
+ DEFINE_STACK_OF(X509_REVOKED)
476
698
 
477
699
  // X509_CRL_up_ref adds one to the reference count of |crl| and returns one.
478
700
  OPENSSL_EXPORT int X509_CRL_up_ref(X509_CRL *crl);
@@ -522,6 +744,24 @@ OPENSSL_EXPORT const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
522
744
  // const-correct for legacy reasons.
523
745
  OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
524
746
 
747
+ // X509_CRL_get0_by_serial finds the entry in |crl| whose serial number is
748
+ // |serial|. If found, it sets |*out| to the entry and returns one. If not
749
+ // found, it returns zero.
750
+ //
751
+ // On success, |*out| continues to be owned by |crl|. It is an error to free or
752
+ // otherwise modify |*out|.
753
+ //
754
+ // TODO(crbug.com/boringssl/600): Ideally |crl| would be const. It is broadly
755
+ // thread-safe, but changes the order of entries in |crl|. It cannot be called
756
+ // concurrently with |i2d_X509_CRL|.
757
+ OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **out,
758
+ const ASN1_INTEGER *serial);
759
+
760
+ // X509_CRL_get0_by_cert behaves like |X509_CRL_get0_by_serial|, except it looks
761
+ // for the entry that matches |x509|.
762
+ OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **out,
763
+ X509 *x509);
764
+
525
765
  // X509_CRL_get_REVOKED returns the list of revoked certificates in |crl|, or
526
766
  // NULL if |crl| omits it.
527
767
  //
@@ -531,7 +771,9 @@ OPENSSL_EXPORT X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
531
771
  OPENSSL_EXPORT STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
532
772
 
533
773
  // X509_CRL_get0_extensions returns |crl|'s extension list, or NULL if |crl|
534
- // omits it.
774
+ // omits it. A CRL can have extensions on individual entries, which is
775
+ // |X509_REVOKED_get0_extensions|, or on the overall CRL, which is this
776
+ // function.
535
777
  OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(
536
778
  const X509_CRL *crl);
537
779
 
@@ -558,6 +800,14 @@ OPENSSL_EXPORT int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit,
558
800
  // compatibility, but callers should not mutate the result.
559
801
  OPENSSL_EXPORT X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
560
802
 
803
+ // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
804
+ // extension in |crl|'s extension list.
805
+ //
806
+ // WARNING: This function is difficult to use correctly. See the documentation
807
+ // for |X509V3_get_d2i| for details.
808
+ OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
809
+ int *out_critical, int *out_idx);
810
+
561
811
  // X509_CRL_get0_signature sets |*out_sig| and |*out_alg| to the signature and
562
812
  // signature algorithm of |crl|, respectively. Either output pointer may be NULL
563
813
  // to ignore the value.
@@ -619,6 +869,15 @@ OPENSSL_EXPORT int X509_CRL_set1_lastUpdate(X509_CRL *crl, const ASN1_TIME *tm);
619
869
  // on success and zero on error.
620
870
  OPENSSL_EXPORT int X509_CRL_set1_nextUpdate(X509_CRL *crl, const ASN1_TIME *tm);
621
871
 
872
+ // X509_CRL_add0_revoked adds |rev| to |crl|. On success, it takes ownership of
873
+ // |rev| and returns one. On error, it returns zero. If this function fails, the
874
+ // caller retains ownership of |rev| and must release it when done.
875
+ OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
876
+
877
+ // X509_CRL_sort sorts the entries in |crl| by serial number. It returns one on
878
+ // success and zero on error.
879
+ OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
880
+
622
881
  // X509_CRL_delete_ext removes the extension in |x| at index |loc| and returns
623
882
  // the removed extension, or NULL if |loc| was out of bounds. If non-NULL, the
624
883
  // caller must release the result with |X509_EXTENSION_free|.
@@ -634,6 +893,15 @@ OPENSSL_EXPORT X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
634
893
  OPENSSL_EXPORT int X509_CRL_add_ext(X509_CRL *x, const X509_EXTENSION *ex,
635
894
  int loc);
636
895
 
896
+ // X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension
897
+ // to |x|'s extension list.
898
+ //
899
+ // WARNING: This function may return zero or -1 on error. The caller must also
900
+ // ensure |value|'s type matches |nid|. See the documentation for
901
+ // |X509V3_add1_i2d| for details.
902
+ OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
903
+ int crit, unsigned long flags);
904
+
637
905
  // X509_CRL_sign signs |crl| with |pkey| and replaces the signature algorithm
638
906
  // and signature fields. It returns the length of the signature on success and
639
907
  // zero on error. This function uses digest algorithm |md|, or |pkey|'s default
@@ -647,6 +915,9 @@ OPENSSL_EXPORT int X509_CRL_sign(X509_CRL *crl, EVP_PKEY *pkey,
647
915
  // zero on error. The signature algorithm and parameters come from |ctx|, which
648
916
  // must have been initialized with |EVP_DigestSignInit|. The caller should
649
917
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
918
+ //
919
+ // On success or failure, this function mutates |ctx| and resets it to the empty
920
+ // state. Caller should not rely on its contents after the function returns.
650
921
  OPENSSL_EXPORT int X509_CRL_sign_ctx(X509_CRL *crl, EVP_MD_CTX *ctx);
651
922
 
652
923
  // i2d_re_X509_CRL_tbs serializes the TBSCertList portion of |crl|, as described
@@ -677,6 +948,123 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
677
948
  size_t sig_len);
678
949
 
679
950
 
951
+ // CRL entries.
952
+ //
953
+ // Each entry of a CRL is represented as an |X509_REVOKED| object, which
954
+ // describes a revoked certificate by serial number.
955
+ //
956
+ // When an |X509_REVOKED| is obtained from an |X509_CRL| object, it is an error
957
+ // to mutate the object. Doing so may break |X509_CRL|'s and cause the library
958
+ // to behave incorrectly.
959
+
960
+ // X509_REVOKED_new returns a newly-allocated, empty |X509_REVOKED| object, or
961
+ // NULL on allocation error.
962
+ OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_new(void);
963
+
964
+ // X509_REVOKED_free releases memory associated with |rev|.
965
+ OPENSSL_EXPORT void X509_REVOKED_free(X509_REVOKED *rev);
966
+
967
+ // d2i_X509_REVOKED parses up to |len| bytes from |*inp| as a DER-encoded X.509
968
+ // CRL entry, as described in |d2i_SAMPLE|.
969
+ OPENSSL_EXPORT X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **out,
970
+ const uint8_t **inp, long len);
971
+
972
+ // i2d_X509_REVOKED marshals |alg| as a DER-encoded X.509 CRL entry, as
973
+ // described in |i2d_SAMPLE|.
974
+ OPENSSL_EXPORT int i2d_X509_REVOKED(const X509_REVOKED *alg, uint8_t **outp);
975
+
976
+ // X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
977
+ // This function works by serializing the structure, so if |rev| is incomplete,
978
+ // it may fail.
979
+ OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
980
+
981
+ // X509_REVOKED_get0_serialNumber returns the serial number of the certificate
982
+ // revoked by |revoked|.
983
+ OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
984
+ const X509_REVOKED *revoked);
985
+
986
+ // X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It
987
+ // returns one on success or zero on error.
988
+ OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
989
+ const ASN1_INTEGER *serial);
990
+
991
+ // X509_REVOKED_get0_revocationDate returns the revocation time of the
992
+ // certificate revoked by |revoked|.
993
+ OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
994
+ const X509_REVOKED *revoked);
995
+
996
+ // X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It
997
+ // returns one on success or zero on error.
998
+ OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
999
+ const ASN1_TIME *tm);
1000
+
1001
+ // X509_REVOKED_get0_extensions returns |r|'s extensions list, or NULL if |r|
1002
+ // omits it. A CRL can have extensions on individual entries, which is this
1003
+ // function, or on the overall CRL, which is |X509_CRL_get0_extensions|.
1004
+ OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
1005
+ const X509_REVOKED *r);
1006
+
1007
+ // X509_REVOKED_get_ext_count returns the number of extensions in |x|.
1008
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
1009
+
1010
+ // X509_REVOKED_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches
1011
+ // for extensions in |x|.
1012
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
1013
+ int lastpos);
1014
+
1015
+ // X509_REVOKED_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches
1016
+ // for extensions in |x|.
1017
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
1018
+ const ASN1_OBJECT *obj,
1019
+ int lastpos);
1020
+
1021
+ // X509_REVOKED_get_ext_by_critical behaves like |X509v3_get_ext_by_critical|
1022
+ // but searches for extensions in |x|.
1023
+ OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
1024
+ int crit, int lastpos);
1025
+
1026
+ // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
1027
+ // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
1028
+ // compatibility, but callers should not mutate the result.
1029
+ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
1030
+ int loc);
1031
+
1032
+ // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
1033
+ // returns the removed extension, or NULL if |loc| was out of bounds. If
1034
+ // non-NULL, the caller must release the result with |X509_EXTENSION_free|.
1035
+ OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
1036
+ int loc);
1037
+
1038
+ // X509_REVOKED_add_ext adds a copy of |ex| to |x|. It returns one on success
1039
+ // and zero on failure. The caller retains ownership of |ex| and can release it
1040
+ // independently of |x|.
1041
+ //
1042
+ // The new extension is inserted at index |loc|, shifting extensions to the
1043
+ // right. If |loc| is -1 or out of bounds, the new extension is appended to the
1044
+ // list.
1045
+ OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
1046
+ const X509_EXTENSION *ex, int loc);
1047
+
1048
+ // X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
1049
+ // extension in |revoked|'s extension list.
1050
+ //
1051
+ // WARNING: This function is difficult to use correctly. See the documentation
1052
+ // for |X509V3_get_d2i| for details.
1053
+ OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked,
1054
+ int nid, int *out_critical,
1055
+ int *out_idx);
1056
+
1057
+ // X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the
1058
+ // extension to |x|'s extension list.
1059
+ //
1060
+ // WARNING: This function may return zero or -1 on error. The caller must also
1061
+ // ensure |value|'s type matches |nid|. See the documentation for
1062
+ // |X509V3_add1_i2d| for details.
1063
+ OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
1064
+ void *value, int crit,
1065
+ unsigned long flags);
1066
+
1067
+
680
1068
  // Certificate requests.
681
1069
  //
682
1070
  // An |X509_REQ| represents a PKCS #10 certificate request (RFC 2986). These are
@@ -692,10 +1080,6 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
692
1080
  // Instead, mutation functions should only be used when issuing new CRLs, as
693
1081
  // described in a later section.
694
1082
 
695
- // X509_REQ is an |ASN1_ITEM| whose ASN.1 type is CertificateRequest (RFC 2986)
696
- // and C type is |X509_REQ*|.
697
- DECLARE_ASN1_ITEM(X509_REQ)
698
-
699
1083
  // X509_REQ_dup returns a newly-allocated copy of |req|, or NULL on error. This
700
1084
  // function works by serializing the structure, so if |req| is incomplete, it
701
1085
  // may fail.
@@ -735,11 +1119,21 @@ OPENSSL_EXPORT long X509_REQ_get_version(const X509_REQ *req);
735
1119
  // not const-correct for legacy reasons.
736
1120
  OPENSSL_EXPORT X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
737
1121
 
738
- // X509_REQ_get_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
739
- // the public key was unsupported or could not be decoded. This function returns
740
- // a reference to the |EVP_PKEY|. The caller must release the result with
741
- // |EVP_PKEY_free| when done.
742
- OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
1122
+ // X509_REQ_get0_pubkey returns |req|'s public key as an |EVP_PKEY|, or NULL if
1123
+ // the public key was unsupported or could not be decoded. The |EVP_PKEY| is
1124
+ // cached in |req|, so callers must not mutate the result.
1125
+ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get0_pubkey(const X509_REQ *req);
1126
+
1127
+ // X509_REQ_get_pubkey behaves like |X509_REQ_get0_pubkey| but increments the
1128
+ // reference count on the |EVP_PKEY|. The caller must release the result with
1129
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |req|, so callers must
1130
+ // not mutate the result.
1131
+ OPENSSL_EXPORT EVP_PKEY *X509_REQ_get_pubkey(const X509_REQ *req);
1132
+
1133
+ // X509_REQ_check_private_key returns one if |req|'s public key matches |pkey|
1134
+ // and zero otherwise.
1135
+ OPENSSL_EXPORT int X509_REQ_check_private_key(const X509_REQ *req,
1136
+ const EVP_PKEY *pkey);
743
1137
 
744
1138
  // X509_REQ_get_attr_count returns the number of attributes in |req|.
745
1139
  OPENSSL_EXPORT int X509_REQ_get_attr_count(const X509_REQ *req);
@@ -770,16 +1164,18 @@ OPENSSL_EXPORT int X509_REQ_get_attr_by_OBJ(const X509_REQ *req,
770
1164
  // (a Microsoft szOID_CERT_EXTENSIONS variant).
771
1165
  OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
772
1166
 
773
- // X509_REQ_get_extensions decodes the list of requested extensions in |req| and
774
- // returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result.
775
- // It returns NULL on error, or if |req| did not request extensions.
1167
+ // X509_REQ_get_extensions decodes the most preferred list of requested
1168
+ // extensions in |req| and returns a newly-allocated |STACK_OF(X509_EXTENSION)|
1169
+ // containing the result. It returns NULL on error, or if |req| did not request
1170
+ // extensions.
776
1171
  //
777
1172
  // CSRs do not store extensions directly. Instead there are attribute types
778
1173
  // which are defined to hold extensions. See |X509_REQ_extension_nid|. This
779
1174
  // function supports both pkcs-9-at-extensionRequest from RFC 2985 and the
780
1175
  // Microsoft szOID_CERT_EXTENSIONS variant. If both are present,
781
1176
  // pkcs-9-at-extensionRequest is preferred.
782
- OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
1177
+ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(
1178
+ const X509_REQ *req);
783
1179
 
784
1180
  // X509_REQ_get0_signature sets |*out_sig| and |*out_alg| to the signature and
785
1181
  // signature algorithm of |req|, respectively. Either output pointer may be NULL
@@ -797,6 +1193,17 @@ OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
797
1193
  // one if the signature is valid and zero otherwise.
798
1194
  OPENSSL_EXPORT int X509_REQ_verify(X509_REQ *req, EVP_PKEY *pkey);
799
1195
 
1196
+ // X509_REQ_get1_email returns a newly-allocated list of NUL-terminated strings
1197
+ // containing all email addresses in |req|'s subject and all rfc822name names
1198
+ // in |req|'s subject alternative names. The subject alternative names extension
1199
+ // is extracted from the result of |X509_REQ_get_extensions|. Email addresses
1200
+ // which contain embedded NUL bytes are skipped.
1201
+ //
1202
+ // On error, or if there are no such email addresses, it returns NULL. When
1203
+ // done, the caller must release the result with |X509_email_free|.
1204
+ OPENSSL_EXPORT STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(
1205
+ const X509_REQ *req);
1206
+
800
1207
 
801
1208
  // Issuing certificate requests.
802
1209
  //
@@ -886,6 +1293,9 @@ OPENSSL_EXPORT int X509_REQ_sign(X509_REQ *req, EVP_PKEY *pkey,
886
1293
  // zero on error. The signature algorithm and parameters come from |ctx|, which
887
1294
  // must have been initialized with |EVP_DigestSignInit|. The caller should
888
1295
  // configure the corresponding |EVP_PKEY_CTX| before calling this function.
1296
+ //
1297
+ // On success or failure, this function mutates |ctx| and resets it to the empty
1298
+ // state. Caller should not rely on its contents after the function returns.
889
1299
  OPENSSL_EXPORT int X509_REQ_sign_ctx(X509_REQ *req, EVP_MD_CTX *ctx);
890
1300
 
891
1301
  // i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
@@ -944,8 +1354,7 @@ DEFINE_STACK_OF(X509_NAME)
944
1354
  // type is |X509_NAME*|.
945
1355
  DECLARE_ASN1_ITEM(X509_NAME)
946
1356
 
947
- // X509_NAME_new returns a new, empty |X509_NAME_new|, or NULL on
948
- // error.
1357
+ // X509_NAME_new returns a new, empty |X509_NAME|, or NULL on error.
949
1358
  OPENSSL_EXPORT X509_NAME *X509_NAME_new(void);
950
1359
 
951
1360
  // X509_NAME_free releases memory associated with |name|.
@@ -971,12 +1380,30 @@ OPENSSL_EXPORT int i2d_X509_NAME(X509_NAME *in, uint8_t **outp);
971
1380
  // mutated.
972
1381
  OPENSSL_EXPORT X509_NAME *X509_NAME_dup(X509_NAME *name);
973
1382
 
974
- // X509_NAME_get0_der sets |*out_der| and |*out_der_len|
1383
+ // X509_NAME_cmp compares |a| and |b|'s canonicalized forms. It returns zero if
1384
+ // they are equal, one if |a| sorts after |b|, -1 if |b| sorts after |a|, and -2
1385
+ // on error.
1386
+ //
1387
+ // TODO(https://crbug.com/boringssl/407): This function is const, but it is not
1388
+ // always thread-safe, notably if |name| was mutated.
1389
+ //
1390
+ // TODO(https://crbug.com/boringssl/355): The -2 return is very inconvenient to
1391
+ // pass to a sorting function. Can we make this infallible? In the meantime,
1392
+ // prefer to use this function only for equality checks rather than comparisons.
1393
+ // Although even the library itself passes this to a sorting function.
1394
+ OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
1395
+
1396
+ // X509_NAME_get0_der marshals |name| as a DER-encoded X.509 Name (RFC 5280). On
1397
+ // success, it returns one and sets |*out_der| and |*out_der_len| to a buffer
1398
+ // containing the result. Otherwise, it returns zero. |*out_der| is owned by
1399
+ // |name| and must not be freed by the caller. It is invalidated after |name| is
1400
+ // mutated or freed.
975
1401
  //
976
1402
  // Avoid this function and prefer |i2d_X509_NAME|. It is one of the reasons
977
- // these functions are not consistently thread-safe or const-correct. Depending
978
- // on the resolution of https://crbug.com/boringssl/407, this function may be
979
- // removed or cause poor performance.
1403
+ // |X509_NAME| functions, including this one, are not consistently thread-safe
1404
+ // or const-correct. Depending on the resolution of
1405
+ // https://crbug.com/boringssl/407, this function may be removed or cause poor
1406
+ // performance.
980
1407
  OPENSSL_EXPORT int X509_NAME_get0_der(X509_NAME *name, const uint8_t **out_der,
981
1408
  size_t *out_der_len);
982
1409
 
@@ -1063,28 +1490,12 @@ OPENSSL_EXPORT int X509_NAME_add_entry_by_txt(X509_NAME *name,
1063
1490
  ossl_ssize_t len, int loc,
1064
1491
  int set);
1065
1492
 
1066
- // X509_NAME_ENTRY is an |ASN1_ITEM| whose ASN.1 type is AttributeTypeAndValue
1067
- // (RFC 5280) and C type is |X509_NAME_ENTRY*|.
1068
- DECLARE_ASN1_ITEM(X509_NAME_ENTRY)
1069
-
1070
- // X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY_new|, or NULL on
1071
- // error.
1493
+ // X509_NAME_ENTRY_new returns a new, empty |X509_NAME_ENTRY|, or NULL on error.
1072
1494
  OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
1073
1495
 
1074
1496
  // X509_NAME_ENTRY_free releases memory associated with |entry|.
1075
1497
  OPENSSL_EXPORT void X509_NAME_ENTRY_free(X509_NAME_ENTRY *entry);
1076
1498
 
1077
- // d2i_X509_NAME_ENTRY parses up to |len| bytes from |*inp| as a DER-encoded
1078
- // AttributeTypeAndValue (RFC 5280), as described in |d2i_SAMPLE|.
1079
- OPENSSL_EXPORT X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **out,
1080
- const uint8_t **inp,
1081
- long len);
1082
-
1083
- // i2d_X509_NAME_ENTRY marshals |in| as a DER-encoded AttributeTypeAndValue (RFC
1084
- // 5280), as described in |i2d_SAMPLE|.
1085
- OPENSSL_EXPORT int i2d_X509_NAME_ENTRY(const X509_NAME_ENTRY *in,
1086
- uint8_t **outp);
1087
-
1088
1499
  // X509_NAME_ENTRY_dup returns a newly-allocated copy of |entry|, or NULL on
1089
1500
  // error.
1090
1501
  OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_dup(
@@ -1160,6 +1571,81 @@ OPENSSL_EXPORT X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(
1160
1571
  ossl_ssize_t len);
1161
1572
 
1162
1573
 
1574
+ // Public keys.
1575
+ //
1576
+ // X.509 encodes public keys as SubjectPublicKeyInfo (RFC 5280), sometimes
1577
+ // referred to as SPKI. These are represented in this library by |X509_PUBKEY|.
1578
+
1579
+ // X509_PUBKEY_new returns a newly-allocated, empty |X509_PUBKEY| object, or
1580
+ // NULL on error.
1581
+ OPENSSL_EXPORT X509_PUBKEY *X509_PUBKEY_new(void);
1582
+
1583
+ // X509_PUBKEY_free releases memory associated with |key|.
1584
+ OPENSSL_EXPORT void X509_PUBKEY_free(X509_PUBKEY *key);
1585
+
1586
+ // d2i_X509_PUBKEY parses up to |len| bytes from |*inp| as a DER-encoded
1587
+ // SubjectPublicKeyInfo, as described in |d2i_SAMPLE|.
1588
+ OPENSSL_EXPORT X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **out,
1589
+ const uint8_t **inp, long len);
1590
+
1591
+ // i2d_X509_PUBKEY marshals |key| as a DER-encoded SubjectPublicKeyInfo, as
1592
+ // described in |i2d_SAMPLE|.
1593
+ OPENSSL_EXPORT int i2d_X509_PUBKEY(const X509_PUBKEY *key, uint8_t **outp);
1594
+
1595
+ // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
1596
+ // structure. On success, it frees |*x| if non-NULL, then sets |*x| to the new
1597
+ // object, and returns one. Otherwise, it returns zero.
1598
+ OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
1599
+
1600
+ // X509_PUBKEY_get0 returns |key| as an |EVP_PKEY|, or NULL if |key| either
1601
+ // could not be parsed or is an unrecognized algorithm. The |EVP_PKEY| is cached
1602
+ // in |key|, so callers must not mutate the result.
1603
+ OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get0(const X509_PUBKEY *key);
1604
+
1605
+ // X509_PUBKEY_get behaves like |X509_PUBKEY_get0| but increments the reference
1606
+ // count on the |EVP_PKEY|. The caller must release the result with
1607
+ // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
1608
+ // not mutate the result.
1609
+ OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(const X509_PUBKEY *key);
1610
+
1611
+ // X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
1612
+ // determined by |obj|, |param_type|, and |param_value|, and an encoded
1613
+ // public key of |key|. On success, it gives |pub| ownership of all the other
1614
+ // parameters and returns one. Otherwise, it returns zero. |key| must have been
1615
+ // allocated by |OPENSSL_malloc|. |obj| and, if applicable, |param_value| must
1616
+ // not be freed after a successful call, and must have been allocated in a
1617
+ // manner compatible with |ASN1_OBJECT_free| or |ASN1_STRING_free|.
1618
+ //
1619
+ // |obj|, |param_type|, and |param_value| are interpreted as in
1620
+ // |X509_ALGOR_set0|. See |X509_ALGOR_set0| for details.
1621
+ OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *obj,
1622
+ int param_type, void *param_value,
1623
+ uint8_t *key, int key_len);
1624
+
1625
+ // X509_PUBKEY_get0_param outputs fields of |pub| and returns one. If |out_obj|
1626
+ // is not NULL, it sets |*out_obj| to AlgorithmIdentifier's OID. If |out_key|
1627
+ // is not NULL, it sets |*out_key| and |*out_key_len| to the encoded public key.
1628
+ // If |out_alg| is not NULL, it sets |*out_alg| to the AlgorithmIdentifier.
1629
+ //
1630
+ // All pointers outputted by this function are internal to |pub| and must not be
1631
+ // freed by the caller. Additionally, although some outputs are non-const,
1632
+ // callers must not mutate the resulting objects.
1633
+ //
1634
+ // Note: X.509 SubjectPublicKeyInfo structures store the encoded public key as a
1635
+ // BIT STRING. |*out_key| and |*out_key_len| will silently pad the key with zero
1636
+ // bits if |pub| did not contain a whole number of bytes. Use
1637
+ // |X509_PUBKEY_get0_public_key| to preserve this information.
1638
+ OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **out_obj,
1639
+ const uint8_t **out_key,
1640
+ int *out_key_len,
1641
+ X509_ALGOR **out_alg,
1642
+ X509_PUBKEY *pub);
1643
+
1644
+ // X509_PUBKEY_get0_public_key returns |pub|'s encoded public key.
1645
+ OPENSSL_EXPORT const ASN1_BIT_STRING *X509_PUBKEY_get0_public_key(
1646
+ const X509_PUBKEY *pub);
1647
+
1648
+
1163
1649
  // Extensions.
1164
1650
  //
1165
1651
  // X.509 certificates and CRLs may contain a list of extensions (RFC 5280).
@@ -1250,10 +1736,6 @@ OPENSSL_EXPORT int X509_EXTENSION_set_data(X509_EXTENSION *ex,
1250
1736
  DEFINE_STACK_OF(X509_EXTENSION)
1251
1737
  typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
1252
1738
 
1253
- // X509_EXTENSIONS is an |ASN1_ITEM| whose ASN.1 type is SEQUENCE of Extension
1254
- // (RFC 5280) and C type is |STACK_OF(X509_EXTENSION)*|.
1255
- DECLARE_ASN1_ITEM(X509_EXTENSIONS)
1256
-
1257
1739
  // d2i_X509_EXTENSIONS parses up to |len| bytes from |*inp| as a DER-encoded
1258
1740
  // SEQUENCE OF Extension (RFC 5280), as described in |d2i_SAMPLE|.
1259
1741
  OPENSSL_EXPORT X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **out,
@@ -1317,7 +1799,182 @@ OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509v3_add_ext(
1317
1799
  STACK_OF(X509_EXTENSION) **x, const X509_EXTENSION *ex, int loc);
1318
1800
 
1319
1801
 
1320
- // Algorithm identifiers.
1802
+ // General names.
1803
+ //
1804
+ // A |GENERAL_NAME| represents an X.509 GeneralName structure, defined in RFC
1805
+ // 5280, Section 4.2.1.6. General names are distinct from names (|X509_NAME|). A
1806
+ // general name is a CHOICE type which may contain one of several name types,
1807
+ // most commonly a DNS name or an IP address. General names most commonly appear
1808
+ // in the subject alternative name (SAN) extension, though they are also used in
1809
+ // other extensions.
1810
+ //
1811
+ // Many extensions contain a SEQUENCE OF GeneralName, or GeneralNames, so
1812
+ // |STACK_OF(GENERAL_NAME)| is defined and aliased to |GENERAL_NAMES|.
1813
+
1814
+ typedef struct otherName_st {
1815
+ ASN1_OBJECT *type_id;
1816
+ ASN1_TYPE *value;
1817
+ } OTHERNAME;
1818
+
1819
+ typedef struct EDIPartyName_st {
1820
+ ASN1_STRING *nameAssigner;
1821
+ ASN1_STRING *partyName;
1822
+ } EDIPARTYNAME;
1823
+
1824
+ // GEN_* are constants for the |type| field of |GENERAL_NAME|, defined below.
1825
+ #define GEN_OTHERNAME 0
1826
+ #define GEN_EMAIL 1
1827
+ #define GEN_DNS 2
1828
+ #define GEN_X400 3
1829
+ #define GEN_DIRNAME 4
1830
+ #define GEN_EDIPARTY 5
1831
+ #define GEN_URI 6
1832
+ #define GEN_IPADD 7
1833
+ #define GEN_RID 8
1834
+
1835
+ // A GENERAL_NAME_st, aka |GENERAL_NAME|, represents an X.509 GeneralName. The
1836
+ // |type| field determines which member of |d| is active. A |GENERAL_NAME| may
1837
+ // also be empty, in which case |type| is -1 and |d| is NULL. Empty
1838
+ // |GENERAL_NAME|s are invalid and will never be returned from the parser, but
1839
+ // may be created temporarily, e.g. by |GENERAL_NAME_new|.
1840
+ struct GENERAL_NAME_st {
1841
+ int type;
1842
+ union {
1843
+ char *ptr;
1844
+ OTHERNAME *otherName;
1845
+ ASN1_IA5STRING *rfc822Name;
1846
+ ASN1_IA5STRING *dNSName;
1847
+ ASN1_STRING *x400Address;
1848
+ X509_NAME *directoryName;
1849
+ EDIPARTYNAME *ediPartyName;
1850
+ ASN1_IA5STRING *uniformResourceIdentifier;
1851
+ ASN1_OCTET_STRING *iPAddress;
1852
+ ASN1_OBJECT *registeredID;
1853
+
1854
+ // Old names
1855
+ ASN1_OCTET_STRING *ip; // iPAddress
1856
+ X509_NAME *dirn; // dirn
1857
+ ASN1_IA5STRING *ia5; // rfc822Name, dNSName, uniformResourceIdentifier
1858
+ ASN1_OBJECT *rid; // registeredID
1859
+ } d;
1860
+ } /* GENERAL_NAME */;
1861
+
1862
+ // GENERAL_NAME_new returns a new, empty |GENERAL_NAME|, or NULL on error.
1863
+ OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_new(void);
1864
+
1865
+ // GENERAL_NAME_free releases memory associated with |gen|.
1866
+ OPENSSL_EXPORT void GENERAL_NAME_free(GENERAL_NAME *gen);
1867
+
1868
+ // d2i_GENERAL_NAME parses up to |len| bytes from |*inp| as a DER-encoded X.509
1869
+ // GeneralName (RFC 5280), as described in |d2i_SAMPLE|.
1870
+ OPENSSL_EXPORT GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **out,
1871
+ const uint8_t **inp, long len);
1872
+
1873
+ // i2d_GENERAL_NAME marshals |in| as a DER-encoded X.509 GeneralName (RFC 5280),
1874
+ // as described in |i2d_SAMPLE|.
1875
+ //
1876
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1877
+ // thread-safe but is currently neither in some cases, notably if |in| is an
1878
+ // directoryName and the |X509_NAME| has been modified.
1879
+ OPENSSL_EXPORT int i2d_GENERAL_NAME(GENERAL_NAME *in, uint8_t **outp);
1880
+
1881
+ // GENERAL_NAME_dup returns a newly-allocated copy of |gen|, or NULL on error.
1882
+ // This function works by serializing the structure, so it will fail if |gen| is
1883
+ // empty.
1884
+ //
1885
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1886
+ // thread-safe but is currently neither in some cases, notably if |gen| is an
1887
+ // directoryName and the |X509_NAME| has been modified.
1888
+ OPENSSL_EXPORT GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *gen);
1889
+
1890
+ // GENERAL_NAMES_new returns a new, empty |GENERAL_NAMES|, or NULL on error.
1891
+ OPENSSL_EXPORT GENERAL_NAMES *GENERAL_NAMES_new(void);
1892
+
1893
+ // GENERAL_NAMES_free releases memory associated with |gens|.
1894
+ OPENSSL_EXPORT void GENERAL_NAMES_free(GENERAL_NAMES *gens);
1895
+
1896
+ // d2i_GENERAL_NAMES parses up to |len| bytes from |*inp| as a DER-encoded
1897
+ // SEQUENCE OF GeneralName, as described in |d2i_SAMPLE|.
1898
+ OPENSSL_EXPORT GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **out,
1899
+ const uint8_t **inp, long len);
1900
+
1901
+ // i2d_GENERAL_NAMES marshals |in| as a DER-encoded SEQUENCE OF GeneralName, as
1902
+ // described in |i2d_SAMPLE|.
1903
+ //
1904
+ // TODO(https://crbug.com/boringssl/407): This function should be const and
1905
+ // thread-safe but is currently neither in some cases, notably if some element
1906
+ // of |in| is an directoryName and the |X509_NAME| has been modified.
1907
+ OPENSSL_EXPORT int i2d_GENERAL_NAMES(GENERAL_NAMES *in, uint8_t **outp);
1908
+
1909
+ // OTHERNAME_new returns a new, empty |OTHERNAME|, or NULL on error.
1910
+ OPENSSL_EXPORT OTHERNAME *OTHERNAME_new(void);
1911
+
1912
+ // OTHERNAME_free releases memory associated with |name|.
1913
+ OPENSSL_EXPORT void OTHERNAME_free(OTHERNAME *name);
1914
+
1915
+ // EDIPARTYNAME_new returns a new, empty |EDIPARTYNAME|, or NULL on error.
1916
+ // EDIPartyName is rarely used in practice, so callers are unlikely to need this
1917
+ // function.
1918
+ OPENSSL_EXPORT EDIPARTYNAME *EDIPARTYNAME_new(void);
1919
+
1920
+ // EDIPARTYNAME_free releases memory associated with |name|. EDIPartyName is
1921
+ // rarely used in practice, so callers are unlikely to need this function.
1922
+ OPENSSL_EXPORT void EDIPARTYNAME_free(EDIPARTYNAME *name);
1923
+
1924
+ // GENERAL_NAME_set0_value set |gen|'s type and value to |type| and |value|.
1925
+ // |type| must be a |GEN_*| constant and |value| must be an object of the
1926
+ // corresponding type. |gen| takes ownership of |value|, so |value| must have
1927
+ // been an allocated object.
1928
+ //
1929
+ // WARNING: |gen| must be empty (typically as returned from |GENERAL_NAME_new|)
1930
+ // before calling this function. If |gen| already contained a value, the
1931
+ // previous contents will be leaked.
1932
+ OPENSSL_EXPORT void GENERAL_NAME_set0_value(GENERAL_NAME *gen, int type,
1933
+ void *value);
1934
+
1935
+ // GENERAL_NAME_get0_value returns the in-memory representation of |gen|'s
1936
+ // contents and, |out_type| is not NULL, sets |*out_type| to the type of |gen|,
1937
+ // which will be a |GEN_*| constant. If |gen| is incomplete, the return value
1938
+ // will be NULL and the type will be -1.
1939
+ //
1940
+ // WARNING: Casting the result of this function to the wrong type is a
1941
+ // potentially exploitable memory error. Callers must check |gen|'s type, either
1942
+ // via |*out_type| or checking |gen->type| directly, before inspecting the
1943
+ // result.
1944
+ //
1945
+ // WARNING: This function is not const-correct. The return value should be
1946
+ // const. Callers shoudl not mutate the returned object.
1947
+ OPENSSL_EXPORT void *GENERAL_NAME_get0_value(const GENERAL_NAME *gen,
1948
+ int *out_type);
1949
+
1950
+ // GENERAL_NAME_set0_othername sets |gen| to be an OtherName with type |oid| and
1951
+ // value |value|. On success, it returns one and takes ownership of |oid| and
1952
+ // |value|, which must be created in a way compatible with |ASN1_OBJECT_free|
1953
+ // and |ASN1_TYPE_free|, respectively. On allocation failure, it returns zero.
1954
+ // In the failure case, the caller retains ownership of |oid| and |value| and
1955
+ // must release them when done.
1956
+ //
1957
+ // WARNING: |gen| must be empty (typically as returned from |GENERAL_NAME_new|)
1958
+ // before calling this function. If |gen| already contained a value, the
1959
+ // previously contents will be leaked.
1960
+ OPENSSL_EXPORT int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
1961
+ ASN1_OBJECT *oid,
1962
+ ASN1_TYPE *value);
1963
+
1964
+ // GENERAL_NAME_get0_otherName, if |gen| is an OtherName, sets |*out_oid| and
1965
+ // |*out_value| to the OtherName's type-id and value, respectively, and returns
1966
+ // one. If |gen| is not an OtherName, it returns zero and leaves |*out_oid| and
1967
+ // |*out_value| unmodified. Either of |out_oid| or |out_value| may be NULL to
1968
+ // ignore the value.
1969
+ //
1970
+ // WARNING: This function is not const-correct. |out_oid| and |out_value| are
1971
+ // not const, but callers should not mutate the resulting objects.
1972
+ OPENSSL_EXPORT int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
1973
+ ASN1_OBJECT **out_oid,
1974
+ ASN1_TYPE **out_value);
1975
+
1976
+
1977
+ // Algorithm identifiers.
1321
1978
  //
1322
1979
  // An |X509_ALGOR| represents an AlgorithmIdentifier structure, used in X.509
1323
1980
  // to represent signature algorithms and public key algorithms.
@@ -1407,10 +2064,6 @@ OPENSSL_EXPORT int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
1407
2064
 
1408
2065
  DEFINE_STACK_OF(X509_ATTRIBUTE)
1409
2066
 
1410
- // X509_ATTRIBUTE is an |ASN1_ITEM| whose ASN.1 type is Attribute (RFC 2986) and
1411
- // C type is |X509_ATTRIBUTE*|.
1412
- DECLARE_ASN1_ITEM(X509_ATTRIBUTE)
1413
-
1414
2067
  // X509_ATTRIBUTE_new returns a newly-allocated, empty |X509_ATTRIBUTE| object,
1415
2068
  // or NULL on error. |X509_ATTRIBUTE_set1_*| may be used to finish initializing
1416
2069
  // it.
@@ -1480,21 +2133,21 @@ OPENSSL_EXPORT int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr,
1480
2133
  // X509_ATTRIBUTE_set1_data appends a value to |attr|'s value set and returns
1481
2134
  // one on success or zero on error. The value is determined as follows:
1482
2135
  //
1483
- // If |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1 string. The
1484
- // string is determined by decoding |len| bytes from |data| in the encoding
1485
- // specified by |attrtype|, and then re-encoding it in a form appropriate for
1486
- // |attr|'s type. If |len| is -1, |strlen(data)| is used instead. See
1487
- // |ASN1_STRING_set_by_NID| for details.
2136
+ // If |attrtype| is zero, this function returns one and does nothing. This form
2137
+ // may be used when calling |X509_ATTRIBUTE_create_by_*| to create an attribute
2138
+ // with an empty value set. Such attributes are invalid, but OpenSSL supports
2139
+ // creating them.
2140
+ //
2141
+ // Otherwise, if |attrtype| is a |MBSTRING_*| constant, the value is an ASN.1
2142
+ // string. The string is determined by decoding |len| bytes from |data| in the
2143
+ // encoding specified by |attrtype|, and then re-encoding it in a form
2144
+ // appropriate for |attr|'s type. If |len| is -1, |strlen(data)| is used
2145
+ // instead. See |ASN1_STRING_set_by_NID| for details.
1488
2146
  //
1489
2147
  // Otherwise, if |len| is not -1, the value is an ASN.1 string. |attrtype| is an
1490
2148
  // |ASN1_STRING| type value and the |len| bytes from |data| are copied as the
1491
2149
  // type-specific representation of |ASN1_STRING|. See |ASN1_STRING| for details.
1492
2150
  //
1493
- // WARNING: If this form is used to construct a negative INTEGER or ENUMERATED,
1494
- // |attrtype| includes the |V_ASN1_NEG| flag for |ASN1_STRING|, but the function
1495
- // forgets to clear the flag for |ASN1_TYPE|. This matches OpenSSL but is
1496
- // probably a bug. For now, do not use this form with negative values.
1497
- //
1498
2151
  // Otherwise, if |len| is -1, the value is constructed by passing |attrtype| and
1499
2152
  // |data| to |ASN1_TYPE_set1|. That is, |attrtype| is an |ASN1_TYPE| type value,
1500
2153
  // and |data| is cast to the corresponding pointer type.
@@ -1533,148 +2186,911 @@ OPENSSL_EXPORT ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr,
1533
2186
  int idx);
1534
2187
 
1535
2188
 
1536
- // SignedPublicKeyAndChallenge structures.
2189
+ // Certificate stores.
1537
2190
  //
1538
- // The SignedPublicKeyAndChallenge (SPKAC) is a legacy structure to request
1539
- // certificates, primarily in the legacy <keygen> HTML tag. An SPKAC structure
1540
- // is represented by a |NETSCAPE_SPKI| structure.
2191
+ // An |X509_STORE| contains trusted certificates, CRLs, and verification
2192
+ // parameters that are shared between multiple certificate verifications.
1541
2193
  //
1542
- // The structure is described in
1543
- // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
1544
-
1545
- // A Netscape_spki_st, or |NETSCAPE_SPKI|, represents a
1546
- // SignedPublicKeyAndChallenge structure. Although this structure contains a
1547
- // |spkac| field of type |NETSCAPE_SPKAC|, these are misnamed. The SPKAC is the
1548
- // entire structure, not the signed portion.
1549
- struct Netscape_spki_st {
1550
- NETSCAPE_SPKAC *spkac;
1551
- X509_ALGOR *sig_algor;
1552
- ASN1_BIT_STRING *signature;
1553
- } /* NETSCAPE_SPKI */;
2194
+ // Certificates in an |X509_STORE| are referred to as "trusted certificates",
2195
+ // but an individual certificate verification may not necessarily treat every
2196
+ // trusted certificate as a trust anchor. See |X509_VERIFY_PARAM_set_trust| for
2197
+ // details.
2198
+ //
2199
+ // WARNING: Although a trusted certificate which fails the
2200
+ // |X509_VERIFY_PARAM_set_trust| check is functionally an untrusted
2201
+ // intermediate certificate, callers should not rely on this to configure
2202
+ // untrusted intermediates in an |X509_STORE|. The trust check is complex, so
2203
+ // this risks inadvertently treating it as a trust anchor. Instead, configure
2204
+ // untrusted intermediates with the |chain| parameter of |X509_STORE_CTX_init|.
2205
+ //
2206
+ // Certificates in |X509_STORE| may be specified in several ways:
2207
+ // - Added by |X509_STORE_add_cert|.
2208
+ // - Returned by an |X509_LOOKUP| added by |X509_STORE_add_lookup|.
2209
+ //
2210
+ // |X509_STORE|s are reference-counted and may be shared by certificate
2211
+ // verifications running concurrently on multiple threads. However, an
2212
+ // |X509_STORE|'s verification parameters may not be modified concurrently with
2213
+ // certificate verification or other operations. Unless otherwise documented,
2214
+ // functions which take const pointer may be used concurrently, while
2215
+ // functions which take a non-const pointer may not. Callers that wish to modify
2216
+ // verification parameters in a shared |X509_STORE| should instead modify
2217
+ // |X509_STORE_CTX|s individually.
2218
+
2219
+ // X509_STORE_new returns a newly-allocated |X509_STORE|, or NULL on error.
2220
+ OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
1554
2221
 
1555
- // NETSCAPE_SPKI is an |ASN1_ITEM| whose ASN.1 type is
1556
- // SignedPublicKeyAndChallenge and C type is |NETSCAPE_SPKI*|.
1557
- DECLARE_ASN1_ITEM(NETSCAPE_SPKI)
2222
+ // X509_STORE_up_ref adds one to the reference count of |store| and returns one.
2223
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2224
+ OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
1558
2225
 
1559
- // NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
1560
- // NULL on error.
1561
- OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
2226
+ // X509_STORE_free releases memory associated with |store|.
2227
+ OPENSSL_EXPORT void X509_STORE_free(X509_STORE *store);
1562
2228
 
1563
- // NETSCAPE_SPKI_free releases memory associated with |spki|.
1564
- OPENSSL_EXPORT void NETSCAPE_SPKI_free(NETSCAPE_SPKI *spki);
2229
+ // X509_STORE_add_cert adds |x509| to |store| as a trusted certificate. It
2230
+ // returns one on success and zero on error. This function internally increments
2231
+ // |x509|'s reference count, so the caller retains ownership of |x509|.
2232
+ //
2233
+ // Certificates configured by this function are still subject to the checks
2234
+ // described in |X509_VERIFY_PARAM_set_trust|.
2235
+ //
2236
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2237
+ // However, if this function is called concurrently with |X509_verify_cert|, it
2238
+ // is a race condition whether |x509| is available for issuer lookups.
2239
+ // Moreover, the result may differ for each issuer lookup performed by a single
2240
+ // |X509_verify_cert| call.
2241
+ OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *store, X509 *x509);
2242
+
2243
+ // X509_STORE_add_crl adds |crl| to |store|. It returns one on success and zero
2244
+ // on error. This function internally increments |crl|'s reference count, so the
2245
+ // caller retains ownership of |crl|. CRLs added in this way are candidates for
2246
+ // CRL lookup when |X509_V_FLAG_CRL_CHECK| is set.
2247
+ //
2248
+ // Although |store| is not const, this function's use of |store| is thread-safe.
2249
+ // However, if this function is called concurrently with |X509_verify_cert|, it
2250
+ // is a race condition whether |crl| is available for CRL checks. Moreover, the
2251
+ // result may differ for each CRL check performed by a single
2252
+ // |X509_verify_cert| call.
2253
+ //
2254
+ // Note there are no supported APIs to remove CRLs from |store| once inserted.
2255
+ // To vary the set of CRLs over time, callers should either create a new
2256
+ // |X509_STORE| or configure CRLs on a per-verification basis with
2257
+ // |X509_STORE_CTX_set0_crls|.
2258
+ OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *store, X509_CRL *crl);
2259
+
2260
+ // X509_STORE_get0_param returns |store|'s verification parameters. This object
2261
+ // is mutable and may be modified by the caller. For an individual certificate
2262
+ // verification operation, |X509_STORE_CTX_init| initializes the
2263
+ // |X509_STORE_CTX|'s parameters with these parameters.
2264
+ //
2265
+ // WARNING: |X509_STORE_CTX_init| applies some default parameters (as in
2266
+ // |X509_VERIFY_PARAM_inherit|) after copying |store|'s parameters. This means
2267
+ // it is impossible to leave some parameters unset at |store|. They must be
2268
+ // explicitly unset after creating the |X509_STORE_CTX|.
2269
+ //
2270
+ // As of writing these late defaults are a depth limit (see
2271
+ // |X509_VERIFY_PARAM_set_depth|) and the |X509_V_FLAG_TRUSTED_FIRST| flag. This
2272
+ // warning does not apply if the parameters were set in |store|.
2273
+ //
2274
+ // TODO(crbug.com/boringssl/441): This behavior is very surprising. Can we
2275
+ // remove this notion of late defaults? The unsettable value at |X509_STORE| is
2276
+ // -1, which rejects everything but explicitly-trusted self-signed certificates.
2277
+ // |X509_V_FLAG_TRUSTED_FIRST| is mostly a workaround for poor path-building.
2278
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *store);
2279
+
2280
+ // X509_STORE_set1_param copies verification parameters from |param| as in
2281
+ // |X509_VERIFY_PARAM_set1|. It returns one on success and zero on error.
2282
+ OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *store,
2283
+ const X509_VERIFY_PARAM *param);
2284
+
2285
+ // X509_STORE_set_flags enables all values in |flags| in |store|'s verification
2286
+ // flags. |flags| should be a combination of |X509_V_FLAG_*| constants.
2287
+ //
2288
+ // WARNING: These flags will be combined with default flags when copied to an
2289
+ // |X509_STORE_CTX|. This means it is impossible to unset those defaults from
2290
+ // the |X509_STORE|. See discussion in |X509_STORE_get0_param|.
2291
+ OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *store, unsigned long flags);
2292
+
2293
+ // X509_STORE_set_depth configures |store| to, by default, limit certificate
2294
+ // chains to |depth| intermediate certificates. This count excludes both the
2295
+ // target certificate and the trust anchor (root certificate).
2296
+ OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
1565
2297
 
1566
- // d2i_NETSCAPE_SPKI parses up to |len| bytes from |*inp| as a DER-encoded
1567
- // SignedPublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1568
- OPENSSL_EXPORT NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **out,
1569
- const uint8_t **inp, long len);
2298
+ // X509_STORE_set_purpose configures the purpose check for |store|. See
2299
+ // |X509_VERIFY_PARAM_set_purpose| for details.
2300
+ OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *store, int purpose);
1570
2301
 
1571
- // i2d_NETSCAPE_SPKI marshals |spki| as a DER-encoded
1572
- // SignedPublicKeyAndChallenge structure, as described in |i2d_SAMPLE|.
1573
- OPENSSL_EXPORT int i2d_NETSCAPE_SPKI(const NETSCAPE_SPKI *spki, uint8_t **outp);
2302
+ // X509_STORE_set_trust configures the trust check for |store|. See
2303
+ // |X509_VERIFY_PARAM_set_trust| for details.
2304
+ OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *store, int trust);
1574
2305
 
1575
- // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
1576
- // returns one if the signature is valid and zero otherwise.
1577
- OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
1578
2306
 
1579
- // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
1580
- // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1581
- // |NETSCAPE_SPKI| structure with the result, or NULL on error. If |len| is 0 or
1582
- // negative, the length is calculated with |strlen| and |str| must be a
1583
- // NUL-terminated C string.
1584
- OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
1585
- ossl_ssize_t len);
2307
+ // Certificate verification.
2308
+ //
2309
+ // An |X509_STORE_CTX| object represents a single certificate verification
2310
+ // operation. To verify a certificate chain, callers construct an
2311
+ // |X509_STORE_CTX|, initialize it with |X509_STORE_CTX_init|, configure extra
2312
+ // parameters with |X509_STORE_CTX_get0_param|, and call |X509_verify_cert|.
1586
2313
 
1587
- // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded
1588
- // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
1589
- // NUL-terminated C string with the result, or NULL on error. The caller must
1590
- // release the memory with |OPENSSL_free| when done.
1591
- OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
2314
+ // X509_STORE_CTX_new returns a newly-allocated, empty |X509_STORE_CTX|, or NULL
2315
+ // on error.
2316
+ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
1592
2317
 
1593
- // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
1594
- // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
1595
- // pointer and must call |EVP_PKEY_free| when done.
1596
- OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *spki);
2318
+ // X509_STORE_CTX_free releases memory associated with |ctx|.
2319
+ OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
1597
2320
 
1598
- // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
1599
- // on success or zero on error. This function does not take ownership of |pkey|,
1600
- // so the caller may continue to manage its lifetime independently of |spki|.
1601
- OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
1602
- EVP_PKEY *pkey);
2321
+ // X509_STORE_CTX_init initializes |ctx| to verify |x509|, using trusted
2322
+ // certificates and parameters in |store|. It returns one on success and zero on
2323
+ // error. |chain| is a list of untrusted intermediate certificates to use in
2324
+ // verification.
2325
+ //
2326
+ // |ctx| stores pointers to |store|, |x509|, and |chain|. Each of these objects
2327
+ // must outlive |ctx| and may not be mutated for the duration of the certificate
2328
+ // verification.
2329
+ OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
2330
+ X509 *x509, STACK_OF(X509) *chain);
1603
2331
 
1604
- // NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
1605
- // algorithm and signature fields. It returns the length of the signature on
1606
- // success and zero on error. This function uses digest algorithm |md|, or
1607
- // |pkey|'s default if NULL. Other signing parameters use |pkey|'s defaults.
1608
- OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
1609
- const EVP_MD *md);
2332
+ // X509_verify_cert performs certifice verification with |ctx|, which must have
2333
+ // been initialized with |X509_STORE_CTX_init|. It returns one on success and
2334
+ // zero on error. On success, |X509_STORE_CTX_get0_chain| or
2335
+ // |X509_STORE_CTX_get1_chain| may be used to return the verified certificate
2336
+ // chain. On error, |X509_STORE_CTX_get_error| may be used to return additional
2337
+ // error information.
2338
+ OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
1610
2339
 
1611
- // A Netscape_spkac_st, or |NETSCAPE_SPKAC|, represents a PublicKeyAndChallenge
1612
- // structure. This type is misnamed. The full SPKAC includes the signature,
1613
- // which is represented with the |NETSCAPE_SPKI| type.
1614
- struct Netscape_spkac_st {
1615
- X509_PUBKEY *pubkey;
1616
- ASN1_IA5STRING *challenge;
1617
- } /* NETSCAPE_SPKAC */;
2340
+ // X509_STORE_CTX_get0_chain, after a successful |X509_verify_cert| call,
2341
+ // returns the verified certificate chain. The chain begins with the leaf and
2342
+ // ends with trust anchor.
2343
+ //
2344
+ // At other points, such as after a failed verification or during the deprecated
2345
+ // verification callback, it returns the partial chain built so far. Callers
2346
+ // should avoid relying on this as this exposes unstable library implementation
2347
+ // details.
2348
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(
2349
+ const X509_STORE_CTX *ctx);
2350
+
2351
+ // X509_STORE_CTX_get1_chain behaves like |X509_STORE_CTX_get0_chain| but
2352
+ // returns a newly-allocated |STACK_OF(X509)| containing the completed chain,
2353
+ // with each certificate's reference count incremented. Callers must free the
2354
+ // result with |sk_X509_pop_free| and |X509_free| when done.
2355
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(
2356
+ const X509_STORE_CTX *ctx);
2357
+
2358
+ // The following values are possible outputs of |X509_STORE_CTX_get_error|.
2359
+ #define X509_V_OK 0
2360
+ #define X509_V_ERR_UNSPECIFIED 1
2361
+ #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
2362
+ #define X509_V_ERR_UNABLE_TO_GET_CRL 3
2363
+ #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
2364
+ #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
2365
+ #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
2366
+ #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
2367
+ #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
2368
+ #define X509_V_ERR_CERT_NOT_YET_VALID 9
2369
+ #define X509_V_ERR_CERT_HAS_EXPIRED 10
2370
+ #define X509_V_ERR_CRL_NOT_YET_VALID 11
2371
+ #define X509_V_ERR_CRL_HAS_EXPIRED 12
2372
+ #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
2373
+ #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
2374
+ #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
2375
+ #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
2376
+ #define X509_V_ERR_OUT_OF_MEM 17
2377
+ #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
2378
+ #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
2379
+ #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
2380
+ #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
2381
+ #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
2382
+ #define X509_V_ERR_CERT_REVOKED 23
2383
+ #define X509_V_ERR_INVALID_CA 24
2384
+ #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
2385
+ #define X509_V_ERR_INVALID_PURPOSE 26
2386
+ #define X509_V_ERR_CERT_UNTRUSTED 27
2387
+ #define X509_V_ERR_CERT_REJECTED 28
2388
+ #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
2389
+ #define X509_V_ERR_AKID_SKID_MISMATCH 30
2390
+ #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
2391
+ #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
2392
+ #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
2393
+ #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
2394
+ #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
2395
+ #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
2396
+ #define X509_V_ERR_INVALID_NON_CA 37
2397
+ #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
2398
+ #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
2399
+ #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
2400
+ #define X509_V_ERR_INVALID_EXTENSION 41
2401
+ #define X509_V_ERR_INVALID_POLICY_EXTENSION 42
2402
+ #define X509_V_ERR_NO_EXPLICIT_POLICY 43
2403
+ #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
2404
+ #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
2405
+ #define X509_V_ERR_UNNESTED_RESOURCE 46
2406
+ #define X509_V_ERR_PERMITTED_VIOLATION 47
2407
+ #define X509_V_ERR_EXCLUDED_VIOLATION 48
2408
+ #define X509_V_ERR_SUBTREE_MINMAX 49
2409
+ #define X509_V_ERR_APPLICATION_VERIFICATION 50
2410
+ #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
2411
+ #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
2412
+ #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
2413
+ #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
2414
+ #define X509_V_ERR_HOSTNAME_MISMATCH 62
2415
+ #define X509_V_ERR_EMAIL_MISMATCH 63
2416
+ #define X509_V_ERR_IP_ADDRESS_MISMATCH 64
2417
+ #define X509_V_ERR_INVALID_CALL 65
2418
+ #define X509_V_ERR_STORE_LOOKUP 66
2419
+ #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
1618
2420
 
1619
- // NETSCAPE_SPKAC is an |ASN1_ITEM| whose ASN.1 type is PublicKeyAndChallenge
1620
- // and C type is |NETSCAPE_SPKAC*|.
1621
- DECLARE_ASN1_ITEM(NETSCAPE_SPKAC)
2421
+ // X509_STORE_CTX_get_error, after |X509_verify_cert| returns, returns
2422
+ // |X509_V_OK| if verification succeeded or an |X509_V_ERR_*| describing why
2423
+ // verification failed. This will be consistent with |X509_verify_cert|'s return
2424
+ // value, unless the caller used the deprecated verification callback (see
2425
+ // |X509_STORE_CTX_set_verify_cb|) in a way that breaks |ctx|'s invariants.
2426
+ //
2427
+ // If called during the deprecated verification callback when |ok| is zero, it
2428
+ // returns the current error under consideration.
2429
+ OPENSSL_EXPORT int X509_STORE_CTX_get_error(const X509_STORE_CTX *ctx);
1622
2430
 
1623
- // NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
1624
- // or NULL on error.
1625
- OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
2431
+ // X509_STORE_CTX_set_error sets |ctx|'s error to |err|, which should be
2432
+ // |X509_V_OK| or an |X509_V_ERR_*| constant. It is not expected to be called in
2433
+ // typical |X509_STORE_CTX| usage, but may be used in callback APIs where
2434
+ // applications synthesize |X509_STORE_CTX| error conditions. See also
2435
+ // |X509_STORE_CTX_set_verify_cb| and |SSL_CTX_set_cert_verify_callback|.
2436
+ OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err);
1626
2437
 
1627
- // NETSCAPE_SPKAC_free releases memory associated with |spkac|.
1628
- OPENSSL_EXPORT void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *spkac);
2438
+ // X509_verify_cert_error_string returns |err| as a human-readable string, where
2439
+ // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
2440
+ // a default description.
2441
+ OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
1629
2442
 
1630
- // d2i_NETSCAPE_SPKAC parses up to |len| bytes from |*inp| as a DER-encoded
1631
- // PublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
1632
- OPENSSL_EXPORT NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **out,
1633
- const uint8_t **inp,
1634
- long len);
2443
+ // X509_STORE_CTX_get_error_depth returns the depth at which the error returned
2444
+ // by |X509_STORE_CTX_get_error| occured. This is zero-indexed integer into the
2445
+ // certificate chain. Zero indicates the target certificate, one its issuer, and
2446
+ // so on.
2447
+ OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(const X509_STORE_CTX *ctx);
1635
2448
 
1636
- // i2d_NETSCAPE_SPKAC marshals |spkac| as a DER-encoded PublicKeyAndChallenge
1637
- // structure, as described in |i2d_SAMPLE|.
1638
- OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
1639
- uint8_t **outp);
2449
+ // X509_STORE_CTX_get_current_cert returns the certificate which caused the
2450
+ // error returned by |X509_STORE_CTX_get_error|.
2451
+ OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(const X509_STORE_CTX *ctx);
1640
2452
 
2453
+ // X509_STORE_CTX_get0_current_crl returns the CRL which caused the error
2454
+ // returned by |X509_STORE_CTX_get_error|.
2455
+ OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(
2456
+ const X509_STORE_CTX *ctx);
1641
2457
 
1642
- // Printing functions.
1643
- //
1644
- // The following functions output human-readable representations of
1645
- // X.509-related structures. They should only be used for debugging or logging
1646
- // and not parsed programmatically. In many cases, the outputs are ambiguous, so
1647
- // attempting to parse them can lead to string injection vulnerabilities.
2458
+ // X509_STORE_CTX_get0_store returns the |X509_STORE| that |ctx| uses.
2459
+ OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(const X509_STORE_CTX *ctx);
1648
2460
 
1649
- // The following flags control |X509_print_ex| and |X509_REQ_print_ex|.
2461
+ // X509_STORE_CTX_get0_cert returns the leaf certificate that |ctx| is
2462
+ // verifying.
2463
+ OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(const X509_STORE_CTX *ctx);
1650
2464
 
1651
- // X509_FLAG_COMPAT disables all flags. It additionally causes names to be
1652
- // printed with a 16-byte indent.
1653
- #define X509_FLAG_COMPAT 0
2465
+ // X509_STORE_CTX_get0_untrusted returns the stack of untrusted intermediates
2466
+ // used by |ctx| for certificate verification.
2467
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
2468
+ const X509_STORE_CTX *ctx);
1654
2469
 
1655
- // X509_FLAG_NO_HEADER skips a header identifying the type of object printed.
1656
- #define X509_FLAG_NO_HEADER 1L
2470
+ // X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
2471
+ // in |sk|. |sk| must remain valid for the duration of |ctx|. Calling this
2472
+ // function causes |ctx| to ignore any certificates configured in the
2473
+ // |X509_STORE|. Certificates in |sk| are still subject to the check described
2474
+ // in |X509_VERIFY_PARAM_set_trust|.
2475
+ //
2476
+ // WARNING: This function differs from most |set0| functions in that it does not
2477
+ // take ownership of its input. The caller is required to ensure the lifetimes
2478
+ // are consistent.
2479
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2480
+ STACK_OF(X509) *sk);
1657
2481
 
1658
- // X509_FLAG_NO_VERSION skips printing the X.509 version number.
1659
- #define X509_FLAG_NO_VERSION (1L << 1)
2482
+ // X509_STORE_CTX_set0_crls configures |ctx| to consider the CRLs in |sk| as
2483
+ // candidates for CRL lookup. |sk| must remain valid for the duration of |ctx|.
2484
+ // These CRLs are considered in addition to CRLs found in |X509_STORE|.
2485
+ //
2486
+ // WARNING: This function differs from most |set0| functions in that it does not
2487
+ // take ownership of its input. The caller is required to ensure the lifetimes
2488
+ // are consistent.
2489
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx,
2490
+ STACK_OF(X509_CRL) *sk);
1660
2491
 
1661
- // X509_FLAG_NO_SERIAL skips printing the serial number. It is ignored in
1662
- // |X509_REQ_print_fp|.
1663
- #define X509_FLAG_NO_SERIAL (1L << 2)
2492
+ // X509_STORE_CTX_set_default looks up the set of parameters named |name| and
2493
+ // applies those default verification parameters for |ctx|. As in
2494
+ // |X509_VERIFY_PARAM_inherit|, only unset parameters are changed. This function
2495
+ // returns one on success and zero on error.
2496
+ //
2497
+ // The supported values of |name| are:
2498
+ // - "default" is an internal value which configures some late defaults. See the
2499
+ // discussion in |X509_STORE_get0_param|.
2500
+ // - "pkcs7" configures default trust and purpose checks for PKCS#7 signatures.
2501
+ // - "smime_sign" configures trust and purpose checks for S/MIME signatures.
2502
+ // - "ssl_client" configures trust and purpose checks for TLS clients.
2503
+ // - "ssl_server" configures trust and purpose checks for TLS servers.
2504
+ //
2505
+ // TODO(crbug.com/boringssl/441): Make "default" a no-op.
2506
+ OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
2507
+ const char *name);
1664
2508
 
1665
- // X509_FLAG_NO_SIGNAME skips printing the signature algorithm in the
1666
- // TBSCertificate. It is ignored in |X509_REQ_print_fp|.
1667
- #define X509_FLAG_NO_SIGNAME (1L << 3)
2509
+ // X509_STORE_CTX_get0_param returns |ctx|'s verification parameters. This
2510
+ // object is mutable and may be modified by the caller.
2511
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
2512
+ X509_STORE_CTX *ctx);
1668
2513
 
1669
- // X509_FLAG_NO_ISSUER skips printing the issuer.
1670
- #define X509_FLAG_NO_ISSUER (1L << 4)
2514
+ // X509_STORE_CTX_set0_param returns |ctx|'s verification parameters to |param|
2515
+ // and takes ownership of |param|. After this function returns, the caller
2516
+ // should not free |param|.
2517
+ //
2518
+ // WARNING: This function discards any values which were previously applied in
2519
+ // |ctx|, including the "default" parameters applied late in
2520
+ // |X509_STORE_CTX_init|. These late defaults are not applied to parameters
2521
+ // created standalone by |X509_VERIFY_PARAM_new|.
2522
+ //
2523
+ // TODO(crbug.com/boringssl/441): This behavior is very surprising. Should we
2524
+ // re-apply the late defaults in |param|, or somehow avoid this notion of late
2525
+ // defaults altogether?
2526
+ OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
2527
+ X509_VERIFY_PARAM *param);
1671
2528
 
1672
- // X509_FLAG_NO_VALIDITY skips printing the notBefore and notAfter times. It is
1673
- // ignored in |X509_REQ_print_fp|.
1674
- #define X509_FLAG_NO_VALIDITY (1L << 5)
2529
+ // X509_STORE_CTX_set_flags enables all values in |flags| in |ctx|'s
2530
+ // verification flags. |flags| should be a combination of |X509_V_FLAG_*|
2531
+ // constants.
2532
+ OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
2533
+ unsigned long flags);
1675
2534
 
1676
- // X509_FLAG_NO_SUBJECT skips printing the subject.
1677
- #define X509_FLAG_NO_SUBJECT (1L << 6)
2535
+ // X509_STORE_CTX_set_time configures certificate verification to use |t|
2536
+ // instead of the current time. |flags| is ignored and should be zero.
2537
+ OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
2538
+ unsigned long flags, time_t t);
2539
+
2540
+ // X509_STORE_CTX_set_time_posix configures certificate verification to use |t|
2541
+ // instead of the current time. |t| is interpreted as a POSIX timestamp in
2542
+ // seconds. |flags| is ignored and should be zero.
2543
+ OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
2544
+ unsigned long flags,
2545
+ int64_t t);
2546
+
2547
+ // X509_STORE_CTX_set_depth configures |ctx| to, by default, limit certificate
2548
+ // chains to |depth| intermediate certificates. This count excludes both the
2549
+ // target certificate and the trust anchor (root certificate).
2550
+ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2551
+
2552
+ // X509_STORE_CTX_set_purpose simultaneously configures |ctx|'s purpose and
2553
+ // trust checks, if unset. It returns one on success and zero if |purpose| is
2554
+ // not a valid purpose value. |purpose| should be an |X509_PURPOSE_*| constant.
2555
+ // If so, it configures |ctx| with a purpose check of |purpose| and a trust
2556
+ // check of |purpose|'s corresponding trust value. If either the purpose or
2557
+ // trust check had already been specified for |ctx|, that corresponding
2558
+ // modification is silently dropped.
2559
+ //
2560
+ // See |X509_VERIFY_PARAM_set_purpose| and |X509_VERIFY_PARAM_set_trust| for
2561
+ // details on the purpose and trust checks, respectively.
2562
+ //
2563
+ // If |purpose| is |X509_PURPOSE_ANY|, this function returns an error because it
2564
+ // has no corresponding |X509_TRUST_*| value. It is not possible to set
2565
+ // |X509_PURPOSE_ANY| with this function, only |X509_VERIFY_PARAM_set_purpose|.
2566
+ //
2567
+ // WARNING: Unlike similarly named functions in this header, this function
2568
+ // silently does not behave the same as |X509_VERIFY_PARAM_set_purpose|. Callers
2569
+ // may use |X509_VERIFY_PARAM_set_purpose| with |X509_STORE_CTX_get0_param| to
2570
+ // avoid this difference.
2571
+ OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
2572
+
2573
+ // X509_STORE_CTX_set_trust configures |ctx|'s trust check, if unset. It returns
2574
+ // one on success and zero if |trust| is not a valid trust value. |trust| should
2575
+ // be an |X509_TRUST_*| constant. If so, it configures |ctx| with a trust check
2576
+ // of |trust|. If the trust check had already been specified for |ctx|, it
2577
+ // silently does nothing.
2578
+ //
2579
+ // See |X509_VERIFY_PARAM_set_trust| for details on the purpose and trust check.
2580
+ //
2581
+ // WARNING: Unlike similarly named functions in this header, this function
2582
+ // does not behave the same as |X509_VERIFY_PARAM_set_trust|. Callers may use
2583
+ // |X509_VERIFY_PARAM_set_trust| with |X509_STORE_CTX_get0_param| to avoid this
2584
+ // difference.
2585
+ OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
2586
+
2587
+
2588
+ // Verification parameters.
2589
+ //
2590
+ // An |X509_VERIFY_PARAM| contains a set of parameters for certificate
2591
+ // verification.
2592
+
2593
+ // X509_VERIFY_PARAM_new returns a newly-allocated |X509_VERIFY_PARAM|, or NULL
2594
+ // on error.
2595
+ OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
2596
+
2597
+ // X509_VERIFY_PARAM_free releases memory associated with |param|.
2598
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
2599
+
2600
+ // X509_VERIFY_PARAM_inherit applies |from| as the default values for |to|. That
2601
+ // is, for each parameter that is unset in |to|, it copies the value in |from|.
2602
+ // This function returns one on success and zero on error.
2603
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
2604
+ const X509_VERIFY_PARAM *from);
2605
+
2606
+ // X509_VERIFY_PARAM_set1 copies parameters from |from| to |to|. If a parameter
2607
+ // is unset in |from|, the existing value in |to| is preserved. This function
2608
+ // returns one on success and zero on error.
2609
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
2610
+ const X509_VERIFY_PARAM *from);
2611
+
2612
+ // X509_VERIFY_PARAM_set_flags enables all values in |flags| in |param|'s
2613
+ // verification flags and returns one. |flags| should be a combination of
2614
+ // |X509_V_FLAG_*| constants.
2615
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
2616
+ unsigned long flags);
2617
+
2618
+ // X509_VERIFY_PARAM_clear_flags disables all values in |flags| in |param|'s
2619
+ // verification flags and returns one. |flags| should be a combination of
2620
+ // |X509_V_FLAG_*| constants.
2621
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
2622
+ unsigned long flags);
2623
+
2624
+ // X509_VERIFY_PARAM_get_flags returns |param|'s verification flags.
2625
+ OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
2626
+ const X509_VERIFY_PARAM *param);
2627
+
2628
+ // X509_VERIFY_PARAM_set_depth configures |param| to limit certificate chains to
2629
+ // |depth| intermediate certificates. This count excludes both the target
2630
+ // certificate and the trust anchor (root certificate).
2631
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
2632
+ int depth);
2633
+
2634
+ // X509_VERIFY_PARAM_get_depth returns the maximum depth configured in |param|.
2635
+ // See |X509_VERIFY_PARAM_set_depth|.
2636
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
2637
+
2638
+ // X509_VERIFY_PARAM_set_time configures certificate verification to use |t|
2639
+ // instead of the current time.
2640
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
2641
+ time_t t);
2642
+
2643
+ // X509_VERIFY_PARAM_set_time_posix configures certificate verification to use
2644
+ // |t| instead of the current time. |t| is interpreted as a POSIX timestamp in
2645
+ // seconds.
2646
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
2647
+ int64_t t);
2648
+
2649
+ // X509_VERIFY_PARAM_add0_policy adds |policy| to the user-initial-policy-set
2650
+ // (see Section 6.1.1 of RFC 5280). On success, it takes ownership of
2651
+ // |policy| and returns one. Otherwise, it returns zero and the caller retains
2652
+ // owneship of |policy|.
2653
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
2654
+ ASN1_OBJECT *policy);
2655
+
2656
+ // X509_VERIFY_PARAM_set1_policies sets the user-initial-policy-set (see
2657
+ // Section 6.1.1 of RFC 5280) to a copy of |policies|. It returns one on success
2658
+ // and zero on error.
2659
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
2660
+ X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
2661
+
2662
+ // X509_VERIFY_PARAM_set1_host configures |param| to check for the DNS name
2663
+ // specified by |name|. It returns one on success and zero on error.
2664
+ //
2665
+ // By default, both subject alternative names and the subject's common name
2666
+ // attribute are checked. The latter has long been deprecated, so callers should
2667
+ // call |X509_VERIFY_PARAM_set_hostflags| with
2668
+ // |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| to use the standard behavior.
2669
+ // https://crbug.com/boringssl/464 tracks fixing the default.
2670
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
2671
+ const char *name,
2672
+ size_t name_len);
2673
+
2674
+ // X509_VERIFY_PARAM_add1_host adds |name| to the list of names checked by
2675
+ // |param|. If any configured DNS name matches the certificate, verification
2676
+ // succeeds. It returns one on success and zero on error.
2677
+ //
2678
+ // By default, both subject alternative names and the subject's common name
2679
+ // attribute are checked. The latter has long been deprecated, so callers should
2680
+ // call |X509_VERIFY_PARAM_set_hostflags| with
2681
+ // |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| to use the standard behavior.
2682
+ // https://crbug.com/boringssl/464 tracks fixing the default.
2683
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
2684
+ const char *name,
2685
+ size_t name_len);
2686
+
2687
+ // X509_CHECK_FLAG_NO_WILDCARDS disables wildcard matching for DNS names.
2688
+ #define X509_CHECK_FLAG_NO_WILDCARDS 0x2
2689
+
2690
+ // X509_CHECK_FLAG_NEVER_CHECK_SUBJECT disables the subject fallback, normally
2691
+ // enabled when subjectAltNames is missing.
2692
+ #define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT 0x20
2693
+
2694
+ // X509_VERIFY_PARAM_set_hostflags sets the name-checking flags on |param| to
2695
+ // |flags|. |flags| should be a combination of |X509_CHECK_FLAG_*| constants.
2696
+ OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
2697
+ unsigned int flags);
2698
+
2699
+ // X509_VERIFY_PARAM_set1_email configures |param| to check for the email
2700
+ // address specified by |email|. It returns one on success and zero on error.
2701
+ //
2702
+ // By default, both subject alternative names and the subject's email address
2703
+ // attribute are checked. The |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| flag may be
2704
+ // used to change this behavior.
2705
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
2706
+ const char *email,
2707
+ size_t email_len);
2708
+
2709
+ // X509_VERIFY_PARAM_set1_ip configures |param| to check for the IP address
2710
+ // specified by |ip|. It returns one on success and zero on error. The IP
2711
+ // address is specified in its binary representation. |ip_len| must be 4 for an
2712
+ // IPv4 address and 16 for an IPv6 address.
2713
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
2714
+ const uint8_t *ip, size_t ip_len);
2715
+
2716
+ // X509_VERIFY_PARAM_set1_ip_asc decodes |ipasc| as the ASCII representation of
2717
+ // an IPv4 or IPv6 address, and configures |param| to check for it. It returns
2718
+ // one on success and zero on error.
2719
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
2720
+ const char *ipasc);
2721
+
2722
+ // X509_PURPOSE_SSL_CLIENT validates TLS client certificates. It checks for the
2723
+ // id-kp-clientAuth EKU and one of digitalSignature or keyAgreement key usages.
2724
+ // The TLS library is expected to check for the key usage specific to the
2725
+ // negotiated TLS parameters.
2726
+ #define X509_PURPOSE_SSL_CLIENT 1
2727
+ // X509_PURPOSE_SSL_SERVER validates TLS server certificates. It checks for the
2728
+ // id-kp-clientAuth EKU and one of digitalSignature, keyAgreement, or
2729
+ // keyEncipherment key usages. The TLS library is expected to check for the key
2730
+ // usage specific to the negotiated TLS parameters.
2731
+ #define X509_PURPOSE_SSL_SERVER 2
2732
+ // X509_PURPOSE_NS_SSL_SERVER is a legacy mode. It behaves like
2733
+ // |X509_PURPOSE_SSL_SERVER|, but only accepts the keyEncipherment key usage,
2734
+ // used by SSL 2.0 and RSA key exchange. Do not use this.
2735
+ #define X509_PURPOSE_NS_SSL_SERVER 3
2736
+ // X509_PURPOSE_SMIME_SIGN validates S/MIME signing certificates. It checks for
2737
+ // the id-kp-emailProtection EKU and one of digitalSignature or nonRepudiation
2738
+ // key usages.
2739
+ #define X509_PURPOSE_SMIME_SIGN 4
2740
+ // X509_PURPOSE_SMIME_ENCRYPT validates S/MIME encryption certificates. It
2741
+ // checks for the id-kp-emailProtection EKU and keyEncipherment key usage.
2742
+ #define X509_PURPOSE_SMIME_ENCRYPT 5
2743
+ // X509_PURPOSE_CRL_SIGN validates indirect CRL signers. It checks for the
2744
+ // cRLSign key usage. BoringSSL does not support indirect CRLs and does not use
2745
+ // this mode.
2746
+ #define X509_PURPOSE_CRL_SIGN 6
2747
+ // X509_PURPOSE_ANY performs no EKU or key usage checks. Such checks are the
2748
+ // responsibility of the caller.
2749
+ #define X509_PURPOSE_ANY 7
2750
+ // X509_PURPOSE_OCSP_HELPER performs no EKU or key usage checks. It was
2751
+ // historically used in OpenSSL's OCSP implementation, which left those checks
2752
+ // to the OCSP implementation itself.
2753
+ #define X509_PURPOSE_OCSP_HELPER 8
2754
+ // X509_PURPOSE_TIMESTAMP_SIGN validates Time Stamping Authority (RFC 3161)
2755
+ // certificates. It checks for the id-kp-timeStamping EKU and one of
2756
+ // digitalSignature or nonRepudiation key usages. It additionally checks that
2757
+ // the EKU extension is critical and that no other EKUs or key usages are
2758
+ // asserted.
2759
+ #define X509_PURPOSE_TIMESTAMP_SIGN 9
2760
+
2761
+ // X509_VERIFY_PARAM_set_purpose configures |param| to validate certificates for
2762
+ // a specified purpose. It returns one on success and zero if |purpose| is not a
2763
+ // valid purpose type. |purpose| should be one of the |X509_PURPOSE_*| values.
2764
+ //
2765
+ // This option controls checking the extended key usage (EKU) and key usage
2766
+ // extensions. These extensions specify how a certificate's public key may be
2767
+ // used and are important to avoid cross-protocol attacks, particularly in PKIs
2768
+ // that may issue certificates for multiple protocols, or for protocols that use
2769
+ // keys in multiple ways. If not configured, these security checks are the
2770
+ // caller's responsibility.
2771
+ //
2772
+ // This library applies the EKU checks to all untrusted intermediates. Although
2773
+ // not defined in RFC 5280, this matches widely-deployed practice. It also does
2774
+ // not accept anyExtendedKeyUsage.
2775
+ //
2776
+ // Many purpose values have a corresponding trust value, which is not configured
2777
+ // by this function. See |X509_VERIFY_PARAM_set_trust| for details. Callers
2778
+ // that wish to configure both should either call both functions, or use
2779
+ // |X509_STORE_CTX_set_purpose|.
2780
+ //
2781
+ // It is currently not possible to configure custom EKU OIDs or key usage bits.
2782
+ // Contact the BoringSSL maintainers if your application needs to do so. OpenSSL
2783
+ // had an |X509_PURPOSE_add| API, but it was not thread-safe and relied on
2784
+ // global mutable state, so we removed it.
2785
+ //
2786
+ // TODO(davidben): This function additionally configures checking the legacy
2787
+ // Netscape certificate type extension. Remove this.
2788
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param,
2789
+ int purpose);
2790
+
2791
+ // X509_TRUST_COMPAT evaluates trust using only the self-signed fallback. Trust
2792
+ // and distrust OIDs are ignored.
2793
+ #define X509_TRUST_COMPAT 1
2794
+ // X509_TRUST_SSL_CLIENT evaluates trust with the |NID_client_auth| OID, for
2795
+ // validating TLS client certificates.
2796
+ #define X509_TRUST_SSL_CLIENT 2
2797
+ // X509_TRUST_SSL_SERVER evaluates trust with the |NID_server_auth| OID, for
2798
+ // validating TLS server certificates.
2799
+ #define X509_TRUST_SSL_SERVER 3
2800
+ // X509_TRUST_EMAIL evaluates trust with the |NID_email_protect| OID, for
2801
+ // validating S/MIME email certificates.
2802
+ #define X509_TRUST_EMAIL 4
2803
+ // X509_TRUST_OBJECT_SIGN evaluates trust with the |NID_code_sign| OID, for
2804
+ // validating code signing certificates.
2805
+ #define X509_TRUST_OBJECT_SIGN 5
2806
+ // X509_TRUST_TSA evaluates trust with the |NID_time_stamp| OID, for validating
2807
+ // Time Stamping Authority (RFC 3161) certificates.
2808
+ #define X509_TRUST_TSA 8
2809
+
2810
+ // X509_VERIFY_PARAM_set_trust configures which certificates from |X509_STORE|
2811
+ // are trust anchors. It returns one on success and zero if |trust| is not a
2812
+ // valid trust value. |trust| should be one of the |X509_TRUST_*| constants.
2813
+ // This function allows applications to vary trust anchors when the same set of
2814
+ // trusted certificates is used in multiple contexts.
2815
+ //
2816
+ // Two properties determine whether a certificate is a trust anchor:
2817
+ //
2818
+ // - Whether it is trusted or distrusted for some OID, via auxiliary information
2819
+ // configured by |X509_add1_trust_object| or |X509_add1_reject_object|.
2820
+ //
2821
+ // - Whether it is "self-signed". That is, whether |X509_get_extension_flags|
2822
+ // includes |EXFLAG_SS|. The signature itself is not checked.
2823
+ //
2824
+ // When this function is called, |trust| determines the OID to check in the
2825
+ // first case. If the certificate is not explicitly trusted or distrusted for
2826
+ // any OID, it is trusted if self-signed instead.
2827
+ //
2828
+ // If unset, the default behavior is to check for the |NID_anyExtendedKeyUsage|
2829
+ // OID. If the certificate is not explicitly trusted or distrusted for this OID,
2830
+ // it is trusted if self-signed instead. Note this slightly differs from the
2831
+ // above.
2832
+ //
2833
+ // It is currently not possible to configure custom trust OIDs. Contact the
2834
+ // BoringSSL maintainers if your application needs to do so. OpenSSL had an
2835
+ // |X509_TRUST_add| API, but it was not thread-safe and relied on global mutable
2836
+ // state, so we removed it.
2837
+ OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param,
2838
+ int trust);
2839
+
2840
+
2841
+ // SignedPublicKeyAndChallenge structures.
2842
+ //
2843
+ // The SignedPublicKeyAndChallenge (SPKAC) is a legacy structure to request
2844
+ // certificates, primarily in the legacy <keygen> HTML tag. An SPKAC structure
2845
+ // is represented by a |NETSCAPE_SPKI| structure.
2846
+ //
2847
+ // The structure is described in
2848
+ // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
2849
+
2850
+ // A Netscape_spki_st, or |NETSCAPE_SPKI|, represents a
2851
+ // SignedPublicKeyAndChallenge structure. Although this structure contains a
2852
+ // |spkac| field of type |NETSCAPE_SPKAC|, these are misnamed. The SPKAC is the
2853
+ // entire structure, not the signed portion.
2854
+ struct Netscape_spki_st {
2855
+ NETSCAPE_SPKAC *spkac;
2856
+ X509_ALGOR *sig_algor;
2857
+ ASN1_BIT_STRING *signature;
2858
+ } /* NETSCAPE_SPKI */;
2859
+
2860
+ // NETSCAPE_SPKI_new returns a newly-allocated, empty |NETSCAPE_SPKI| object, or
2861
+ // NULL on error.
2862
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_new(void);
2863
+
2864
+ // NETSCAPE_SPKI_free releases memory associated with |spki|.
2865
+ OPENSSL_EXPORT void NETSCAPE_SPKI_free(NETSCAPE_SPKI *spki);
2866
+
2867
+ // d2i_NETSCAPE_SPKI parses up to |len| bytes from |*inp| as a DER-encoded
2868
+ // SignedPublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
2869
+ OPENSSL_EXPORT NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **out,
2870
+ const uint8_t **inp, long len);
2871
+
2872
+ // i2d_NETSCAPE_SPKI marshals |spki| as a DER-encoded
2873
+ // SignedPublicKeyAndChallenge structure, as described in |i2d_SAMPLE|.
2874
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKI(const NETSCAPE_SPKI *spki, uint8_t **outp);
2875
+
2876
+ // NETSCAPE_SPKI_verify checks that |spki| has a valid signature by |pkey|. It
2877
+ // returns one if the signature is valid and zero otherwise.
2878
+ OPENSSL_EXPORT int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *spki, EVP_PKEY *pkey);
2879
+
2880
+ // NETSCAPE_SPKI_b64_decode decodes |len| bytes from |str| as a base64-encoded
2881
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
2882
+ // |NETSCAPE_SPKI| structure with the result, or NULL on error. If |len| is 0 or
2883
+ // negative, the length is calculated with |strlen| and |str| must be a
2884
+ // NUL-terminated C string.
2885
+ OPENSSL_EXPORT NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str,
2886
+ ossl_ssize_t len);
2887
+
2888
+ // NETSCAPE_SPKI_b64_encode encodes |spki| as a base64-encoded
2889
+ // SignedPublicKeyAndChallenge structure. It returns a newly-allocated
2890
+ // NUL-terminated C string with the result, or NULL on error. The caller must
2891
+ // release the memory with |OPENSSL_free| when done.
2892
+ OPENSSL_EXPORT char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki);
2893
+
2894
+ // NETSCAPE_SPKI_get_pubkey decodes and returns the public key in |spki| as an
2895
+ // |EVP_PKEY|, or NULL on error. The caller takes ownership of the resulting
2896
+ // pointer and must call |EVP_PKEY_free| when done.
2897
+ OPENSSL_EXPORT EVP_PKEY *NETSCAPE_SPKI_get_pubkey(const NETSCAPE_SPKI *spki);
2898
+
2899
+ // NETSCAPE_SPKI_set_pubkey sets |spki|'s public key to |pkey|. It returns one
2900
+ // on success or zero on error. This function does not take ownership of |pkey|,
2901
+ // so the caller may continue to manage its lifetime independently of |spki|.
2902
+ OPENSSL_EXPORT int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *spki,
2903
+ EVP_PKEY *pkey);
2904
+
2905
+ // NETSCAPE_SPKI_sign signs |spki| with |pkey| and replaces the signature
2906
+ // algorithm and signature fields. It returns the length of the signature on
2907
+ // success and zero on error. This function uses digest algorithm |md|, or
2908
+ // |pkey|'s default if NULL. Other signing parameters use |pkey|'s defaults.
2909
+ OPENSSL_EXPORT int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *spki, EVP_PKEY *pkey,
2910
+ const EVP_MD *md);
2911
+
2912
+ // A Netscape_spkac_st, or |NETSCAPE_SPKAC|, represents a PublicKeyAndChallenge
2913
+ // structure. This type is misnamed. The full SPKAC includes the signature,
2914
+ // which is represented with the |NETSCAPE_SPKI| type.
2915
+ struct Netscape_spkac_st {
2916
+ X509_PUBKEY *pubkey;
2917
+ ASN1_IA5STRING *challenge;
2918
+ } /* NETSCAPE_SPKAC */;
2919
+
2920
+ // NETSCAPE_SPKAC_new returns a newly-allocated, empty |NETSCAPE_SPKAC| object,
2921
+ // or NULL on error.
2922
+ OPENSSL_EXPORT NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void);
2923
+
2924
+ // NETSCAPE_SPKAC_free releases memory associated with |spkac|.
2925
+ OPENSSL_EXPORT void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *spkac);
2926
+
2927
+ // d2i_NETSCAPE_SPKAC parses up to |len| bytes from |*inp| as a DER-encoded
2928
+ // PublicKeyAndChallenge structure, as described in |d2i_SAMPLE|.
2929
+ OPENSSL_EXPORT NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **out,
2930
+ const uint8_t **inp,
2931
+ long len);
2932
+
2933
+ // i2d_NETSCAPE_SPKAC marshals |spkac| as a DER-encoded PublicKeyAndChallenge
2934
+ // structure, as described in |i2d_SAMPLE|.
2935
+ OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
2936
+ uint8_t **outp);
2937
+
2938
+
2939
+ // RSASSA-PSS Parameters.
2940
+ //
2941
+ // In X.509, RSASSA-PSS signatures and keys use a complex parameter structure,
2942
+ // defined in RFC 4055. The following functions are provided for compatibility
2943
+ // with some OpenSSL APIs relating to this. Use of RSASSA-PSS in X.509 is
2944
+ // discouraged. The parameters structure is very complex, and it takes more
2945
+ // bytes to merely encode parameters than an entire P-256 ECDSA signature.
2946
+
2947
+ // An rsa_pss_params_st, aka |RSA_PSS_PARAMS|, represents a parsed
2948
+ // RSASSA-PSS-params structure, as defined in (RFC 4055).
2949
+ struct rsa_pss_params_st {
2950
+ X509_ALGOR *hashAlgorithm;
2951
+ X509_ALGOR *maskGenAlgorithm;
2952
+ ASN1_INTEGER *saltLength;
2953
+ ASN1_INTEGER *trailerField;
2954
+ // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the
2955
+ // cases apply to BoringSSL, so this is always NULL, but Node expects the
2956
+ // field to be present.
2957
+ X509_ALGOR *maskHash;
2958
+ } /* RSA_PSS_PARAMS */;
2959
+
2960
+ // RSA_PSS_PARAMS is an |ASN1_ITEM| whose ASN.1 type is RSASSA-PSS-params (RFC
2961
+ // 4055) and C type is |RSA_PSS_PARAMS*|.
2962
+ DECLARE_ASN1_ITEM(RSA_PSS_PARAMS)
2963
+
2964
+ // RSA_PSS_PARAMS_new returns a new, empty |RSA_PSS_PARAMS|, or NULL on error.
2965
+ OPENSSL_EXPORT RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void);
2966
+
2967
+ // RSA_PSS_PARAMS_free releases memory associated with |params|.
2968
+ OPENSSL_EXPORT void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *params);
2969
+
2970
+ // d2i_RSA_PSS_PARAMS parses up to |len| bytes from |*inp| as a DER-encoded
2971
+ // RSASSA-PSS-params (RFC 4055), as described in |d2i_SAMPLE|.
2972
+ OPENSSL_EXPORT RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **out,
2973
+ const uint8_t **inp,
2974
+ long len);
2975
+
2976
+ // i2d_RSA_PSS_PARAMS marshals |in| as a DER-encoded RSASSA-PSS-params (RFC
2977
+ // 4055), as described in |i2d_SAMPLE|.
2978
+ OPENSSL_EXPORT int i2d_RSA_PSS_PARAMS(const RSA_PSS_PARAMS *in, uint8_t **outp);
2979
+
2980
+
2981
+ // PKCS#8 private keys.
2982
+ //
2983
+ // The |PKCS8_PRIV_KEY_INFO| type represents a PKCS#8 PrivateKeyInfo (RFC 5208)
2984
+ // structure. This is analogous to SubjectPublicKeyInfo and uses the same
2985
+ // AlgorithmIdentifiers, but carries private keys and is not part of X.509
2986
+ // itself.
2987
+ //
2988
+ // TODO(davidben): Do these functions really belong in this header?
2989
+
2990
+ // PKCS8_PRIV_KEY_INFO_new returns a newly-allocated, empty
2991
+ // |PKCS8_PRIV_KEY_INFO| object, or NULL on error.
2992
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void);
2993
+
2994
+ // PKCS8_PRIV_KEY_INFO_free releases memory associated with |key|.
2995
+ OPENSSL_EXPORT void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *key);
2996
+
2997
+ // d2i_PKCS8_PRIV_KEY_INFO parses up to |len| bytes from |*inp| as a DER-encoded
2998
+ // PrivateKeyInfo, as described in |d2i_SAMPLE|.
2999
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(
3000
+ PKCS8_PRIV_KEY_INFO **out, const uint8_t **inp, long len);
3001
+
3002
+ // i2d_PKCS8_PRIV_KEY_INFO marshals |key| as a DER-encoded PrivateKeyInfo, as
3003
+ // described in |i2d_SAMPLE|.
3004
+ OPENSSL_EXPORT int i2d_PKCS8_PRIV_KEY_INFO(const PKCS8_PRIV_KEY_INFO *key,
3005
+ uint8_t **outp);
3006
+
3007
+ // EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
3008
+ // key was unsupported or could not be decoded. The caller must release the
3009
+ // result with |EVP_PKEY_free| when done.
3010
+ //
3011
+ // Use |EVP_parse_private_key| instead.
3012
+ OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
3013
+
3014
+ // EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
3015
+ // represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
3016
+ // caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
3017
+ //
3018
+ // Use |EVP_marshal_private_key| instead.
3019
+ OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
3020
+
3021
+
3022
+ // Algorithm and octet string pairs.
3023
+ //
3024
+ // The |X509_SIG| type represents an ASN.1 SEQUENCE type of an
3025
+ // AlgorithmIdentifier and an OCTET STRING. Although named |X509_SIG|, there is
3026
+ // no type in X.509 which matches this format. The two common types which do are
3027
+ // DigestInfo (RFC 2315 and RFC 8017), and EncryptedPrivateKeyInfo (RFC 5208).
3028
+
3029
+ // X509_SIG_new returns a newly-allocated, empty |X509_SIG| object, or NULL on
3030
+ // error.
3031
+ OPENSSL_EXPORT X509_SIG *X509_SIG_new(void);
3032
+
3033
+ // X509_SIG_free releases memory associated with |key|.
3034
+ OPENSSL_EXPORT void X509_SIG_free(X509_SIG *key);
3035
+
3036
+ // d2i_X509_SIG parses up to |len| bytes from |*inp| as a DER-encoded algorithm
3037
+ // and octet string pair, as described in |d2i_SAMPLE|.
3038
+ OPENSSL_EXPORT X509_SIG *d2i_X509_SIG(X509_SIG **out, const uint8_t **inp,
3039
+ long len);
3040
+
3041
+ // i2d_X509_SIG marshals |sig| as a DER-encoded algorithm
3042
+ // and octet string pair, as described in |i2d_SAMPLE|.
3043
+ OPENSSL_EXPORT int i2d_X509_SIG(const X509_SIG *sig, uint8_t **outp);
3044
+
3045
+ // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
3046
+ // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
3047
+ // |out_digest| may be NULL to skip those fields.
3048
+ OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
3049
+ const X509_ALGOR **out_alg,
3050
+ const ASN1_OCTET_STRING **out_digest);
3051
+
3052
+ // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
3053
+ OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
3054
+ ASN1_OCTET_STRING **out_digest);
3055
+
3056
+
3057
+ // Printing functions.
3058
+ //
3059
+ // The following functions output human-readable representations of
3060
+ // X.509-related structures. They should only be used for debugging or logging
3061
+ // and not parsed programmatically. In many cases, the outputs are ambiguous, so
3062
+ // attempting to parse them can lead to string injection vulnerabilities.
3063
+
3064
+ // The following flags control |X509_print_ex| and |X509_REQ_print_ex|. These
3065
+ // flags co-exist with |X509V3_EXT_*|, so avoid collisions when adding new ones.
3066
+
3067
+ // X509_FLAG_COMPAT disables all flags. It additionally causes names to be
3068
+ // printed with a 16-byte indent.
3069
+ #define X509_FLAG_COMPAT 0
3070
+
3071
+ // X509_FLAG_NO_HEADER skips a header identifying the type of object printed.
3072
+ #define X509_FLAG_NO_HEADER 1L
3073
+
3074
+ // X509_FLAG_NO_VERSION skips printing the X.509 version number.
3075
+ #define X509_FLAG_NO_VERSION (1L << 1)
3076
+
3077
+ // X509_FLAG_NO_SERIAL skips printing the serial number. It is ignored in
3078
+ // |X509_REQ_print_fp|.
3079
+ #define X509_FLAG_NO_SERIAL (1L << 2)
3080
+
3081
+ // X509_FLAG_NO_SIGNAME skips printing the signature algorithm in the
3082
+ // TBSCertificate. It is ignored in |X509_REQ_print_fp|.
3083
+ #define X509_FLAG_NO_SIGNAME (1L << 3)
3084
+
3085
+ // X509_FLAG_NO_ISSUER skips printing the issuer.
3086
+ #define X509_FLAG_NO_ISSUER (1L << 4)
3087
+
3088
+ // X509_FLAG_NO_VALIDITY skips printing the notBefore and notAfter times. It is
3089
+ // ignored in |X509_REQ_print_fp|.
3090
+ #define X509_FLAG_NO_VALIDITY (1L << 5)
3091
+
3092
+ // X509_FLAG_NO_SUBJECT skips printing the subject.
3093
+ #define X509_FLAG_NO_SUBJECT (1L << 6)
1678
3094
 
1679
3095
  // X509_FLAG_NO_PUBKEY skips printing the public key.
1680
3096
  #define X509_FLAG_NO_PUBKEY (1L << 7)
@@ -1700,10 +3116,34 @@ OPENSSL_EXPORT int i2d_NETSCAPE_SPKAC(const NETSCAPE_SPKAC *spkac,
1700
3116
  // certificate. It is ignored in |X509_REQ_print_fp|.
1701
3117
  #define X509_FLAG_NO_IDS (1L << 12)
1702
3118
 
3119
+ // The following flags control |X509_print_ex|, |X509_REQ_print_ex|,
3120
+ // |X509V3_EXT_print|, and |X509V3_extensions_print|. These flags coexist with
3121
+ // |X509_FLAG_*|, so avoid collisions when adding new ones.
3122
+
3123
+ // X509V3_EXT_UNKNOWN_MASK is a mask that determines how unknown extensions are
3124
+ // processed.
3125
+ #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
3126
+
3127
+ // X509V3_EXT_DEFAULT causes unknown extensions or syntax errors to return
3128
+ // failure.
3129
+ #define X509V3_EXT_DEFAULT 0
3130
+
3131
+ // X509V3_EXT_ERROR_UNKNOWN causes unknown extensions or syntax errors to print
3132
+ // as "<Not Supported>" or "<Parse Error>", respectively.
3133
+ #define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
3134
+
3135
+ // X509V3_EXT_PARSE_UNKNOWN is deprecated and behaves like
3136
+ // |X509V3_EXT_DUMP_UNKNOWN|.
3137
+ #define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
3138
+
3139
+ // X509V3_EXT_DUMP_UNKNOWN causes unknown extensions to be displayed as a
3140
+ // hexdump.
3141
+ #define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
3142
+
1703
3143
  // X509_print_ex writes a human-readable representation of |x| to |bp|. It
1704
3144
  // returns one on success and zero on error. |nmflags| is the flags parameter
1705
3145
  // for |X509_NAME_print_ex| when printing the subject and issuer. |cflag| should
1706
- // be some combination of the |X509_FLAG_*| constants.
3146
+ // be some combination of the |X509_FLAG_*| and |X509V3_EXT_*| constants.
1707
3147
  OPENSSL_EXPORT int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
1708
3148
  unsigned long cflag);
1709
3149
 
@@ -1728,7 +3168,7 @@ OPENSSL_EXPORT int X509_CRL_print_fp(FILE *fp, X509_CRL *x);
1728
3168
  // X509_REQ_print_ex writes a human-readable representation of |x| to |bp|. It
1729
3169
  // returns one on success and zero on error. |nmflags| is the flags parameter
1730
3170
  // for |X509_NAME_print_ex|, when printing the subject. |cflag| should be some
1731
- // combination of the |X509_FLAG_*| constants.
3171
+ // combination of the |X509_FLAG_*| and |X509V3_EXT_*| constants.
1732
3172
  OPENSSL_EXPORT int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
1733
3173
  unsigned long cflag);
1734
3174
 
@@ -1846,6 +3286,40 @@ OPENSSL_EXPORT int X509_signature_dump(BIO *bio, const ASN1_STRING *sig,
1846
3286
  OPENSSL_EXPORT int X509_signature_print(BIO *bio, const X509_ALGOR *alg,
1847
3287
  const ASN1_STRING *sig);
1848
3288
 
3289
+ // X509V3_EXT_print prints a human-readable representation of |ext| to out. It
3290
+ // returns one on success and zero on error. The output is indented by |indent|
3291
+ // spaces. |flag| is one of the |X509V3_EXT_*| constants and controls printing
3292
+ // of unknown extensions and syntax errors.
3293
+ //
3294
+ // WARNING: Although some applications programmatically parse the output of this
3295
+ // function to process X.509 extensions, this is not safe. In many cases, the
3296
+ // outputs are ambiguous to attempting to parse them can lead to string
3297
+ // injection vulnerabilities. These functions should only be used for debugging
3298
+ // or logging.
3299
+ OPENSSL_EXPORT int X509V3_EXT_print(BIO *out, const X509_EXTENSION *ext,
3300
+ unsigned long flag, int indent);
3301
+
3302
+ // X509V3_EXT_print_fp behaves like |X509V3_EXT_print| but writes to a |FILE|
3303
+ // instead of a |BIO|.
3304
+ OPENSSL_EXPORT int X509V3_EXT_print_fp(FILE *out, const X509_EXTENSION *ext,
3305
+ int flag, int indent);
3306
+
3307
+ // X509V3_extensions_print prints |title|, followed by a human-readable
3308
+ // representation of |exts| to |out|. It returns one on success and zero on
3309
+ // error. The output is indented by |indent| spaces. |flag| is one of the
3310
+ // |X509V3_EXT_*| constants and controls printing of unknown extensions and
3311
+ // syntax errors.
3312
+ OPENSSL_EXPORT int X509V3_extensions_print(BIO *out, const char *title,
3313
+ const STACK_OF(X509_EXTENSION) *exts,
3314
+ unsigned long flag, int indent);
3315
+
3316
+ // GENERAL_NAME_print prints a human-readable representation of |gen| to |out|.
3317
+ // It returns one on success and zero on error.
3318
+ //
3319
+ // TODO(davidben): Actually, it just returns one and doesn't check for I/O or
3320
+ // allocation errors. But it should return zero on error.
3321
+ OPENSSL_EXPORT int GENERAL_NAME_print(BIO *out, const GENERAL_NAME *gen);
3322
+
1849
3323
 
1850
3324
  // Convenience functions.
1851
3325
 
@@ -2026,6 +3500,55 @@ OPENSSL_EXPORT ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s, int offset_day,
2026
3500
  // current time.
2027
3501
  OPENSSL_EXPORT ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long offset_sec);
2028
3502
 
3503
+ // X509_issuer_name_cmp behaves like |X509_NAME_cmp|, but compares |a| and |b|'s
3504
+ // issuer names.
3505
+ OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
3506
+
3507
+ // X509_subject_name_cmp behaves like |X509_NAME_cmp|, but compares |a| and
3508
+ // |b|'s subject names.
3509
+ OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
3510
+
3511
+ // X509_CRL_cmp behaves like |X509_NAME_cmp|, but compares |a| and |b|'s
3512
+ // issuer names.
3513
+ //
3514
+ // WARNING: This function is misnamed. It does not compare other parts of the
3515
+ // CRL, only the issuer fields using |X509_NAME_cmp|.
3516
+ OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
3517
+
3518
+ // X509_issuer_name_hash returns the hash of |x509|'s issuer name with
3519
+ // |X509_NAME_hash|.
3520
+ //
3521
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3522
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3523
+ // there will be hash collisions. It also depends on an OpenSSL-specific
3524
+ // canonicalization process.
3525
+ OPENSSL_EXPORT uint32_t X509_issuer_name_hash(X509 *x509);
3526
+
3527
+ // X509_subject_name_hash returns the hash of |x509|'s subject name with
3528
+ // |X509_NAME_hash|.
3529
+ //
3530
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3531
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3532
+ // there will be hash collisions. It also depends on an OpenSSL-specific
3533
+ // canonicalization process.
3534
+ OPENSSL_EXPORT uint32_t X509_subject_name_hash(X509 *x509);
3535
+
3536
+ // X509_issuer_name_hash_old returns the hash of |x509|'s issuer name with
3537
+ // |X509_NAME_hash_old|.
3538
+ //
3539
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3540
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3541
+ // there will be hash collisions.
3542
+ OPENSSL_EXPORT uint32_t X509_issuer_name_hash_old(X509 *x509);
3543
+
3544
+ // X509_subject_name_hash_old returns the hash of |x509|'s usjbect name with
3545
+ // |X509_NAME_hash_old|.
3546
+ //
3547
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
3548
+ // not suitable for general-purpose X.509 name processing. It is very short, so
3549
+ // there will be hash collisions.
3550
+ OPENSSL_EXPORT uint32_t X509_subject_name_hash_old(X509 *x509);
3551
+
2029
3552
 
2030
3553
  // ex_data functions.
2031
3554
  //
@@ -2047,175 +3570,232 @@ OPENSSL_EXPORT int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx,
2047
3570
  OPENSSL_EXPORT void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
2048
3571
 
2049
3572
 
2050
- // Deprecated functions.
2051
-
2052
- // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
2053
- // const-correct for legacy reasons. Use |X509_get0_notBefore| or
2054
- // |X509_getm_notBefore| instead.
2055
- OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
2056
-
2057
- // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
2058
- // const-correct for legacy reasons. Use |X509_get0_notAfter| or
2059
- // |X509_getm_notAfter| instead.
2060
- OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
2061
-
2062
- // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
2063
- // instead.
2064
- OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
2065
-
2066
- // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
2067
- // instead.
2068
- OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
3573
+ // Hashing and signing ASN.1 structures.
2069
3574
 
2070
- // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
2071
- // The OpenSSL API refers to this field as lastUpdate.
3575
+ // ASN1_digest serializes |data| with |i2d| and then hashes the result with
3576
+ // |type|. On success, it returns one, writes the digest to |md|, and sets
3577
+ // |*len| to the digest length if non-NULL. On error, it returns zero.
2072
3578
  //
2073
- // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
2074
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
2075
-
2076
- // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
2077
- // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
2078
- // |X509_CRL_set1_nextUpdate| instead.
2079
- OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
2080
-
2081
- // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
2082
- // |X509_get_pubkey| instead.
2083
- #define X509_extract_key(x) X509_get_pubkey(x)
2084
-
2085
- // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
2086
- #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
2087
-
2088
- // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
2089
- #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
2090
-
2091
- // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
2092
- #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
2093
- #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
2094
-
2095
- // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
2096
- // Prefer |X509_get0_serialNumber|.
2097
- OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
2098
-
2099
- // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
2100
- // |name|. If found, it ignores the value's ASN.1 type, writes the raw
2101
- // |ASN1_STRING| representation to |buf|, followed by a NUL byte, and
2102
- // returns the number of bytes in output, excluding the NUL byte.
2103
- //
2104
- // This function writes at most |len| bytes, including the NUL byte. If |len| is
2105
- // not large enough, it silently truncates the output to fit. If |buf| is NULL,
2106
- // it instead writes enough and returns the number of bytes in the output,
2107
- // excluding the NUL byte.
2108
- //
2109
- // WARNING: Do not use this function. It does not return enough information for
2110
- // the caller to correctly interpret its output. The attribute value may be of
2111
- // any type, including one of several ASN.1 string encodings, but this function
2112
- // only outputs the raw |ASN1_STRING| representation. See
2113
- // https://crbug.com/boringssl/436.
2114
- OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
2115
- const ASN1_OBJECT *obj, char *buf,
2116
- int len);
2117
-
2118
- // X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
2119
- // finds an attribute of type |nid|, which should be one of the |NID_*|
2120
- // constants.
2121
- OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
2122
- char *buf, int len);
2123
-
2124
-
2125
- // Private structures.
2126
-
2127
- struct X509_algor_st {
2128
- ASN1_OBJECT *algorithm;
2129
- ASN1_TYPE *parameter;
2130
- } /* X509_ALGOR */;
2131
-
2132
-
2133
- // Functions below this point have not yet been organized into sections.
2134
-
2135
- #define X509_FILETYPE_PEM 1
2136
- #define X509_FILETYPE_ASN1 2
2137
- #define X509_FILETYPE_DEFAULT 3
2138
-
2139
- #define X509v3_KU_DIGITAL_SIGNATURE 0x0080
2140
- #define X509v3_KU_NON_REPUDIATION 0x0040
2141
- #define X509v3_KU_KEY_ENCIPHERMENT 0x0020
2142
- #define X509v3_KU_DATA_ENCIPHERMENT 0x0010
2143
- #define X509v3_KU_KEY_AGREEMENT 0x0008
2144
- #define X509v3_KU_KEY_CERT_SIGN 0x0004
2145
- #define X509v3_KU_CRL_SIGN 0x0002
2146
- #define X509v3_KU_ENCIPHER_ONLY 0x0001
2147
- #define X509v3_KU_DECIPHER_ONLY 0x8000
2148
- #define X509v3_KU_UNDEF 0xffff
2149
-
2150
- // This stuff is certificate "auxiliary info"
2151
- // it contains details which are useful in certificate
2152
- // stores and databases. When used this is tagged onto
2153
- // the end of the certificate itself
2154
-
2155
- DECLARE_STACK_OF(DIST_POINT)
2156
- DECLARE_STACK_OF(GENERAL_NAME)
3579
+ // |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. The
3580
+ // buffer must have sufficient space for this output.
3581
+ OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
3582
+ unsigned char *md, unsigned int *len);
2157
3583
 
2158
- // This is used for a table of trust checking functions
3584
+ // ASN1_item_digest serializes |data| with |it| and then hashes the result with
3585
+ // |type|. On success, it returns one, writes the digest to |md|, and sets
3586
+ // |*len| to the digest length if non-NULL. On error, it returns zero.
3587
+ //
3588
+ // |EVP_MD_CTX_size| bytes are written, which is at most |EVP_MAX_MD_SIZE|. The
3589
+ // buffer must have sufficient space for this output.
3590
+ //
3591
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3592
+ // C type. Using the wrong type is a potentially exploitable memory error.
3593
+ OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
3594
+ void *data, unsigned char *md,
3595
+ unsigned int *len);
2159
3596
 
2160
- struct x509_trust_st {
2161
- int trust;
2162
- int flags;
2163
- int (*check_trust)(struct x509_trust_st *, X509 *, int);
2164
- char *name;
2165
- int arg1;
2166
- void *arg2;
2167
- } /* X509_TRUST */;
3597
+ // ASN1_item_verify serializes |data| with |it| and then verifies |signature| is
3598
+ // a valid signature for the result with |algor1| and |pkey|. It returns one on
3599
+ // success and zero on error. The signature and algorithm are interpreted as in
3600
+ // X.509.
3601
+ //
3602
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3603
+ // C type. Using the wrong type is a potentially exploitable memory error.
3604
+ OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
3605
+ const X509_ALGOR *algor1,
3606
+ const ASN1_BIT_STRING *signature,
3607
+ void *data, EVP_PKEY *pkey);
2168
3608
 
2169
- DEFINE_STACK_OF(X509_TRUST)
3609
+ // ASN1_item_sign serializes |data| with |it| and then signs the result with
3610
+ // the private key |pkey|. It returns the length of the signature on success and
3611
+ // zero on error. On success, it writes the signature to |signature| and the
3612
+ // signature algorithm to each of |algor1| and |algor2|. Either of |algor1| or
3613
+ // |algor2| may be NULL to ignore them. This function uses digest algorithm
3614
+ // |md|, or |pkey|'s default if NULL. Other signing parameters use |pkey|'s
3615
+ // defaults. To customize them, use |ASN1_item_sign_ctx|.
3616
+ //
3617
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3618
+ // C type. Using the wrong type is a potentially exploitable memory error.
3619
+ OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
3620
+ X509_ALGOR *algor2,
3621
+ ASN1_BIT_STRING *signature, void *data,
3622
+ EVP_PKEY *pkey, const EVP_MD *type);
2170
3623
 
2171
- // standard trust ids
3624
+ // ASN1_item_sign_ctx behaves like |ASN1_item_sign| except the signature is
3625
+ // signed with |ctx|, |ctx|, which must have been initialized with
3626
+ // |EVP_DigestSignInit|. The caller should configure the corresponding
3627
+ // |EVP_PKEY_CTX| with any additional parameters before calling this function.
3628
+ //
3629
+ // On success or failure, this function mutates |ctx| and resets it to the empty
3630
+ // state. Caller should not rely on its contents after the function returns.
3631
+ //
3632
+ // WARNING: |data| must be a pointer with the same type as |it|'s corresponding
3633
+ // C type. Using the wrong type is a potentially exploitable memory error.
3634
+ OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
3635
+ X509_ALGOR *algor2,
3636
+ ASN1_BIT_STRING *signature, void *asn,
3637
+ EVP_MD_CTX *ctx);
2172
3638
 
2173
- #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
2174
3639
 
2175
- #define X509_TRUST_COMPAT 1
2176
- #define X509_TRUST_SSL_CLIENT 2
2177
- #define X509_TRUST_SSL_SERVER 3
2178
- #define X509_TRUST_EMAIL 4
2179
- #define X509_TRUST_OBJECT_SIGN 5
2180
- #define X509_TRUST_OCSP_SIGN 6
2181
- #define X509_TRUST_OCSP_REQUEST 7
2182
- #define X509_TRUST_TSA 8
3640
+ // Verification internals.
3641
+ //
3642
+ // The following functions expose portions of certificate validation. They are
3643
+ // exported for compatibility with existing callers, or to support some obscure
3644
+ // use cases. Most callers, however, will not need these functions and should
3645
+ // instead use |X509_STORE_CTX| APIs.
2183
3646
 
2184
- // Keep these up to date!
2185
- #define X509_TRUST_MIN 1
2186
- #define X509_TRUST_MAX 8
3647
+ // X509_supported_extension returns one if |ex| is a critical X.509 certificate
3648
+ // extension, supported by |X509_verify_cert|, and zero otherwise.
3649
+ //
3650
+ // Note this function only reports certificate extensions (as opposed to CRL or
3651
+ // CRL extensions), and only extensions that are expected to be marked critical.
3652
+ // Additionally, |X509_verify_cert| checks for unsupported critical extensions
3653
+ // internally, so most callers will not need to call this function separately.
3654
+ OPENSSL_EXPORT int X509_supported_extension(const X509_EXTENSION *ex);
3655
+
3656
+ // X509_check_ca returns one if |x509| may be considered a CA certificate,
3657
+ // according to basic constraints and key usage extensions. Otherwise, it
3658
+ // returns zero. If |x509| is an X509v1 certificate, and thus has no extensions,
3659
+ // it is considered eligible.
3660
+ //
3661
+ // This function returning one does not indicate that |x509| is trusted, only
3662
+ // that it is eligible to be a CA.
3663
+ //
3664
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
3665
+ OPENSSL_EXPORT int X509_check_ca(X509 *x509);
2187
3666
 
3667
+ // X509_check_issued checks if |issuer| and |subject|'s name, authority key
3668
+ // identifier, and key usage fields allow |issuer| to have issued |subject|. It
3669
+ // returns |X509_V_OK| on success and an |X509_V_ERR_*| value otherwise.
3670
+ //
3671
+ // This function does not check the signature on |subject|. Rather, it is
3672
+ // intended to prune the set of possible issuer certificates during
3673
+ // path-building.
3674
+ //
3675
+ // TODO(crbug.com/boringssl/407): Both parameters should be const.
3676
+ OPENSSL_EXPORT int X509_check_issued(X509 *issuer, X509 *subject);
2188
3677
 
2189
- // trust_flags values
2190
- #define X509_TRUST_DYNAMIC 1
2191
- #define X509_TRUST_DYNAMIC_NAME 2
3678
+ // NAME_CONSTRAINTS_check checks if |x509| satisfies name constraints in |nc|.
3679
+ // It returns |X509_V_OK| on success and some |X509_V_ERR_*| constant on error.
3680
+ //
3681
+ // TODO(crbug.com/boringssl/407): Both parameters should be const.
3682
+ OPENSSL_EXPORT int NAME_CONSTRAINTS_check(X509 *x509, NAME_CONSTRAINTS *nc);
3683
+
3684
+ // X509_check_host checks if |x509| matches the DNS name |chk|. It returns one
3685
+ // on match, zero on mismatch, or a negative number on error. |flags| should be
3686
+ // some combination of |X509_CHECK_FLAG_*| and modifies the behavior. On match,
3687
+ // if |out_peername| is non-NULL, it additionally sets |*out_peername| to a
3688
+ // newly-allocated, NUL-terminated string containing the DNS name or wildcard in
3689
+ // the certificate which matched. The caller must then free |*out_peername| with
3690
+ // |OPENSSL_free| when done.
3691
+ //
3692
+ // By default, both subject alternative names and the subject's common name
3693
+ // attribute are checked. The latter has long been deprecated, so callers should
3694
+ // include |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| in |flags| to use the standard
3695
+ // behavior. https://crbug.com/boringssl/464 tracks fixing the default.
3696
+ //
3697
+ // This function does not check if |x509| is a trusted certificate, only if,
3698
+ // were it trusted, it would match |chk|.
3699
+ //
3700
+ // WARNING: This function differs from the usual calling convention and may
3701
+ // return either 0 or a negative number on error.
3702
+ //
3703
+ // TODO(davidben): Make the error case also return zero.
3704
+ OPENSSL_EXPORT int X509_check_host(const X509 *x509, const char *chk,
3705
+ size_t chklen, unsigned int flags,
3706
+ char **out_peername);
3707
+
3708
+ // X509_check_email checks if |x509| matches the email address |chk|. It returns
3709
+ // one on match, zero on mismatch, or a negative number on error. |flags| should
3710
+ // be some combination of |X509_CHECK_FLAG_*| and modifies the behavior.
3711
+ //
3712
+ // By default, both subject alternative names and the subject's email address
3713
+ // attribute are checked. The |X509_CHECK_FLAG_NEVER_CHECK_SUBJECT| flag may be
3714
+ // used to change this behavior.
3715
+ //
3716
+ // This function does not check if |x509| is a trusted certificate, only if,
3717
+ // were it trusted, it would match |chk|.
3718
+ //
3719
+ // WARNING: This function differs from the usual calling convention and may
3720
+ // return either 0 or a negative number on error.
3721
+ //
3722
+ // TODO(davidben): Make the error case also return zero.
3723
+ OPENSSL_EXPORT int X509_check_email(const X509 *x509, const char *chk,
3724
+ size_t chklen, unsigned int flags);
3725
+
3726
+ // X509_check_ip checks if |x509| matches the IP address |chk|. The IP address
3727
+ // is represented in byte form and should be 4 bytes for an IPv4 address and 16
3728
+ // bytes for an IPv6 address. It returns one on match, zero on mismatch, or a
3729
+ // negative number on error. |flags| should be some combination of
3730
+ // |X509_CHECK_FLAG_*| and modifies the behavior.
3731
+ //
3732
+ // This function does not check if |x509| is a trusted certificate, only if,
3733
+ // were it trusted, it would match |chk|.
3734
+ //
3735
+ // WARNING: This function differs from the usual calling convention and may
3736
+ // return either 0 or a negative number on error.
3737
+ //
3738
+ // TODO(davidben): Make the error case also return zero.
3739
+ OPENSSL_EXPORT int X509_check_ip(const X509 *x509, const uint8_t *chk,
3740
+ size_t chklen, unsigned int flags);
2192
3741
 
2193
- // check_trust return codes
3742
+ // X509_check_ip_asc behaves like |X509_check_ip| except the IP address is
3743
+ // specified in textual form in |ipasc|.
3744
+ //
3745
+ // WARNING: This function differs from the usual calling convention and may
3746
+ // return either 0 or a negative number on error.
3747
+ //
3748
+ // TODO(davidben): Make the error case also return zero.
3749
+ OPENSSL_EXPORT int X509_check_ip_asc(const X509 *x509, const char *ipasc,
3750
+ unsigned int flags);
3751
+
3752
+ // X509_STORE_CTX_get1_issuer looks up a candidate trusted issuer for |x509| out
3753
+ // of |ctx|'s |X509_STORE|, based on the criteria in |X509_check_issued|. If one
3754
+ // was found, it returns one and sets |*out_issuer| to the issuer. The caller
3755
+ // must release |*out_issuer| with |X509_free| when done. If none was found, it
3756
+ // returns zero and leaves |*out_issuer| unchanged.
3757
+ //
3758
+ // This function only searches for trusted issuers. It does not consider
3759
+ // untrusted intermediates passed in to |X509_STORE_CTX_init|.
3760
+ //
3761
+ // TODO(crbug.com/boringssl/407): |x509| should be const.
3762
+ OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **out_issuer,
3763
+ X509_STORE_CTX *ctx, X509 *x509);
3764
+
3765
+ // X509_check_purpose performs checks if |x509|'s basic constraints, key usage,
3766
+ // and extended key usage extensions for the specified purpose. |purpose| should
3767
+ // be one of |X509_PURPOSE_*| constants. See |X509_VERIFY_PARAM_set_purpose| for
3768
+ // details. It returns one if |x509|'s extensions are consistent with |purpose|
3769
+ // and zero otherwise. If |ca| is non-zero, |x509| is checked as a CA
3770
+ // certificate. Otherwise, it is checked as an end-entity certificate.
3771
+ //
3772
+ // If |purpose| is -1, this function performs no purpose checks, but it parses
3773
+ // some extensions in |x509| and may return zero on syntax error. Historically,
3774
+ // callers primarily used this function to trigger this parsing, but this is no
3775
+ // longer necessary. Functions acting on |X509| will internally parse as needed.
3776
+ OPENSSL_EXPORT int X509_check_purpose(X509 *x509, int purpose, int ca);
2194
3777
 
2195
3778
  #define X509_TRUST_TRUSTED 1
2196
3779
  #define X509_TRUST_REJECTED 2
2197
3780
  #define X509_TRUST_UNTRUSTED 3
2198
3781
 
2199
- DEFINE_STACK_OF(X509_REVOKED)
3782
+ // X509_check_trust checks if |x509| is a valid trust anchor for trust type
3783
+ // |id|. See |X509_VERIFY_PARAM_set_trust| for details. It returns
3784
+ // |X509_TRUST_TRUSTED| if |x509| is a trust anchor, |X509_TRUST_REJECTED| if it
3785
+ // was distrusted, and |X509_TRUST_UNTRUSTED| otherwise. |id| should be one of
3786
+ // the |X509_TRUST_*| constants, or zero to indicate the default behavior.
3787
+ // |flags| should be zero and is ignored.
3788
+ OPENSSL_EXPORT int X509_check_trust(X509 *x509, int id, int flags);
2200
3789
 
2201
- DECLARE_STACK_OF(GENERAL_NAMES)
2202
3790
 
2203
- struct private_key_st {
2204
- int version;
2205
- // The PKCS#8 data types
2206
- X509_ALGOR *enc_algor;
2207
- ASN1_OCTET_STRING *enc_pkey; // encrypted pub key
3791
+ // X.509 information.
3792
+ //
3793
+ // |X509_INFO| is the return type for |PEM_X509_INFO_read_bio|, defined in
3794
+ // <openssl/pem.h>. It is used to store a certificate, CRL, or private key. This
3795
+ // type is defined in this header for OpenSSL compatibility.
2208
3796
 
2209
- // When decrypted, the following will not be NULL
3797
+ struct private_key_st {
2210
3798
  EVP_PKEY *dec_pkey;
2211
-
2212
- // used to encrypt and decrypt
2213
- int key_length;
2214
- char *key_data;
2215
- int key_free; // true if we should auto free key_data
2216
-
2217
- // expanded version of 'enc_algor'
2218
- EVP_CIPHER_INFO cipher;
2219
3799
  } /* X509_PKEY */;
2220
3800
 
2221
3801
  struct X509_info_st {
@@ -2226,329 +3806,507 @@ struct X509_info_st {
2226
3806
  EVP_CIPHER_INFO enc_cipher;
2227
3807
  int enc_len;
2228
3808
  char *enc_data;
2229
-
2230
3809
  } /* X509_INFO */;
2231
3810
 
2232
3811
  DEFINE_STACK_OF(X509_INFO)
2233
3812
 
2234
- // X509_get_pathlen returns path length constraint from the basic constraints
2235
- // extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
2236
- // constraint is not present, or if some extension in |x509| was invalid.
2237
- //
2238
- // Note that decoding an |X509| object will not check for invalid extensions. To
2239
- // detect the error case, call |X509_get_extensions_flags| and check the
2240
- // |EXFLAG_INVALID| bit.
2241
- OPENSSL_EXPORT long X509_get_pathlen(X509 *x509);
2242
-
2243
- // X509_SIG_get0 sets |*out_alg| and |*out_digest| to non-owning pointers to
2244
- // |sig|'s algorithm and digest fields, respectively. Either |out_alg| and
2245
- // |out_digest| may be NULL to skip those fields.
2246
- OPENSSL_EXPORT void X509_SIG_get0(const X509_SIG *sig,
2247
- const X509_ALGOR **out_alg,
2248
- const ASN1_OCTET_STRING **out_digest);
2249
-
2250
- // X509_SIG_getm behaves like |X509_SIG_get0| but returns mutable pointers.
2251
- OPENSSL_EXPORT void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **out_alg,
2252
- ASN1_OCTET_STRING **out_digest);
3813
+ // X509_INFO_free releases memory associated with |info|.
3814
+ OPENSSL_EXPORT void X509_INFO_free(X509_INFO *info);
2253
3815
 
2254
- // X509_verify_cert_error_string returns |err| as a human-readable string, where
2255
- // |err| should be one of the |X509_V_*| values. If |err| is unknown, it returns
2256
- // a default description.
2257
- OPENSSL_EXPORT const char *X509_verify_cert_error_string(long err);
2258
-
2259
- // X509_REVOKED_dup returns a newly-allocated copy of |rev|, or NULL on error.
2260
- // This function works by serializing the structure, so if |rev| is incomplete,
2261
- // it may fail.
2262
- OPENSSL_EXPORT X509_REVOKED *X509_REVOKED_dup(const X509_REVOKED *rev);
2263
-
2264
- OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
2265
- OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
2266
- OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
2267
- OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
2268
- OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
2269
- OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
2270
3816
 
2271
- DECLARE_ASN1_FUNCTIONS_const(X509_PUBKEY)
3817
+ // Deprecated config-based extension creation.
3818
+ //
3819
+ // The following functions allow specifying X.509 extensions using OpenSSL's
3820
+ // config file syntax, from the OpenSSL command-line tool. They are retained,
3821
+ // for now, for compatibility with legacy software but may be removed in the
3822
+ // future. Construct the extensions using the typed C APIs instead.
3823
+ //
3824
+ // Callers should especially avoid these functions if passing in non-constant
3825
+ // values. They use ad-hoc, string-based formats which are prone to injection
3826
+ // vulnerabilities. For a CA, this means using them risks misissuance.
3827
+ //
3828
+ // These functions are not safe to use with untrusted inputs. The string formats
3829
+ // may implicitly reference context information and, in OpenSSL (though not
3830
+ // BoringSSL), one even allows reading arbitrary files. Many formats can also
3831
+ // produce far larger outputs than their inputs, so untrusted inputs may lead to
3832
+ // denial-of-service attacks. Finally, the parsers see much less testing and
3833
+ // review than most of the library and may have bugs including memory leaks or
3834
+ // crashes.
3835
+
3836
+ // v3_ext_ctx, aka |X509V3_CTX|, contains additional context information for
3837
+ // constructing extensions. Some string formats reference additional values in
3838
+ // these objects. It must be initialized with |X509V3_set_ctx| or
3839
+ // |X509V3_set_ctx_test| before use.
3840
+ struct v3_ext_ctx {
3841
+ int flags;
3842
+ const X509 *issuer_cert;
3843
+ const X509 *subject_cert;
3844
+ const X509_REQ *subject_req;
3845
+ const X509_CRL *crl;
3846
+ const CONF *db;
3847
+ };
3848
+
3849
+ #define X509V3_CTX_TEST 0x1
3850
+
3851
+ // X509V3_set_ctx initializes |ctx| with the specified objects. Some string
3852
+ // formats will reference fields in these objects. Each object may be NULL to
3853
+ // omit it, in which case those formats cannot be used. |flags| should be zero,
3854
+ // unless called via |X509V3_set_ctx_test|.
3855
+ //
3856
+ // |issuer|, |subject|, |req|, and |crl|, if non-NULL, must outlive |ctx|.
3857
+ OPENSSL_EXPORT void X509V3_set_ctx(X509V3_CTX *ctx, const X509 *issuer,
3858
+ const X509 *subject, const X509_REQ *req,
3859
+ const X509_CRL *crl, int flags);
3860
+
3861
+ // X509V3_set_ctx_test calls |X509V3_set_ctx| without any reference objects and
3862
+ // mocks out some features that use them. The resulting extensions may be
3863
+ // incomplete and should be discarded. This can be used to partially validate
3864
+ // syntax.
3865
+ //
3866
+ // TODO(davidben): Can we remove this?
3867
+ #define X509V3_set_ctx_test(ctx) \
3868
+ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
3869
+
3870
+ // X509V3_set_nconf sets |ctx| to use |conf| as the config database. |ctx| must
3871
+ // have previously been initialized by |X509V3_set_ctx| or
3872
+ // |X509V3_set_ctx_test|. Some string formats will reference sections in |conf|.
3873
+ // |conf| may be NULL, in which case these formats cannot be used. If non-NULL,
3874
+ // |conf| must outlive |ctx|.
3875
+ OPENSSL_EXPORT void X509V3_set_nconf(X509V3_CTX *ctx, const CONF *conf);
3876
+
3877
+ // X509V3_set_ctx_nodb calls |X509V3_set_nconf| with no config database.
3878
+ #define X509V3_set_ctx_nodb(ctx) X509V3_set_nconf(ctx, NULL)
3879
+
3880
+ // X509V3_EXT_nconf constructs an extension of type specified by |name|, and
3881
+ // value specified by |value|. It returns a newly-allocated |X509_EXTENSION|
3882
+ // object on success, or NULL on error. |conf| and |ctx| specify additional
3883
+ // information referenced by some formats. Either |conf| or |ctx| may be NULL,
3884
+ // in which case features which use it will be disabled.
3885
+ //
3886
+ // If non-NULL, |ctx| must be initialized with |X509V3_set_ctx| or
3887
+ // |X509V3_set_ctx_test|.
3888
+ //
3889
+ // Both |conf| and |ctx| provide a |CONF| object. When |ctx| is non-NULL, most
3890
+ // features use the |ctx| copy, configured with |X509V3_set_ctx|, but some use
3891
+ // |conf|. Callers should ensure the two match to avoid surprisingly behavior.
3892
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf(const CONF *conf,
3893
+ const X509V3_CTX *ctx,
3894
+ const char *name,
3895
+ const char *value);
3896
+
3897
+ // X509V3_EXT_nconf_nid behaves like |X509V3_EXT_nconf|, except the extension
3898
+ // type is specified as a NID.
3899
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_nconf_nid(const CONF *conf,
3900
+ const X509V3_CTX *ctx,
3901
+ int ext_nid,
3902
+ const char *value);
3903
+
3904
+ // X509V3_EXT_conf_nid calls |X509V3_EXT_nconf_nid|. |conf| must be NULL.
3905
+ //
3906
+ // TODO(davidben): This is the only exposed instance of an LHASH in our public
3907
+ // headers. cryptography.io wraps this function so we cannot, yet, replace the
3908
+ // type with a dummy struct.
3909
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
3910
+ const X509V3_CTX *ctx,
3911
+ int ext_nid,
3912
+ const char *value);
3913
+
3914
+ // X509V3_EXT_add_nconf_sk looks up the section named |section| in |conf|. For
3915
+ // each |CONF_VALUE| in the section, it constructs an extension as in
3916
+ // |X509V3_EXT_nconf|, taking |name| and |value| from the |CONF_VALUE|. Each new
3917
+ // extension is appended to |*sk|. If |*sk| is non-NULL, and at least one
3918
+ // extension is added, it sets |*sk| to a newly-allocated
3919
+ // |STACK_OF(X509_EXTENSION)|. It returns one on success and zero on error.
3920
+ OPENSSL_EXPORT int X509V3_EXT_add_nconf_sk(const CONF *conf,
3921
+ const X509V3_CTX *ctx,
3922
+ const char *section,
3923
+ STACK_OF(X509_EXTENSION) **sk);
3924
+
3925
+ // X509V3_EXT_add_nconf adds extensions to |cert| as in
3926
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3927
+ OPENSSL_EXPORT int X509V3_EXT_add_nconf(const CONF *conf, const X509V3_CTX *ctx,
3928
+ const char *section, X509 *cert);
3929
+
3930
+ // X509V3_EXT_REQ_add_nconf adds extensions to |req| as in
3931
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3932
+ OPENSSL_EXPORT int X509V3_EXT_REQ_add_nconf(const CONF *conf,
3933
+ const X509V3_CTX *ctx,
3934
+ const char *section, X509_REQ *req);
3935
+
3936
+ // X509V3_EXT_CRL_add_nconf adds extensions to |crl| as in
3937
+ // |X509V3_EXT_add_nconf_sk|. It returns one on success and zero on error.
3938
+ OPENSSL_EXPORT int X509V3_EXT_CRL_add_nconf(const CONF *conf,
3939
+ const X509V3_CTX *ctx,
3940
+ const char *section, X509_CRL *crl);
3941
+
3942
+ // i2s_ASN1_OCTET_STRING returns a human-readable representation of |oct| as a
3943
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3944
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3945
+ OPENSSL_EXPORT char *i2s_ASN1_OCTET_STRING(const X509V3_EXT_METHOD *method,
3946
+ const ASN1_OCTET_STRING *oct);
3947
+
3948
+ // s2i_ASN1_OCTET_STRING decodes |str| as a hexdecimal byte string, with
3949
+ // optional colon separators between bytes. It returns a newly-allocated
3950
+ // |ASN1_OCTET_STRING| with the result on success, or NULL on error. |method|
3951
+ // and |ctx| are ignored.
3952
+ OPENSSL_EXPORT ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(
3953
+ const X509V3_EXT_METHOD *method, const X509V3_CTX *ctx, const char *str);
3954
+
3955
+ // i2s_ASN1_INTEGER returns a human-readable representation of |aint| as a
3956
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3957
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3958
+ OPENSSL_EXPORT char *i2s_ASN1_INTEGER(const X509V3_EXT_METHOD *method,
3959
+ const ASN1_INTEGER *aint);
3960
+
3961
+ // s2i_ASN1_INTEGER decodes |value| as the ASCII representation of an integer,
3962
+ // and returns a newly-allocated |ASN1_INTEGER| containing the result, or NULL
3963
+ // on error. |method| is ignored. If |value| begins with "0x" or "0X", the input
3964
+ // is decoded in hexadecimal, otherwise decimal.
3965
+ OPENSSL_EXPORT ASN1_INTEGER *s2i_ASN1_INTEGER(const X509V3_EXT_METHOD *method,
3966
+ const char *value);
3967
+
3968
+ // i2s_ASN1_ENUMERATED returns a human-readable representation of |aint| as a
3969
+ // newly-allocated, NUL-terminated string, or NULL on error. |method| is
3970
+ // ignored. The caller must release the result with |OPENSSL_free| when done.
3971
+ OPENSSL_EXPORT char *i2s_ASN1_ENUMERATED(const X509V3_EXT_METHOD *method,
3972
+ const ASN1_ENUMERATED *aint);
3973
+
3974
+ // X509V3_conf_free releases memory associated with |CONF_VALUE|.
3975
+ OPENSSL_EXPORT void X509V3_conf_free(CONF_VALUE *val);
3976
+
3977
+ // i2v_GENERAL_NAME serializes |gen| as a |CONF_VALUE|. If |ret| is non-NULL, it
3978
+ // appends the value to |ret| and returns |ret| on success or NULL on error. If
3979
+ // it returns NULL, the caller is still responsible for freeing |ret|. If |ret|
3980
+ // is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)| containing the
3981
+ // result. |method| is ignored. When done, the caller should release the result
3982
+ // with |sk_CONF_VALUE_pop_free| and |X509V3_conf_free|.
3983
+ //
3984
+ // Do not use this function. This is an internal implementation detail of the
3985
+ // human-readable print functions. If extracting a SAN list from a certificate,
3986
+ // look at |gen| directly.
3987
+ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(
3988
+ const X509V3_EXT_METHOD *method, const GENERAL_NAME *gen,
3989
+ STACK_OF(CONF_VALUE) *ret);
3990
+
3991
+ // i2v_GENERAL_NAMES serializes |gen| as a list of |CONF_VALUE|s. If |ret| is
3992
+ // non-NULL, it appends the values to |ret| and returns |ret| on success or NULL
3993
+ // on error. If it returns NULL, the caller is still responsible for freeing
3994
+ // |ret|. If |ret| is NULL, it returns a newly-allocated |STACK_OF(CONF_VALUE)|
3995
+ // containing the results. |method| is ignored.
3996
+ //
3997
+ // Do not use this function. This is an internal implementation detail of the
3998
+ // human-readable print functions. If extracting a SAN list from a certificate,
3999
+ // look at |gen| directly.
4000
+ OPENSSL_EXPORT STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(
4001
+ const X509V3_EXT_METHOD *method, const GENERAL_NAMES *gen,
4002
+ STACK_OF(CONF_VALUE) *extlist);
4003
+
4004
+ // a2i_IPADDRESS decodes |ipasc| as the textual representation of an IPv4 or
4005
+ // IPv6 address. On success, it returns a newly-allocated |ASN1_OCTET_STRING|
4006
+ // containing the decoded IP address. IPv4 addresses are represented as 4-byte
4007
+ // strings and IPv6 addresses as 16-byte strings. On failure, it returns NULL.
4008
+ OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
4009
+
4010
+ // a2i_IPADDRESS_NC decodes |ipasc| as the textual representation of an IPv4 or
4011
+ // IPv6 address range. On success, it returns a newly-allocated
4012
+ // |ASN1_OCTET_STRING| containing the decoded IP address, followed by the
4013
+ // decoded mask. IPv4 ranges are represented as 8-byte strings and IPv6 ranges
4014
+ // as 32-byte strings. On failure, it returns NULL.
4015
+ //
4016
+ // The text format decoded by this function is not the standard CIDR notiation.
4017
+ // Instead, the mask after the "/" is represented as another IP address. For
4018
+ // example, "192.168.0.0/16" would be written "192.168.0.0/255.255.0.0".
4019
+ OPENSSL_EXPORT ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
2272
4020
 
2273
- // X509_PUBKEY_set serializes |pkey| into a newly-allocated |X509_PUBKEY|
2274
- // structure. On success, it frees |*x|, sets |*x| to the new object, and
2275
- // returns one. Otherwise, it returns zero.
2276
- OPENSSL_EXPORT int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
2277
4021
 
2278
- // X509_PUBKEY_get decodes the public key in |key| and returns an |EVP_PKEY| on
2279
- // success, or NULL on error. The caller must release the result with
2280
- // |EVP_PKEY_free| when done. The |EVP_PKEY| is cached in |key|, so callers must
2281
- // not mutate the result.
2282
- OPENSSL_EXPORT EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
4022
+ // Deprecated functions.
2283
4023
 
2284
- DECLARE_ASN1_FUNCTIONS_const(X509_SIG)
4024
+ // X509_get_notBefore returns |x509|'s notBefore time. Note this function is not
4025
+ // const-correct for legacy reasons. Use |X509_get0_notBefore| or
4026
+ // |X509_getm_notBefore| instead.
4027
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notBefore(const X509 *x509);
2285
4028
 
2286
- OPENSSL_EXPORT int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
2287
- OPENSSL_EXPORT int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
2288
- OPENSSL_EXPORT void X509_trust_clear(X509 *x);
2289
- OPENSSL_EXPORT void X509_reject_clear(X509 *x);
4029
+ // X509_get_notAfter returns |x509|'s notAfter time. Note this function is not
4030
+ // const-correct for legacy reasons. Use |X509_get0_notAfter| or
4031
+ // |X509_getm_notAfter| instead.
4032
+ OPENSSL_EXPORT ASN1_TIME *X509_get_notAfter(const X509 *x509);
2290
4033
 
4034
+ // X509_set_notBefore calls |X509_set1_notBefore|. Use |X509_set1_notBefore|
4035
+ // instead.
4036
+ OPENSSL_EXPORT int X509_set_notBefore(X509 *x509, const ASN1_TIME *tm);
2291
4037
 
2292
- OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
4038
+ // X509_set_notAfter calls |X509_set1_notAfter|. Use |X509_set1_notAfter|
4039
+ // instead.
4040
+ OPENSSL_EXPORT int X509_set_notAfter(X509 *x509, const ASN1_TIME *tm);
2293
4041
 
2294
- DECLARE_ASN1_FUNCTIONS_const(X509_REVOKED)
4042
+ // X509_CRL_get_lastUpdate returns a mutable pointer to |crl|'s thisUpdate time.
4043
+ // The OpenSSL API refers to this field as lastUpdate.
4044
+ //
4045
+ // Use |X509_CRL_get0_lastUpdate| or |X509_CRL_set1_lastUpdate| instead.
4046
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl);
2295
4047
 
2296
- OPENSSL_EXPORT int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
2297
- OPENSSL_EXPORT int X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
2298
- ASN1_INTEGER *serial);
2299
- OPENSSL_EXPORT int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret,
2300
- X509 *x);
4048
+ // X509_CRL_get_nextUpdate returns a mutable pointer to |crl|'s nextUpdate time,
4049
+ // or NULL if |crl| has none. Use |X509_CRL_get0_nextUpdate| or
4050
+ // |X509_CRL_set1_nextUpdate| instead.
4051
+ OPENSSL_EXPORT ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl);
2301
4052
 
2302
- OPENSSL_EXPORT X509_PKEY *X509_PKEY_new(void);
2303
- OPENSSL_EXPORT void X509_PKEY_free(X509_PKEY *a);
4053
+ // X509_extract_key is a legacy alias to |X509_get_pubkey|. Use
4054
+ // |X509_get_pubkey| instead.
4055
+ #define X509_extract_key(x) X509_get_pubkey(x)
2304
4056
 
2305
- OPENSSL_EXPORT X509_INFO *X509_INFO_new(void);
2306
- OPENSSL_EXPORT void X509_INFO_free(X509_INFO *a);
4057
+ // X509_REQ_extract_key is a legacy alias for |X509_REQ_get_pubkey|.
4058
+ #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
2307
4059
 
2308
- OPENSSL_EXPORT int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
2309
- unsigned char *md, unsigned int *len);
4060
+ // X509_name_cmp is a legacy alias for |X509_NAME_cmp|.
4061
+ #define X509_name_cmp(a, b) X509_NAME_cmp((a), (b))
2310
4062
 
2311
- OPENSSL_EXPORT int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type,
2312
- void *data, unsigned char *md,
2313
- unsigned int *len);
4063
+ // The following symbols are deprecated aliases to |X509_CRL_set1_*|.
4064
+ #define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
4065
+ #define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
2314
4066
 
2315
- OPENSSL_EXPORT int ASN1_item_verify(const ASN1_ITEM *it,
2316
- const X509_ALGOR *algor1,
2317
- const ASN1_BIT_STRING *signature,
2318
- void *data, EVP_PKEY *pkey);
4067
+ // X509_get_serialNumber returns a mutable pointer to |x509|'s serial number.
4068
+ // Prefer |X509_get0_serialNumber|.
4069
+ OPENSSL_EXPORT ASN1_INTEGER *X509_get_serialNumber(X509 *x509);
2319
4070
 
2320
- OPENSSL_EXPORT int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
2321
- X509_ALGOR *algor2,
2322
- ASN1_BIT_STRING *signature, void *data,
2323
- EVP_PKEY *pkey, const EVP_MD *type);
2324
- OPENSSL_EXPORT int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
2325
- X509_ALGOR *algor2,
2326
- ASN1_BIT_STRING *signature, void *asn,
2327
- EVP_MD_CTX *ctx);
4071
+ // X509_NAME_get_text_by_OBJ finds the first attribute with type |obj| in
4072
+ // |name|. If found, it writes the value's UTF-8 representation to |buf|.
4073
+ // followed by a NUL byte, and returns the number of bytes in the output,
4074
+ // excluding the NUL byte. This is unlike OpenSSL which returns the raw
4075
+ // ASN1_STRING data. The UTF-8 encoding of the |ASN1_STRING| may not contain a 0
4076
+ // codepoint.
4077
+ //
4078
+ // This function writes at most |len| bytes, including the NUL byte. If |buf|
4079
+ // is NULL, it writes nothing and returns the number of bytes in the
4080
+ // output, excluding the NUL byte that would be required for the full UTF-8
4081
+ // output.
4082
+ //
4083
+ // This function may return -1 if an error occurs for any reason, including the
4084
+ // value not being a recognized string type, |len| being of insufficient size to
4085
+ // hold the full UTF-8 encoding and NUL byte, memory allocation failures, an
4086
+ // object with type |obj| not existing in |name|, or if the UTF-8 encoding of
4087
+ // the string contains a zero byte.
4088
+ OPENSSL_EXPORT int X509_NAME_get_text_by_OBJ(const X509_NAME *name,
4089
+ const ASN1_OBJECT *obj, char *buf,
4090
+ int len);
2328
4091
 
2329
- OPENSSL_EXPORT int X509_CRL_sort(X509_CRL *crl);
4092
+ // X509_NAME_get_text_by_NID behaves like |X509_NAME_get_text_by_OBJ| except it
4093
+ // finds an attribute of type |nid|, which should be one of the |NID_*|
4094
+ // constants.
4095
+ OPENSSL_EXPORT int X509_NAME_get_text_by_NID(const X509_NAME *name, int nid,
4096
+ char *buf, int len);
2330
4097
 
2331
- // X509_REVOKED_get0_serialNumber returns the serial number of the certificate
2332
- // revoked by |revoked|.
2333
- OPENSSL_EXPORT const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(
2334
- const X509_REVOKED *revoked);
4098
+ // X509_STORE_CTX_get0_parent_ctx returns NULL.
4099
+ OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
4100
+ const X509_STORE_CTX *ctx);
2335
4101
 
2336
- // X509_REVOKED_set_serialNumber sets |revoked|'s serial number to |serial|. It
2337
- // returns one on success or zero on error.
2338
- OPENSSL_EXPORT int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
2339
- const ASN1_INTEGER *serial);
4102
+ // X509_OBJECT_free_contents sets |obj| to the empty object, freeing any values
4103
+ // that were previously there.
4104
+ //
4105
+ // TODO(davidben): Unexport this function after rust-openssl is fixed to no
4106
+ // longer call it.
4107
+ OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *obj);
2340
4108
 
2341
- // X509_REVOKED_get0_revocationDate returns the revocation time of the
2342
- // certificate revoked by |revoked|.
2343
- OPENSSL_EXPORT const ASN1_TIME *X509_REVOKED_get0_revocationDate(
2344
- const X509_REVOKED *revoked);
4109
+ // X509_LOOKUP_free releases memory associated with |ctx|. This function should
4110
+ // never be used outside the library. No function in the public API hands
4111
+ // ownership of an |X509_LOOKUP| to the caller.
4112
+ //
4113
+ // TODO(davidben): Unexport this function after rust-openssl is fixed to no
4114
+ // longer call it.
4115
+ OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
2345
4116
 
2346
- // X509_REVOKED_set_revocationDate sets |revoked|'s revocation time to |tm|. It
2347
- // returns one on success or zero on error.
2348
- OPENSSL_EXPORT int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked,
2349
- const ASN1_TIME *tm);
4117
+ // X509_STORE_CTX_cleanup resets |ctx| to the empty state.
4118
+ //
4119
+ // This function is a remnant of when |X509_STORE_CTX| was stack-allocated and
4120
+ // should not be used. If releasing |ctx|, call |X509_STORE_CTX_free|. If
4121
+ // reusing |ctx| for a new verification, release the old one and create a new
4122
+ // one.
4123
+ OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
2350
4124
 
2351
- // X509_REVOKED_get0_extensions returns |r|'s extensions list, or NULL if |r|
2352
- // omits it.
2353
- OPENSSL_EXPORT const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(
2354
- const X509_REVOKED *r);
4125
+ // X509V3_add_standard_extensions returns one.
4126
+ OPENSSL_EXPORT int X509V3_add_standard_extensions(void);
2355
4127
 
2356
- OPENSSL_EXPORT X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
2357
- EVP_PKEY *skey, const EVP_MD *md,
2358
- unsigned int flags);
4128
+ // The following symbols are legacy aliases for |X509_STORE_CTX| functions.
4129
+ #define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
4130
+ #define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
4131
+ #define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
2359
4132
 
2360
- OPENSSL_EXPORT int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
4133
+ // X509_STORE_CTX_get_chain is a legacy alias for |X509_STORE_CTX_get0_chain|.
4134
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(
4135
+ const X509_STORE_CTX *ctx);
2361
4136
 
2362
- OPENSSL_EXPORT int X509_check_private_key(X509 *x509, const EVP_PKEY *pkey);
4137
+ // X509_STORE_CTX_trusted_stack is a deprecated alias for
4138
+ // |X509_STORE_CTX_set0_trusted_stack|.
4139
+ OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
4140
+ STACK_OF(X509) *sk);
2363
4141
 
2364
- OPENSSL_EXPORT int X509_issuer_name_cmp(const X509 *a, const X509 *b);
2365
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash(X509 *a);
4142
+ typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
2366
4143
 
2367
- OPENSSL_EXPORT int X509_subject_name_cmp(const X509 *a, const X509 *b);
2368
- OPENSSL_EXPORT unsigned long X509_subject_name_hash(X509 *x);
4144
+ // X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is
4145
+ // called multiple times during |X509_verify_cert|. The callback returns zero to
4146
+ // fail verification and one to proceed. Typically, it will return |ok|, which
4147
+ // preserves the default behavior. Returning one when |ok| is zero will proceed
4148
+ // past some error. The callback may inspect |ctx| and the error queue to
4149
+ // attempt to determine the current stage of certificate verification, but this
4150
+ // is often unreliable. When synthesizing an error, callbacks should use
4151
+ // |X509_STORE_CTX_set_error| to set a corresponding error.
4152
+ //
4153
+ // WARNING: Do not use this function. It is extremely fragile and unpredictable.
4154
+ // This callback exposes implementation details of certificate verification,
4155
+ // which change as the library evolves. Attempting to use it for security checks
4156
+ // can introduce vulnerabilities if making incorrect assumptions about when the
4157
+ // callback is called. Some errors, when suppressed, may implicitly suppress
4158
+ // other errors due to internal implementation details. Additionally, overriding
4159
+ // |ok| may leave |ctx| in an inconsistent state and break invariants.
4160
+ //
4161
+ // Instead, customize certificate verification by configuring options on the
4162
+ // |X509_STORE_CTX| before verification, or applying additional checks after
4163
+ // |X509_verify_cert| completes successfully.
4164
+ OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
4165
+ X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
2369
4166
 
2370
- OPENSSL_EXPORT unsigned long X509_issuer_name_hash_old(X509 *a);
2371
- OPENSSL_EXPORT unsigned long X509_subject_name_hash_old(X509 *x);
4167
+ // X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets
4168
+ // the verify callback for any |X509_STORE_CTX| created from this |X509_STORE|
4169
+ //
4170
+ // Do not use this function. See |X509_STORE_CTX_set_verify_cb| for details.
4171
+ OPENSSL_EXPORT void X509_STORE_set_verify_cb(
4172
+ X509_STORE *store, X509_STORE_CTX_verify_cb verify_cb);
2372
4173
 
2373
- OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
2374
- OPENSSL_EXPORT int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
2375
- OPENSSL_EXPORT unsigned long X509_NAME_hash(X509_NAME *x);
2376
- OPENSSL_EXPORT unsigned long X509_NAME_hash_old(X509_NAME *x);
4174
+ // X509_STORE_set_verify_cb_func is a deprecated alias for
4175
+ // |X509_STORE_set_verify_cb|.
4176
+ #define X509_STORE_set_verify_cb_func(store, func) \
4177
+ X509_STORE_set_verify_cb((store), (func))
2377
4178
 
2378
- OPENSSL_EXPORT int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
2379
- OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
4179
+ typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
4180
+ X509 *x);
4181
+ typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
2380
4182
 
2381
- // X509_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the extension in
2382
- // |x509|'s extension list.
4183
+ // X509_STORE_set_get_crl override's |store|'s logic for looking up CRLs.
2383
4184
  //
2384
- // WARNING: This function is difficult to use correctly. See the documentation
2385
- // for |X509V3_get_d2i| for details.
2386
- OPENSSL_EXPORT void *X509_get_ext_d2i(const X509 *x509, int nid,
2387
- int *out_critical, int *out_idx);
4185
+ // Do not use this function. It is temporarily retained to support one caller
4186
+ // and will be removed after that caller is fixed. It is not possible for
4187
+ // external callers to correctly implement this callback. The real
4188
+ // implementation sets some inaccessible internal state on |X509_STORE_CTX|.
4189
+ OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *store,
4190
+ X509_STORE_CTX_get_crl_fn get_crl);
2388
4191
 
2389
- // X509_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension to
2390
- // |x|'s extension list.
4192
+ // X509_STORE_set_check_crl override's |store|'s logic for checking CRL
4193
+ // validity.
2391
4194
  //
2392
- // WARNING: This function may return zero or -1 on error. The caller must also
2393
- // ensure |value|'s type matches |nid|. See the documentation for
2394
- // |X509V3_add1_i2d| for details.
2395
- OPENSSL_EXPORT int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
2396
- unsigned long flags);
4195
+ // Do not use this function. It is temporarily retained to support one caller
4196
+ // and will be removed after that caller is fixed. It is not possible for
4197
+ // external callers to correctly implement this callback. The real
4198
+ // implementation relies some inaccessible internal state on |X509_STORE_CTX|.
4199
+ OPENSSL_EXPORT void X509_STORE_set_check_crl(
4200
+ X509_STORE *store, X509_STORE_CTX_check_crl_fn check_crl);
2397
4201
 
2398
- // X509_CRL_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
2399
- // extension in |crl|'s extension list.
4202
+ // X509_STORE_CTX_set_chain configures |ctx| to use |sk| for untrusted
4203
+ // intermediate certificates to use in verification. This function is redundant
4204
+ // with the |chain| parameter of |X509_STORE_CTX_init|. Use the parameter
4205
+ // instead.
2400
4206
  //
2401
- // WARNING: This function is difficult to use correctly. See the documentation
2402
- // for |X509V3_get_d2i| for details.
2403
- OPENSSL_EXPORT void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid,
2404
- int *out_critical, int *out_idx);
2405
-
2406
- // X509_CRL_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the extension
2407
- // to |x|'s extension list.
4207
+ // WARNING: Despite the similar name, this function is unrelated to
4208
+ // |X509_STORE_CTX_get0_chain|.
2408
4209
  //
2409
- // WARNING: This function may return zero or -1 on error. The caller must also
2410
- // ensure |value|'s type matches |nid|. See the documentation for
2411
- // |X509V3_add1_i2d| for details.
2412
- OPENSSL_EXPORT int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value,
2413
- int crit, unsigned long flags);
4210
+ // WARNING: This function saves a pointer to |sk| without copying or
4211
+ // incrementing reference counts. |sk| must outlive |ctx| and may not be mutated
4212
+ // for the duration of the certificate verification.
4213
+ OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,
4214
+ STACK_OF(X509) *sk);
2414
4215
 
2415
- // X509_REVOKED_get_ext_count returns the number of extensions in |x|.
2416
- OPENSSL_EXPORT int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
4216
+ // The following flags do nothing. The corresponding non-standard options have
4217
+ // been removed.
4218
+ #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0
4219
+ #define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0
4220
+ #define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0
2417
4221
 
2418
- // X509_REVOKED_get_ext_by_NID behaves like |X509v3_get_ext_by_NID| but searches
2419
- // for extensions in |x|.
2420
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid,
2421
- int lastpos);
4222
+ // X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS does nothing, but is necessary in
4223
+ // OpenSSL to enable standard wildcard matching. In BoringSSL, this behavior is
4224
+ // always enabled.
4225
+ #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0
2422
4226
 
2423
- // X509_REVOKED_get_ext_by_OBJ behaves like |X509v3_get_ext_by_OBJ| but searches
2424
- // for extensions in |x|.
2425
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x,
2426
- const ASN1_OBJECT *obj,
2427
- int lastpos);
2428
4227
 
2429
- // X509_REVOKED_get_ext_by_critical behaves like |X509v3_get_ext_by_critical|
2430
- // but searches for extensions in |x|.
2431
- OPENSSL_EXPORT int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x,
2432
- int crit, int lastpos);
4228
+ // Private structures.
2433
4229
 
2434
- // X509_REVOKED_get_ext returns the extension in |x| at index |loc|, or NULL if
2435
- // |loc| is out of bounds. This function returns a non-const pointer for OpenSSL
2436
- // compatibility, but callers should not mutate the result.
2437
- OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x,
2438
- int loc);
4230
+ struct X509_algor_st {
4231
+ ASN1_OBJECT *algorithm;
4232
+ ASN1_TYPE *parameter;
4233
+ } /* X509_ALGOR */;
2439
4234
 
2440
- // X509_REVOKED_delete_ext removes the extension in |x| at index |loc| and
2441
- // returns the removed extension, or NULL if |loc| was out of bounds. If
2442
- // non-NULL, the caller must release the result with |X509_EXTENSION_free|.
2443
- OPENSSL_EXPORT X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x,
2444
- int loc);
2445
4235
 
2446
- // X509_REVOKED_add_ext adds a copy of |ex| to |x|. It returns one on success
2447
- // and zero on failure. The caller retains ownership of |ex| and can release it
2448
- // independently of |x|.
2449
- //
2450
- // The new extension is inserted at index |loc|, shifting extensions to the
2451
- // right. If |loc| is -1 or out of bounds, the new extension is appended to the
2452
- // list.
2453
- OPENSSL_EXPORT int X509_REVOKED_add_ext(X509_REVOKED *x,
2454
- const X509_EXTENSION *ex, int loc);
4236
+ // Functions below this point have not yet been organized into sections.
2455
4237
 
2456
- // X509_REVOKED_get_ext_d2i behaves like |X509V3_get_d2i| but looks for the
2457
- // extension in |revoked|'s extension list.
2458
- //
2459
- // WARNING: This function is difficult to use correctly. See the documentation
2460
- // for |X509V3_get_d2i| for details.
2461
- OPENSSL_EXPORT void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked,
2462
- int nid, int *out_critical,
2463
- int *out_idx);
4238
+ // This stuff is certificate "auxiliary info"
4239
+ // it contains details which are useful in certificate
4240
+ // stores and databases. When used this is tagged onto
4241
+ // the end of the certificate itself
2464
4242
 
2465
- // X509_REVOKED_add1_ext_i2d behaves like |X509V3_add1_i2d| but adds the
2466
- // extension to |x|'s extension list.
2467
- //
2468
- // WARNING: This function may return zero or -1 on error. The caller must also
2469
- // ensure |value|'s type matches |nid|. See the documentation for
2470
- // |X509V3_add1_i2d| for details.
2471
- OPENSSL_EXPORT int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid,
2472
- void *value, int crit,
2473
- unsigned long flags);
4243
+ DECLARE_STACK_OF(DIST_POINT)
4244
+
4245
+ // This is used for a table of trust checking functions
4246
+
4247
+ struct x509_trust_st {
4248
+ int trust;
4249
+ int flags;
4250
+ int (*check_trust)(const X509_TRUST *, X509 *, int);
4251
+ char *name;
4252
+ int arg1;
4253
+ void *arg2;
4254
+ } /* X509_TRUST */;
4255
+
4256
+ DEFINE_STACK_OF(X509_TRUST)
4257
+
4258
+ // standard trust ids
4259
+
4260
+ #define X509_TRUST_DEFAULT (-1) // Only valid in purpose settings
4261
+
4262
+ OPENSSL_EXPORT const char *X509_get_default_cert_area(void);
4263
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir(void);
4264
+ OPENSSL_EXPORT const char *X509_get_default_cert_file(void);
4265
+ OPENSSL_EXPORT const char *X509_get_default_cert_dir_env(void);
4266
+ OPENSSL_EXPORT const char *X509_get_default_cert_file_env(void);
4267
+ OPENSSL_EXPORT const char *X509_get_default_private_dir(void);
2474
4268
 
2475
- OPENSSL_EXPORT int X509_verify_cert(X509_STORE_CTX *ctx);
2476
4269
 
2477
- // PKCS#8 utilities
4270
+ OPENSSL_EXPORT int X509_TRUST_set(int *t, int trust);
2478
4271
 
2479
- DECLARE_ASN1_FUNCTIONS_const(PKCS8_PRIV_KEY_INFO)
4272
+ OPENSSL_EXPORT int X509_cmp(const X509 *a, const X509 *b);
2480
4273
 
2481
- // EVP_PKCS82PKEY returns |p8| as a newly-allocated |EVP_PKEY|, or NULL if the
2482
- // key was unsupported or could not be decoded. If non-NULL, the caller must
2483
- // release the result with |EVP_PKEY_free| when done.
4274
+ // X509_NAME_hash returns a hash of |name|, or zero on error. This is the new
4275
+ // hash used by |X509_LOOKUP_hash_dir|.
2484
4276
  //
2485
- // Use |EVP_parse_private_key| instead.
2486
- OPENSSL_EXPORT EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
2487
-
2488
- // EVP_PKEY2PKCS8 encodes |pkey| as a PKCS#8 PrivateKeyInfo (RFC 5208),
2489
- // represented as a newly-allocated |PKCS8_PRIV_KEY_INFO|, or NULL on error. The
2490
- // caller must release the result with |PKCS8_PRIV_KEY_INFO_free| when done.
4277
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
4278
+ // not suitable for general-purpose X.509 name processing. It is very short, so
4279
+ // there will be hash collisions. It also depends on an OpenSSL-specific
4280
+ // canonicalization process.
2491
4281
  //
2492
- // Use |EVP_marshal_private_key| instead.
2493
- OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(const EVP_PKEY *pkey);
2494
-
2495
- // X509_PUBKEY_set0_param sets |pub| to a key with AlgorithmIdentifier
2496
- // determined by |obj|, |param_type|, and |param_value|, and an encoded
2497
- // public key of |key|. On success, it takes ownership of all its parameters and
2498
- // returns one. Otherwise, it returns zero. |key| must have been allocated by
2499
- // |OPENSSL_malloc|.
4282
+ // TODO(https://crbug.com/boringssl/407): This should be const and thread-safe
4283
+ // but currently is neither, notably if |name| was modified from its parsed
4284
+ // value.
4285
+ OPENSSL_EXPORT uint32_t X509_NAME_hash(X509_NAME *name);
4286
+
4287
+ // X509_NAME_hash_old returns a hash of |name|, or zero on error. This is the
4288
+ // legacy hash used by |X509_LOOKUP_hash_dir|, which is still supported for
4289
+ // compatibility.
2500
4290
  //
2501
- // |obj|, |param_type|, and |param_value| are interpreted as in
2502
- // |X509_ALGOR_set0|. See |X509_ALGOR_set0| for details.
2503
- OPENSSL_EXPORT int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *obj,
2504
- int param_type, void *param_value,
2505
- uint8_t *key, int key_len);
2506
-
2507
- // X509_PUBKEY_get0_param outputs fields of |pub| and returns one. If |out_obj|
2508
- // is not NULL, it sets |*out_obj| to AlgorithmIdentifier's OID. If |out_key|
2509
- // is not NULL, it sets |*out_key| and |*out_key_len| to the encoded public key.
2510
- // If |out_alg| is not NULL, it sets |*out_alg| to the AlgorithmIdentifier.
4291
+ // This hash is specific to the |X509_LOOKUP_hash_dir| filesystem format and is
4292
+ // not suitable for general-purpose X.509 name processing. It is very short, so
4293
+ // there will be hash collisions.
2511
4294
  //
2512
- // Note: X.509 SubjectPublicKeyInfo structures store the encoded public key as a
2513
- // BIT STRING. |*out_key| and |*out_key_len| will silently pad the key with zero
2514
- // bits if |pub| did not contain a whole number of bytes. Use
2515
- // |X509_PUBKEY_get0_public_key| to preserve this information.
2516
- OPENSSL_EXPORT int X509_PUBKEY_get0_param(ASN1_OBJECT **out_obj,
2517
- const uint8_t **out_key,
2518
- int *out_key_len,
2519
- X509_ALGOR **out_alg,
2520
- X509_PUBKEY *pub);
4295
+ // TODO(https://crbug.com/boringssl/407): This should be const and thread-safe
4296
+ // but currently is neither, notably if |name| was modified from its parsed
4297
+ // value.
4298
+ OPENSSL_EXPORT uint32_t X509_NAME_hash_old(X509_NAME *name);
2521
4299
 
2522
- // X509_PUBKEY_get0_public_key returns |pub|'s encoded public key.
2523
- OPENSSL_EXPORT const ASN1_BIT_STRING *X509_PUBKEY_get0_public_key(
2524
- const X509_PUBKEY *pub);
4300
+ OPENSSL_EXPORT int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
2525
4301
 
2526
- OPENSSL_EXPORT int X509_check_trust(X509 *x, int id, int flags);
2527
4302
  OPENSSL_EXPORT int X509_TRUST_get_count(void);
2528
- OPENSSL_EXPORT X509_TRUST *X509_TRUST_get0(int idx);
4303
+ OPENSSL_EXPORT const X509_TRUST *X509_TRUST_get0(int idx);
2529
4304
  OPENSSL_EXPORT int X509_TRUST_get_by_id(int id);
2530
- OPENSSL_EXPORT int X509_TRUST_add(int id, int flags,
2531
- int (*ck)(X509_TRUST *, X509 *, int),
2532
- const char *name, int arg1, void *arg2);
2533
- OPENSSL_EXPORT void X509_TRUST_cleanup(void);
2534
4305
  OPENSSL_EXPORT int X509_TRUST_get_flags(const X509_TRUST *xp);
2535
4306
  OPENSSL_EXPORT char *X509_TRUST_get0_name(const X509_TRUST *xp);
2536
4307
  OPENSSL_EXPORT int X509_TRUST_get_trust(const X509_TRUST *xp);
2537
4308
 
2538
4309
 
2539
- struct rsa_pss_params_st {
2540
- X509_ALGOR *hashAlgorithm;
2541
- X509_ALGOR *maskGenAlgorithm;
2542
- ASN1_INTEGER *saltLength;
2543
- ASN1_INTEGER *trailerField;
2544
- // OpenSSL caches the MGF hash on |RSA_PSS_PARAMS| in some cases. None of the
2545
- // cases apply to BoringSSL, so this is always NULL, but Node expects the
2546
- // field to be present.
2547
- X509_ALGOR *maskHash;
2548
- } /* RSA_PSS_PARAMS */;
2549
-
2550
- DECLARE_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS)
2551
-
2552
4310
  /*
2553
4311
  SSL_CTX -> X509_STORE
2554
4312
  -> X509_LOOKUP
@@ -2566,36 +4324,12 @@ The X509_STORE then calls a function to actually verify the
2566
4324
  certificate chain.
2567
4325
  */
2568
4326
 
4327
+ #define X509_LU_NONE 0
2569
4328
  #define X509_LU_X509 1
2570
4329
  #define X509_LU_CRL 2
2571
4330
  #define X509_LU_PKEY 3
2572
4331
 
2573
- DEFINE_STACK_OF(X509_LOOKUP)
2574
4332
  DEFINE_STACK_OF(X509_OBJECT)
2575
- DEFINE_STACK_OF(X509_VERIFY_PARAM)
2576
-
2577
- typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
2578
- typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
2579
- typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, X509_STORE_CTX *ctx,
2580
- X509 *x);
2581
- typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *x,
2582
- X509 *issuer);
2583
- typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
2584
- typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, X509_CRL **crl,
2585
- X509 *x);
2586
- typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
2587
- typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl,
2588
- X509 *x);
2589
- typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
2590
- typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
2591
- X509_NAME *nm);
2592
- typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(
2593
- X509_STORE_CTX *ctx, X509_NAME *nm);
2594
- typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
2595
-
2596
- OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
2597
-
2598
- OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2599
4333
 
2600
4334
  #define X509_STORE_CTX_set_app_data(ctx, data) \
2601
4335
  X509_STORE_CTX_set_ex_data(ctx, 0, data)
@@ -2604,85 +4338,27 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2604
4338
  #define X509_L_FILE_LOAD 1
2605
4339
  #define X509_L_ADD_DIR 2
2606
4340
 
2607
- #define X509_LOOKUP_load_file(x, name, type) \
2608
- X509_LOOKUP_ctrl((x), X509_L_FILE_LOAD, (name), (long)(type), NULL)
2609
-
2610
- #define X509_LOOKUP_add_dir(x, name, type) \
2611
- X509_LOOKUP_ctrl((x), X509_L_ADD_DIR, (name), (long)(type), NULL)
2612
-
2613
- #define X509_V_OK 0
2614
- #define X509_V_ERR_UNSPECIFIED 1
2615
-
2616
- #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2
2617
- #define X509_V_ERR_UNABLE_TO_GET_CRL 3
2618
- #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4
2619
- #define X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE 5
2620
- #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6
2621
- #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7
2622
- #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8
2623
- #define X509_V_ERR_CERT_NOT_YET_VALID 9
2624
- #define X509_V_ERR_CERT_HAS_EXPIRED 10
2625
- #define X509_V_ERR_CRL_NOT_YET_VALID 11
2626
- #define X509_V_ERR_CRL_HAS_EXPIRED 12
2627
- #define X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD 13
2628
- #define X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD 14
2629
- #define X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD 15
2630
- #define X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD 16
2631
- #define X509_V_ERR_OUT_OF_MEM 17
2632
- #define X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT 18
2633
- #define X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN 19
2634
- #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY 20
2635
- #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21
2636
- #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22
2637
- #define X509_V_ERR_CERT_REVOKED 23
2638
- #define X509_V_ERR_INVALID_CA 24
2639
- #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25
2640
- #define X509_V_ERR_INVALID_PURPOSE 26
2641
- #define X509_V_ERR_CERT_UNTRUSTED 27
2642
- #define X509_V_ERR_CERT_REJECTED 28
2643
- // These are 'informational' when looking for issuer cert
2644
- #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29
2645
- #define X509_V_ERR_AKID_SKID_MISMATCH 30
2646
- #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31
2647
- #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32
2648
-
2649
- #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33
2650
- #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34
2651
- #define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35
2652
- #define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36
2653
- #define X509_V_ERR_INVALID_NON_CA 37
2654
- #define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38
2655
- #define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39
2656
- #define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40
2657
-
2658
- #define X509_V_ERR_INVALID_EXTENSION 41
2659
- #define X509_V_ERR_INVALID_POLICY_EXTENSION 42
2660
- #define X509_V_ERR_NO_EXPLICIT_POLICY 43
2661
- #define X509_V_ERR_DIFFERENT_CRL_SCOPE 44
2662
- #define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45
2663
-
2664
- #define X509_V_ERR_UNNESTED_RESOURCE 46
2665
-
2666
- #define X509_V_ERR_PERMITTED_VIOLATION 47
2667
- #define X509_V_ERR_EXCLUDED_VIOLATION 48
2668
- #define X509_V_ERR_SUBTREE_MINMAX 49
2669
- #define X509_V_ERR_APPLICATION_VERIFICATION 50
2670
- #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51
2671
- #define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52
2672
- #define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53
2673
- #define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54
2674
-
2675
- // Host, email and IP check errors
2676
- #define X509_V_ERR_HOSTNAME_MISMATCH 62
2677
- #define X509_V_ERR_EMAIL_MISMATCH 63
2678
- #define X509_V_ERR_IP_ADDRESS_MISMATCH 64
2679
-
2680
- // Caller error
2681
- #define X509_V_ERR_INVALID_CALL 65
2682
- // Issuer lookup error
2683
- #define X509_V_ERR_STORE_LOOKUP 66
4341
+ // The following constants are used to specify the format of files in an
4342
+ // |X509_LOOKUP|.
4343
+ #define X509_FILETYPE_PEM 1
4344
+ #define X509_FILETYPE_ASN1 2
4345
+ #define X509_FILETYPE_DEFAULT 3
2684
4346
 
2685
- #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
4347
+ // X509_LOOKUP_load_file configures |lookup| to load information from the file
4348
+ // at |path|. It returns one on success and zero on error. |type| should be one
4349
+ // of the |X509_FILETYPE_*| constants to determine if the contents are PEM or
4350
+ // DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and instead some
4351
+ // default system path is used.
4352
+ OPENSSL_EXPORT int X509_LOOKUP_load_file(X509_LOOKUP *lookup, const char *path,
4353
+ int type);
4354
+
4355
+ // X509_LOOKUP_add_dir configures |lookup| to load information from the
4356
+ // directory at |path|. It returns one on success and zero on error. |type|
4357
+ // should be one of the |X509_FILETYPE_*| constants to determine if the contents
4358
+ // are PEM or DER. If |type| is |X509_FILETYPE_DEFAULT|, |path| is ignored and
4359
+ // instead some default system path is used.
4360
+ OPENSSL_EXPORT int X509_LOOKUP_add_dir(X509_LOOKUP *lookup, const char *path,
4361
+ int type);
2686
4362
 
2687
4363
  // Certificate verify flags
2688
4364
 
@@ -2708,11 +4384,11 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2708
4384
  #define X509_V_FLAG_INHIBIT_ANY 0x200
2709
4385
  // Policy variable inhibit-policy-mapping
2710
4386
  #define X509_V_FLAG_INHIBIT_MAP 0x400
2711
- // Notify callback that policy is OK
4387
+ // Does nothing
2712
4388
  #define X509_V_FLAG_NOTIFY_POLICY 0x800
2713
- // Extended CRL features such as indirect CRLs, alternate CRL signing keys
4389
+ // Causes all verifications to fail. Extended CRL features have been removed.
2714
4390
  #define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000
2715
- // Delta CRL support
4391
+ // Causes all verifications to fail. Delta CRL support has been removed.
2716
4392
  #define X509_V_FLAG_USE_DELTAS 0x2000
2717
4393
  // Check selfsigned CA signature
2718
4394
  #define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000
@@ -2731,135 +4407,36 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
2731
4407
  // verification.
2732
4408
  #define X509_V_FLAG_NO_CHECK_TIME 0x200000
2733
4409
 
2734
- #define X509_VP_FLAG_DEFAULT 0x1
2735
- #define X509_VP_FLAG_OVERWRITE 0x2
2736
- #define X509_VP_FLAG_RESET_FLAGS 0x4
2737
- #define X509_VP_FLAG_LOCKED 0x8
2738
- #define X509_VP_FLAG_ONCE 0x10
2739
-
2740
- OPENSSL_EXPORT int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h,
2741
- int type, X509_NAME *name);
2742
- OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_by_subject(
2743
- STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name);
2744
- OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
2745
- X509_OBJECT *x);
2746
- OPENSSL_EXPORT int X509_OBJECT_up_ref_count(X509_OBJECT *a);
2747
- OPENSSL_EXPORT void X509_OBJECT_free_contents(X509_OBJECT *a);
2748
- OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *a);
2749
- OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
2750
- OPENSSL_EXPORT X509_STORE *X509_STORE_new(void);
2751
- OPENSSL_EXPORT int X509_STORE_up_ref(X509_STORE *store);
2752
- OPENSSL_EXPORT void X509_STORE_free(X509_STORE *v);
2753
-
2754
- OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
2755
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_get1_certs(X509_STORE_CTX *st,
2756
- X509_NAME *nm);
2757
- OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_get1_crls(X509_STORE_CTX *st,
2758
- X509_NAME *nm);
2759
- OPENSSL_EXPORT int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
2760
- OPENSSL_EXPORT int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
2761
- OPENSSL_EXPORT int X509_STORE_set_trust(X509_STORE *ctx, int trust);
2762
- OPENSSL_EXPORT int X509_STORE_set1_param(X509_STORE *ctx,
2763
- X509_VERIFY_PARAM *pm);
2764
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
2765
-
2766
- OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
2767
- X509_STORE_CTX_verify_fn verify);
2768
- #define X509_STORE_set_verify_func(ctx, func) \
2769
- X509_STORE_set_verify((ctx), (func))
2770
- OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
2771
- X509_STORE_CTX_verify_fn verify);
2772
- OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
2773
-
2774
- // X509_STORE_set_verify_cb acts like |X509_STORE_CTX_set_verify_cb| but sets
2775
- // the verify callback for any |X509_STORE_CTX| created from this |X509_STORE|
2776
- //
2777
- // Do not use this funciton. see |X509_STORE_CTX_set_verify_cb|.
2778
- OPENSSL_EXPORT void X509_STORE_set_verify_cb(
2779
- X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
2780
- #define X509_STORE_set_verify_cb_func(ctx, func) \
2781
- X509_STORE_set_verify_cb((ctx), (func))
2782
- OPENSSL_EXPORT X509_STORE_CTX_verify_cb
2783
- X509_STORE_get_verify_cb(X509_STORE *ctx);
2784
- OPENSSL_EXPORT void X509_STORE_set_get_issuer(
2785
- X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
2786
- OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
2787
- X509_STORE_get_get_issuer(X509_STORE *ctx);
2788
- OPENSSL_EXPORT void X509_STORE_set_check_issued(
2789
- X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued);
2790
- OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn
2791
- X509_STORE_get_check_issued(X509_STORE *ctx);
2792
- OPENSSL_EXPORT void X509_STORE_set_check_revocation(
2793
- X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation);
2794
- OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn
2795
- X509_STORE_get_check_revocation(X509_STORE *ctx);
2796
- OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
2797
- X509_STORE_CTX_get_crl_fn get_crl);
2798
- OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
2799
- X509_STORE_get_get_crl(X509_STORE *ctx);
2800
- OPENSSL_EXPORT void X509_STORE_set_check_crl(
2801
- X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
2802
- OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
2803
- X509_STORE_get_check_crl(X509_STORE *ctx);
2804
- OPENSSL_EXPORT void X509_STORE_set_cert_crl(
2805
- X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl);
2806
- OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn
2807
- X509_STORE_get_cert_crl(X509_STORE *ctx);
2808
- OPENSSL_EXPORT void X509_STORE_set_lookup_certs(
2809
- X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs);
2810
- OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn
2811
- X509_STORE_get_lookup_certs(X509_STORE *ctx);
2812
- OPENSSL_EXPORT void X509_STORE_set_lookup_crls(
2813
- X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls);
2814
- #define X509_STORE_set_lookup_crls_cb(ctx, func) \
2815
- X509_STORE_set_lookup_crls((ctx), (func))
2816
- OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn
2817
- X509_STORE_get_lookup_crls(X509_STORE *ctx);
2818
- OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx,
2819
- X509_STORE_CTX_cleanup_fn cleanup);
2820
- OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn
2821
- X509_STORE_get_cleanup(X509_STORE *ctx);
2822
-
2823
- OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
2824
-
2825
- OPENSSL_EXPORT int X509_STORE_CTX_get1_issuer(X509 **issuer,
2826
- X509_STORE_CTX *ctx, X509 *x);
2827
-
2828
- OPENSSL_EXPORT void X509_STORE_CTX_zero(X509_STORE_CTX *ctx);
2829
- OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
2830
- OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
2831
- X509 *x509, STACK_OF(X509) *chain);
4410
+ // X509_OBJECT_new returns a newly-allocated, empty |X509_OBJECT| or NULL on
4411
+ // error.
4412
+ OPENSSL_EXPORT X509_OBJECT *X509_OBJECT_new(void);
2832
4413
 
2833
- // X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
2834
- // in |sk|. |sk| must remain valid for the duration of |ctx|.
2835
- //
2836
- // WARNING: This function differs from most |set0| functions in that it does not
2837
- // take ownership of its input. The caller is required to ensure the lifetimes
2838
- // are consistent.
2839
- OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
2840
- STACK_OF(X509) *sk);
4414
+ // X509_OBJECT_free releases memory associated with |obj|.
4415
+ OPENSSL_EXPORT void X509_OBJECT_free(X509_OBJECT *obj);
2841
4416
 
2842
- // X509_STORE_CTX_trusted_stack is a deprecated alias for
2843
- // |X509_STORE_CTX_set0_trusted_stack|.
2844
- OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
2845
- STACK_OF(X509) *sk);
4417
+ // X509_OBJECT_get_type returns the type of |obj|, which will be one of the
4418
+ // |X509_LU_*| constants.
4419
+ OPENSSL_EXPORT int X509_OBJECT_get_type(const X509_OBJECT *obj);
2846
4420
 
2847
- OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
4421
+ // X509_OBJECT_get0_X509 returns |obj| as a certificate, or NULL if |obj| is not
4422
+ // a certificate.
4423
+ OPENSSL_EXPORT X509 *X509_OBJECT_get0_X509(const X509_OBJECT *obj);
2848
4424
 
2849
- OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
2850
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
4425
+ OPENSSL_EXPORT STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *st);
4426
+ OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st,
4427
+ X509_NAME *nm);
4428
+ OPENSSL_EXPORT STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st,
4429
+ X509_NAME *nm);
2851
4430
 
2852
4431
  OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v,
2853
- X509_LOOKUP_METHOD *m);
4432
+ const X509_LOOKUP_METHOD *m);
2854
4433
 
2855
- OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
2856
- OPENSSL_EXPORT X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
4434
+ OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
4435
+ OPENSSL_EXPORT const X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
2857
4436
 
2858
- OPENSSL_EXPORT int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
2859
- OPENSSL_EXPORT int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
2860
-
2861
- OPENSSL_EXPORT int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type,
2862
- X509_NAME *name, X509_OBJECT *ret);
4437
+ OPENSSL_EXPORT int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, int type,
4438
+ X509_NAME *name,
4439
+ X509_OBJECT *ret);
2863
4440
 
2864
4441
  OPENSSL_EXPORT int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
2865
4442
  long argl, char **ret);
@@ -2871,130 +4448,408 @@ OPENSSL_EXPORT int X509_load_crl_file(X509_LOOKUP *ctx, const char *file,
2871
4448
  OPENSSL_EXPORT int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file,
2872
4449
  int type);
2873
4450
 
2874
- OPENSSL_EXPORT X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
2875
- OPENSSL_EXPORT void X509_LOOKUP_free(X509_LOOKUP *ctx);
2876
- OPENSSL_EXPORT int X509_LOOKUP_init(X509_LOOKUP *ctx);
2877
- OPENSSL_EXPORT int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type,
2878
- X509_NAME *name, X509_OBJECT *ret);
2879
- OPENSSL_EXPORT int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
2880
-
2881
4451
  OPENSSL_EXPORT int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
2882
4452
  const char *dir);
2883
4453
  OPENSSL_EXPORT int X509_STORE_set_default_paths(X509_STORE *ctx);
2884
- OPENSSL_EXPORT int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
2885
- OPENSSL_EXPORT void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
2886
- OPENSSL_EXPORT int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
2887
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
2888
- OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
2889
- OPENSSL_EXPORT X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
2890
- OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(
2891
- X509_STORE_CTX *ctx);
2892
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
2893
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
2894
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
2895
- OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
2896
- OPENSSL_EXPORT void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,
2897
- STACK_OF(X509) *sk);
2898
- OPENSSL_EXPORT STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(
2899
- X509_STORE_CTX *ctx);
2900
- OPENSSL_EXPORT void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,
2901
- STACK_OF(X509_CRL) *sk);
2902
- OPENSSL_EXPORT int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
2903
- OPENSSL_EXPORT int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
2904
- OPENSSL_EXPORT int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx,
2905
- int def_purpose, int purpose,
2906
- int trust);
2907
- OPENSSL_EXPORT void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx,
2908
- unsigned long flags);
2909
- OPENSSL_EXPORT void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx,
2910
- unsigned long flags, time_t t);
2911
- OPENSSL_EXPORT void X509_STORE_CTX_set_time_posix(X509_STORE_CTX *ctx,
2912
- unsigned long flags,
2913
- int64_t t);
2914
4454
 
2915
- // X509_STORE_CTX_set_verify_cb configures a callback function for |ctx| that is
2916
- // called multiple times during |X509_verify_cert|. The callback returns zero to
2917
- // fail verification and non-zero to proceed. Typically, it will return |ok|,
2918
- // which preserves the default behavior. Returning one when |ok| is zero will
2919
- // proceed past some error. The callback may inspect |ctx| and the error queue
2920
- // to attempt to determine the current stage of certificate verification, but
2921
- // this is often unreliable.
4455
+ typedef void *(*X509V3_EXT_NEW)(void);
4456
+ typedef void (*X509V3_EXT_FREE)(void *);
4457
+ typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
4458
+ typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
4459
+ typedef STACK_OF(CONF_VALUE) *(*X509V3_EXT_I2V)(const X509V3_EXT_METHOD *method,
4460
+ void *ext,
4461
+ STACK_OF(CONF_VALUE) *extlist);
4462
+ typedef void *(*X509V3_EXT_V2I)(const X509V3_EXT_METHOD *method,
4463
+ const X509V3_CTX *ctx,
4464
+ const STACK_OF(CONF_VALUE) *values);
4465
+ typedef char *(*X509V3_EXT_I2S)(const X509V3_EXT_METHOD *method, void *ext);
4466
+ typedef void *(*X509V3_EXT_S2I)(const X509V3_EXT_METHOD *method,
4467
+ const X509V3_CTX *ctx, const char *str);
4468
+ typedef int (*X509V3_EXT_I2R)(const X509V3_EXT_METHOD *method, void *ext,
4469
+ BIO *out, int indent);
4470
+ typedef void *(*X509V3_EXT_R2I)(const X509V3_EXT_METHOD *method,
4471
+ const X509V3_CTX *ctx, const char *str);
4472
+
4473
+ // V3 extension structure
4474
+
4475
+ struct v3_ext_method {
4476
+ int ext_nid;
4477
+ int ext_flags;
4478
+
4479
+ // it determines how values of this extension are allocated, released, parsed,
4480
+ // and marshalled. This must be non-NULL.
4481
+ ASN1_ITEM_EXP *it;
4482
+
4483
+ // The following functions are ignored in favor of |it|. They are retained in
4484
+ // the struct only for source compatibility with existing struct definitions.
4485
+ X509V3_EXT_NEW ext_new;
4486
+ X509V3_EXT_FREE ext_free;
4487
+ X509V3_EXT_D2I d2i;
4488
+ X509V3_EXT_I2D i2d;
4489
+
4490
+ // The following pair is used for string extensions
4491
+ X509V3_EXT_I2S i2s;
4492
+ X509V3_EXT_S2I s2i;
4493
+
4494
+ // The following pair is used for multi-valued extensions
4495
+ X509V3_EXT_I2V i2v;
4496
+ X509V3_EXT_V2I v2i;
4497
+
4498
+ // The following are used for raw extensions
4499
+ X509V3_EXT_I2R i2r;
4500
+ X509V3_EXT_R2I r2i;
4501
+
4502
+ void *usr_data; // Any extension specific data
4503
+ };
4504
+
4505
+ DEFINE_STACK_OF(X509V3_EXT_METHOD)
4506
+
4507
+ // ext_flags values
4508
+ #define X509V3_EXT_CTX_DEP 0x2
4509
+ #define X509V3_EXT_MULTILINE 0x4
4510
+
4511
+ struct BASIC_CONSTRAINTS_st {
4512
+ int ca;
4513
+ ASN1_INTEGER *pathlen;
4514
+ };
4515
+
4516
+ typedef struct ACCESS_DESCRIPTION_st {
4517
+ ASN1_OBJECT *method;
4518
+ GENERAL_NAME *location;
4519
+ } ACCESS_DESCRIPTION;
4520
+
4521
+ DEFINE_STACK_OF(ACCESS_DESCRIPTION)
4522
+
4523
+ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
4524
+
4525
+ typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
4526
+
4527
+ typedef struct DIST_POINT_NAME_st {
4528
+ int type;
4529
+ union {
4530
+ GENERAL_NAMES *fullname;
4531
+ STACK_OF(X509_NAME_ENTRY) *relativename;
4532
+ } name;
4533
+ // If relativename then this contains the full distribution point name
4534
+ X509_NAME *dpname;
4535
+ } DIST_POINT_NAME;
4536
+ // All existing reasons
4537
+ #define CRLDP_ALL_REASONS 0x807f
4538
+
4539
+ struct DIST_POINT_st {
4540
+ DIST_POINT_NAME *distpoint;
4541
+ ASN1_BIT_STRING *reasons;
4542
+ GENERAL_NAMES *CRLissuer;
4543
+ };
4544
+
4545
+ typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
4546
+
4547
+ DEFINE_STACK_OF(DIST_POINT)
4548
+
4549
+ struct AUTHORITY_KEYID_st {
4550
+ ASN1_OCTET_STRING *keyid;
4551
+ GENERAL_NAMES *issuer;
4552
+ ASN1_INTEGER *serial;
4553
+ };
4554
+
4555
+ typedef struct NOTICEREF_st {
4556
+ ASN1_STRING *organization;
4557
+ STACK_OF(ASN1_INTEGER) *noticenos;
4558
+ } NOTICEREF;
4559
+
4560
+ typedef struct USERNOTICE_st {
4561
+ NOTICEREF *noticeref;
4562
+ ASN1_STRING *exptext;
4563
+ } USERNOTICE;
4564
+
4565
+ typedef struct POLICYQUALINFO_st {
4566
+ ASN1_OBJECT *pqualid;
4567
+ union {
4568
+ ASN1_IA5STRING *cpsuri;
4569
+ USERNOTICE *usernotice;
4570
+ ASN1_TYPE *other;
4571
+ } d;
4572
+ } POLICYQUALINFO;
4573
+
4574
+ DEFINE_STACK_OF(POLICYQUALINFO)
4575
+
4576
+ typedef struct POLICYINFO_st {
4577
+ ASN1_OBJECT *policyid;
4578
+ STACK_OF(POLICYQUALINFO) *qualifiers;
4579
+ } POLICYINFO;
4580
+
4581
+ typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
4582
+
4583
+ DEFINE_STACK_OF(POLICYINFO)
4584
+
4585
+ typedef struct POLICY_MAPPING_st {
4586
+ ASN1_OBJECT *issuerDomainPolicy;
4587
+ ASN1_OBJECT *subjectDomainPolicy;
4588
+ } POLICY_MAPPING;
4589
+
4590
+ DEFINE_STACK_OF(POLICY_MAPPING)
4591
+
4592
+ typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
4593
+
4594
+ typedef struct GENERAL_SUBTREE_st {
4595
+ GENERAL_NAME *base;
4596
+ ASN1_INTEGER *minimum;
4597
+ ASN1_INTEGER *maximum;
4598
+ } GENERAL_SUBTREE;
4599
+
4600
+ DEFINE_STACK_OF(GENERAL_SUBTREE)
4601
+
4602
+ struct NAME_CONSTRAINTS_st {
4603
+ STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
4604
+ STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
4605
+ };
4606
+
4607
+ typedef struct POLICY_CONSTRAINTS_st {
4608
+ ASN1_INTEGER *requireExplicitPolicy;
4609
+ ASN1_INTEGER *inhibitPolicyMapping;
4610
+ } POLICY_CONSTRAINTS;
4611
+
4612
+ struct ISSUING_DIST_POINT_st {
4613
+ DIST_POINT_NAME *distpoint;
4614
+ ASN1_BOOLEAN onlyuser;
4615
+ ASN1_BOOLEAN onlyCA;
4616
+ ASN1_BIT_STRING *onlysomereasons;
4617
+ ASN1_BOOLEAN indirectCRL;
4618
+ ASN1_BOOLEAN onlyattr;
4619
+ };
4620
+
4621
+ // X509_PURPOSE stuff
4622
+
4623
+ #define NS_SSL_CLIENT 0x80
4624
+ #define NS_SSL_SERVER 0x40
4625
+ #define NS_SMIME 0x20
4626
+ #define NS_OBJSIGN 0x10
4627
+ #define NS_SSL_CA 0x04
4628
+ #define NS_SMIME_CA 0x02
4629
+ #define NS_OBJSIGN_CA 0x01
4630
+ #define NS_ANY_CA (NS_SSL_CA | NS_SMIME_CA | NS_OBJSIGN_CA)
4631
+
4632
+ typedef struct x509_purpose_st {
4633
+ int purpose;
4634
+ int trust; // Default trust ID
4635
+ int flags;
4636
+ int (*check_purpose)(const struct x509_purpose_st *, const X509 *, int);
4637
+ char *name;
4638
+ char *sname;
4639
+ void *usr_data;
4640
+ } X509_PURPOSE;
4641
+
4642
+ DEFINE_STACK_OF(X509_PURPOSE)
4643
+
4644
+ DECLARE_ASN1_FUNCTIONS_const(BASIC_CONSTRAINTS)
4645
+
4646
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4647
+ // an |X509_NAME|.
4648
+ DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
4649
+
4650
+ DECLARE_ASN1_FUNCTIONS_const(EXTENDED_KEY_USAGE)
4651
+
4652
+ DECLARE_ASN1_FUNCTIONS_const(CERTIFICATEPOLICIES)
4653
+ DECLARE_ASN1_FUNCTIONS_const(POLICYINFO)
4654
+ DECLARE_ASN1_FUNCTIONS_const(POLICYQUALINFO)
4655
+ DECLARE_ASN1_FUNCTIONS_const(USERNOTICE)
4656
+ DECLARE_ASN1_FUNCTIONS_const(NOTICEREF)
4657
+
4658
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4659
+ // an |X509_NAME|.
4660
+ DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
4661
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4662
+ // an |X509_NAME|.
4663
+ DECLARE_ASN1_FUNCTIONS(DIST_POINT)
4664
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4665
+ // an |X509_NAME|.
4666
+ DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
4667
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4668
+ // an |X509_NAME|.
4669
+ DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
4670
+
4671
+ OPENSSL_EXPORT int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn,
4672
+ X509_NAME *iname);
4673
+
4674
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4675
+ // an |X509_NAME|.
4676
+ DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
4677
+ // TODO(https://crbug.com/boringssl/407): This is not const because it contains
4678
+ // an |X509_NAME|.
4679
+ DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
4680
+
4681
+ DECLARE_ASN1_ITEM(POLICY_MAPPING)
4682
+ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
4683
+ DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
4684
+
4685
+ DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
4686
+ DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
4687
+
4688
+ DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
4689
+ DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
4690
+
4691
+ DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
4692
+ DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
4693
+
4694
+ // X509V3_EXT_add registers |ext| as a custom extension for the extension type
4695
+ // |ext->ext_nid|. |ext| must be valid for the remainder of the address space's
4696
+ // lifetime. It returns one on success and zero on error.
2922
4697
  //
2923
- // WARNING: Do not use this function. It is extremely fragile and unpredictable.
2924
- // This callback exposes implementation details of certificate verification,
2925
- // which change as the library evolves. Attempting to use it for security checks
2926
- // can introduce vulnerabilities if making incorrect assumptions about when the
2927
- // callback is called. Additionally, overriding |ok| may leave |ctx| in an
2928
- // inconsistent state and break invariants.
4698
+ // WARNING: This function modifies global state. If other code in the same
4699
+ // address space also registers an extension with type |ext->ext_nid|, the two
4700
+ // registrations will conflict. Which registration takes effect is undefined. If
4701
+ // the two registrations use incompatible in-memory representations, code
4702
+ // expecting the other registration will then cast a type to the wrong type,
4703
+ // resulting in a potentially exploitable memory error. This conflict can also
4704
+ // occur if BoringSSL later adds support for |ext->ext_nid|, with a different
4705
+ // in-memory representation than the one expected by |ext|.
2929
4706
  //
2930
- // Instead, customize certificate verification by configuring options on the
2931
- // |X509_STORE_CTX| before verification, or applying additional checks after
2932
- // |X509_verify_cert| completes successfully.
2933
- OPENSSL_EXPORT void X509_STORE_CTX_set_verify_cb(
2934
- X509_STORE_CTX *ctx, int (*verify_cb)(int ok, X509_STORE_CTX *ctx));
2935
-
2936
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(
2937
- X509_STORE_CTX *ctx);
2938
- OPENSSL_EXPORT void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx,
2939
- X509_VERIFY_PARAM *param);
2940
- OPENSSL_EXPORT int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx,
2941
- const char *name);
2942
-
2943
- // X509_VERIFY_PARAM functions
2944
-
2945
- OPENSSL_EXPORT X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
2946
- OPENSSL_EXPORT void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
2947
- OPENSSL_EXPORT int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
2948
- const X509_VERIFY_PARAM *from);
2949
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
2950
- const X509_VERIFY_PARAM *from);
2951
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param,
2952
- const char *name);
2953
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
2954
- unsigned long flags);
2955
- OPENSSL_EXPORT int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
2956
- unsigned long flags);
2957
- OPENSSL_EXPORT unsigned long X509_VERIFY_PARAM_get_flags(
2958
- X509_VERIFY_PARAM *param);
2959
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param,
2960
- int purpose);
2961
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param,
2962
- int trust);
2963
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param,
2964
- int depth);
2965
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param,
2966
- time_t t);
2967
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_time_posix(X509_VERIFY_PARAM *param,
2968
- int64_t t);
2969
- OPENSSL_EXPORT int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
2970
- ASN1_OBJECT *policy);
2971
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_policies(
2972
- X509_VERIFY_PARAM *param, const STACK_OF(ASN1_OBJECT) *policies);
4707
+ // This function, additionally, is not thread-safe and cannot be called
4708
+ // concurrently with any other BoringSSL function.
4709
+ //
4710
+ // As a result, it is impossible to safely use this function. Registering a
4711
+ // custom extension has no impact on certificate verification so, instead,
4712
+ // callers should simply handle the custom extension with the byte-based
4713
+ // |X509_EXTENSION| APIs directly. Registering |ext| with the library has little
4714
+ // practical value.
4715
+ OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
4716
+
4717
+ // X509V3_EXT_add_alias registers a custom extension with NID |nid_to|. The
4718
+ // corresponding ASN.1 type is copied from |nid_from|. It returns one on success
4719
+ // and zero on error.
4720
+ //
4721
+ // WARNING: Do not use this function. See |X509V3_EXT_add|.
4722
+ OPENSSL_EXPORT OPENSSL_DEPRECATED int X509V3_EXT_add_alias(int nid_to,
4723
+ int nid_from);
4724
+
4725
+ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get(
4726
+ const X509_EXTENSION *ext);
4727
+ OPENSSL_EXPORT const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
4728
+
4729
+ // X509V3_EXT_d2i decodes |ext| and returns a pointer to a newly-allocated
4730
+ // structure, with type dependent on the type of the extension. It returns NULL
4731
+ // if |ext| is an unsupported extension or if there was a syntax error in the
4732
+ // extension. The caller should cast the return value to the expected type and
4733
+ // free the structure when done.
4734
+ //
4735
+ // WARNING: Casting the return value to the wrong type is a potentially
4736
+ // exploitable memory error, so callers must not use this function before
4737
+ // checking |ext| is of a known type.
4738
+ OPENSSL_EXPORT void *X509V3_EXT_d2i(const X509_EXTENSION *ext);
4739
+
4740
+ // X509V3_get_d2i finds and decodes the extension in |extensions| of type |nid|.
4741
+ // If found, it decodes it and returns a newly-allocated structure, with type
4742
+ // dependent on |nid|. If the extension is not found or on error, it returns
4743
+ // NULL. The caller may distinguish these cases using the |out_critical| value.
4744
+ //
4745
+ // If |out_critical| is not NULL, this function sets |*out_critical| to one if
4746
+ // the extension is found and critical, zero if it is found and not critical, -1
4747
+ // if it is not found, and -2 if there is an invalid duplicate extension. Note
4748
+ // this function may set |*out_critical| to one or zero and still return NULL if
4749
+ // the extension is found but has a syntax error.
4750
+ //
4751
+ // If |out_idx| is not NULL, this function looks for the first occurrence of the
4752
+ // extension after |*out_idx|. It then sets |*out_idx| to the index of the
4753
+ // extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions
4754
+ // are not treated as an error. Callers, however, should not rely on this
4755
+ // behavior as it may be removed in the future. Duplicate extensions are
4756
+ // forbidden in RFC 5280.
4757
+ //
4758
+ // WARNING: This function is difficult to use correctly. Callers should pass a
4759
+ // non-NULL |out_critical| and check both the return value and |*out_critical|
4760
+ // to handle errors. If the return value is NULL and |*out_critical| is not -1,
4761
+ // there was an error. Otherwise, the function succeeded and but may return NULL
4762
+ // for a missing extension. Callers should pass NULL to |out_idx| so that
4763
+ // duplicate extensions are handled correctly.
4764
+ //
4765
+ // Additionally, casting the return value to the wrong type is a potentially
4766
+ // exploitable memory error, so callers must ensure the cast and |nid| match.
4767
+ OPENSSL_EXPORT void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions,
4768
+ int nid, int *out_critical, int *out_idx);
4769
+
4770
+ // X509V3_EXT_free casts |ext_data| into the type that corresponds to |nid| and
4771
+ // releases memory associated with it. It returns one on success and zero if
4772
+ // |nid| is not a known extension.
4773
+ //
4774
+ // WARNING: Casting |ext_data| to the wrong type is a potentially exploitable
4775
+ // memory error, so callers must ensure |ext_data|'s type matches |nid|.
4776
+ //
4777
+ // TODO(davidben): OpenSSL upstream no longer exposes this function. Remove it?
4778
+ OPENSSL_EXPORT int X509V3_EXT_free(int nid, void *ext_data);
2973
4779
 
2974
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
2975
- const char *name,
2976
- size_t namelen);
2977
- OPENSSL_EXPORT int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
2978
- const char *name,
2979
- size_t namelen);
2980
- OPENSSL_EXPORT void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
2981
- unsigned int flags);
2982
- OPENSSL_EXPORT char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
2983
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
2984
- const char *email,
2985
- size_t emaillen);
2986
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
2987
- const unsigned char *ip,
2988
- size_t iplen);
2989
- OPENSSL_EXPORT int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
2990
- const char *ipasc);
4780
+ // X509V3_EXT_i2d casts |ext_struc| into the type that corresponds to
4781
+ // |ext_nid|, serializes it, and returns a newly-allocated |X509_EXTENSION|
4782
+ // object containing the serialization, or NULL on error. The |X509_EXTENSION|
4783
+ // has OID |ext_nid| and is critical if |crit| is one.
4784
+ //
4785
+ // WARNING: Casting |ext_struc| to the wrong type is a potentially exploitable
4786
+ // memory error, so callers must ensure |ext_struct|'s type matches |ext_nid|.
4787
+ OPENSSL_EXPORT X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit,
4788
+ void *ext_struc);
4789
+
4790
+ // The following constants control the behavior of |X509V3_add1_i2d| and related
4791
+ // functions.
4792
+
4793
+ // X509V3_ADD_OP_MASK can be ANDed with the flags to determine how duplicate
4794
+ // extensions are processed.
4795
+ #define X509V3_ADD_OP_MASK 0xfL
4796
+
4797
+ // X509V3_ADD_DEFAULT causes the function to fail if the extension was already
4798
+ // present.
4799
+ #define X509V3_ADD_DEFAULT 0L
4800
+
4801
+ // X509V3_ADD_APPEND causes the function to unconditionally appended the new
4802
+ // extension to to the extensions list, even if there is a duplicate.
4803
+ #define X509V3_ADD_APPEND 1L
4804
+
4805
+ // X509V3_ADD_REPLACE causes the function to replace the existing extension, or
4806
+ // append if it is not present.
4807
+ #define X509V3_ADD_REPLACE 2L
4808
+
4809
+ // X509V3_ADD_REPLACE causes the function to replace the existing extension and
4810
+ // fail if it is not present.
4811
+ #define X509V3_ADD_REPLACE_EXISTING 3L
4812
+
4813
+ // X509V3_ADD_KEEP_EXISTING causes the function to succeed without replacing the
4814
+ // extension if already present.
4815
+ #define X509V3_ADD_KEEP_EXISTING 4L
4816
+
4817
+ // X509V3_ADD_DELETE causes the function to remove the matching extension. No
4818
+ // new extension is added. If there is no matching extension, the function
4819
+ // fails. The |value| parameter is ignored in this mode.
4820
+ #define X509V3_ADD_DELETE 5L
4821
+
4822
+ // X509V3_ADD_SILENT may be ORed into one of the values above to indicate the
4823
+ // function should not add to the error queue on duplicate or missing extension.
4824
+ // The function will continue to return zero in those cases, and it will
4825
+ // continue to return -1 and add to the error queue on other errors.
4826
+ #define X509V3_ADD_SILENT 0x10
4827
+
4828
+ // X509V3_add1_i2d casts |value| to the type that corresponds to |nid|,
4829
+ // serializes it, and appends it to the extension list in |*x|. If |*x| is NULL,
4830
+ // it will set |*x| to a newly-allocated |STACK_OF(X509_EXTENSION)| as needed.
4831
+ // The |crit| parameter determines whether the new extension is critical.
4832
+ // |flags| may be some combination of the |X509V3_ADD_*| constants to control
4833
+ // the function's behavior on duplicate extension.
4834
+ //
4835
+ // This function returns one on success, zero if the operation failed due to a
4836
+ // missing or duplicate extension, and -1 on other errors.
4837
+ //
4838
+ // WARNING: Casting |value| to the wrong type is a potentially exploitable
4839
+ // memory error, so callers must ensure |value|'s type matches |nid|.
4840
+ OPENSSL_EXPORT int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid,
4841
+ void *value, int crit, unsigned long flags);
2991
4842
 
2992
- OPENSSL_EXPORT int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
2993
- OPENSSL_EXPORT const char *X509_VERIFY_PARAM_get0_name(
2994
- const X509_VERIFY_PARAM *param);
4843
+ OPENSSL_EXPORT int X509_PURPOSE_set(int *p, int purpose);
2995
4844
 
2996
- OPENSSL_EXPORT const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(
2997
- const char *name);
4845
+ OPENSSL_EXPORT int X509_PURPOSE_get_count(void);
4846
+ OPENSSL_EXPORT const X509_PURPOSE *X509_PURPOSE_get0(int idx);
4847
+ OPENSSL_EXPORT int X509_PURPOSE_get_by_sname(const char *sname);
4848
+ OPENSSL_EXPORT int X509_PURPOSE_get_by_id(int id);
4849
+ OPENSSL_EXPORT char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
4850
+ OPENSSL_EXPORT char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
4851
+ OPENSSL_EXPORT int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
4852
+ OPENSSL_EXPORT int X509_PURPOSE_get_id(const X509_PURPOSE *);
2998
4853
 
2999
4854
 
3000
4855
  #if defined(__cplusplus)
@@ -3006,7 +4861,18 @@ extern "C++" {
3006
4861
 
3007
4862
  BSSL_NAMESPACE_BEGIN
3008
4863
 
4864
+ BORINGSSL_MAKE_DELETER(ACCESS_DESCRIPTION, ACCESS_DESCRIPTION_free)
4865
+ BORINGSSL_MAKE_DELETER(AUTHORITY_KEYID, AUTHORITY_KEYID_free)
4866
+ BORINGSSL_MAKE_DELETER(BASIC_CONSTRAINTS, BASIC_CONSTRAINTS_free)
4867
+ // TODO(davidben): Move this to conf.h and rename to CONF_VALUE_free.
4868
+ BORINGSSL_MAKE_DELETER(CONF_VALUE, X509V3_conf_free)
4869
+ BORINGSSL_MAKE_DELETER(DIST_POINT, DIST_POINT_free)
4870
+ BORINGSSL_MAKE_DELETER(GENERAL_NAME, GENERAL_NAME_free)
4871
+ BORINGSSL_MAKE_DELETER(GENERAL_SUBTREE, GENERAL_SUBTREE_free)
4872
+ BORINGSSL_MAKE_DELETER(NAME_CONSTRAINTS, NAME_CONSTRAINTS_free)
3009
4873
  BORINGSSL_MAKE_DELETER(NETSCAPE_SPKI, NETSCAPE_SPKI_free)
4874
+ BORINGSSL_MAKE_DELETER(POLICY_MAPPING, POLICY_MAPPING_free)
4875
+ BORINGSSL_MAKE_DELETER(POLICYINFO, POLICYINFO_free)
3010
4876
  BORINGSSL_MAKE_DELETER(RSA_PSS_PARAMS, RSA_PSS_PARAMS_free)
3011
4877
  BORINGSSL_MAKE_DELETER(X509, X509_free)
3012
4878
  BORINGSSL_MAKE_UP_REF(X509, X509_up_ref)
@@ -3019,7 +4885,6 @@ BORINGSSL_MAKE_DELETER(X509_INFO, X509_INFO_free)
3019
4885
  BORINGSSL_MAKE_DELETER(X509_LOOKUP, X509_LOOKUP_free)
3020
4886
  BORINGSSL_MAKE_DELETER(X509_NAME, X509_NAME_free)
3021
4887
  BORINGSSL_MAKE_DELETER(X509_NAME_ENTRY, X509_NAME_ENTRY_free)
3022
- BORINGSSL_MAKE_DELETER(X509_PKEY, X509_PKEY_free)
3023
4888
  BORINGSSL_MAKE_DELETER(X509_PUBKEY, X509_PUBKEY_free)
3024
4889
  BORINGSSL_MAKE_DELETER(X509_REQ, X509_REQ_free)
3025
4890
  BORINGSSL_MAKE_DELETER(X509_REVOKED, X509_REVOKED_free)