grpc 1.61.0 → 1.62.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (724) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +218 -196
  3. data/include/grpc/event_engine/event_engine.h +5 -43
  4. data/include/grpc/event_engine/extensible.h +68 -0
  5. data/include/grpc/impl/slice_type.h +1 -1
  6. data/include/grpc/support/port_platform.h +12 -20
  7. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +1 -1
  8. data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
  9. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
  10. data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
  11. data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
  12. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
  13. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
  14. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
  15. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
  16. data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +247 -231
  17. data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
  18. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +6 -6
  19. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
  20. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
  21. data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
  22. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
  23. data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
  24. data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
  25. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
  26. data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
  27. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +2 -2
  28. data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
  29. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
  30. data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
  31. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
  32. data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
  33. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +8 -8
  34. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
  35. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
  36. data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
  37. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
  38. data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
  39. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
  40. data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
  41. data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +4 -4
  42. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
  43. data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
  44. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
  45. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
  46. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
  47. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
  48. data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
  49. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -1
  50. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
  51. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
  52. data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +2 -2
  53. data/src/core/ext/filters/http/server/http_server_filter.cc +1 -1
  54. data/src/core/ext/filters/message_size/message_size_filter.cc +3 -3
  55. data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
  56. data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
  57. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
  58. data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
  59. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +2 -2
  60. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +2 -2
  61. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +1 -1
  62. data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
  63. data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -1
  64. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +5 -5
  65. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
  66. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
  67. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -1
  68. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
  69. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
  70. data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
  71. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
  72. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
  73. data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
  74. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
  75. data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
  76. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
  77. data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
  78. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
  79. data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
  80. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
  81. data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
  82. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
  83. data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
  84. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
  85. data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
  86. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
  87. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
  88. data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
  89. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
  90. data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
  91. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
  92. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
  93. data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
  94. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
  95. data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
  96. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
  97. data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
  98. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
  99. data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
  100. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
  101. data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
  102. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
  103. data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
  104. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
  105. data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
  106. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
  107. data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
  108. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
  109. data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
  110. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
  111. data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
  112. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
  113. data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
  114. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
  115. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
  116. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
  117. data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
  118. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
  119. data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
  120. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
  121. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
  122. data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
  123. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
  124. data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
  125. data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
  126. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
  127. data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
  128. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
  129. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
  130. data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
  131. data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
  132. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
  133. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
  134. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
  135. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
  136. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
  137. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
  138. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
  139. data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
  140. data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
  141. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
  142. data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
  143. data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
  144. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
  145. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
  146. data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
  147. data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
  148. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
  149. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
  150. data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
  151. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
  152. data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
  153. data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
  154. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
  155. data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
  156. data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
  157. data/src/core/ext/xds/xds_api.cc +63 -150
  158. data/src/core/ext/xds/xds_api.h +2 -7
  159. data/src/core/ext/xds/xds_bootstrap.h +3 -4
  160. data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
  161. data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
  162. data/src/core/ext/xds/xds_client.cc +111 -59
  163. data/src/core/ext/xds/xds_client.h +20 -15
  164. data/src/core/ext/xds/xds_client_grpc.cc +53 -15
  165. data/src/core/ext/xds/xds_client_grpc.h +4 -1
  166. data/src/core/ext/xds/xds_client_stats.cc +11 -11
  167. data/src/core/ext/xds/xds_client_stats.h +8 -13
  168. data/src/core/ext/xds/xds_cluster.cc +1 -1
  169. data/src/core/ext/xds/xds_cluster.h +1 -1
  170. data/src/core/ext/xds/xds_endpoint.h +1 -1
  171. data/src/core/ext/xds/xds_health_status.h +1 -1
  172. data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
  173. data/src/core/ext/xds/xds_route_config.cc +1 -1
  174. data/src/core/ext/xds/xds_server_config_fetcher.cc +2 -2
  175. data/src/core/ext/xds/xds_transport_grpc.cc +5 -5
  176. data/src/core/lib/channel/channel_args.h +15 -1
  177. data/src/core/lib/channel/connected_channel.cc +13 -12
  178. data/src/core/lib/channel/promise_based_filter.cc +4 -4
  179. data/src/core/lib/channel/promise_based_filter.h +1 -2
  180. data/src/core/lib/config/core_configuration.h +3 -3
  181. data/src/core/lib/event_engine/ares_resolver.cc +106 -59
  182. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +4 -0
  183. data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
  184. data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
  185. data/src/core/lib/event_engine/forkable.cc +7 -5
  186. data/src/core/lib/event_engine/posix.h +11 -122
  187. data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +1 -5
  188. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
  189. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
  190. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -4
  191. data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -3
  192. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
  193. data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +10 -0
  194. data/src/core/lib/event_engine/query_extensions.h +85 -0
  195. data/src/core/lib/event_engine/shim.cc +3 -17
  196. data/src/core/lib/event_engine/shim.h +0 -2
  197. data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
  198. data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
  199. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
  200. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
  201. data/src/core/lib/event_engine/utils.cc +2 -1
  202. data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
  203. data/src/core/lib/event_engine/windows/native_windows_dns_resolver.cc +1 -0
  204. data/src/core/lib/experiments/config.cc +10 -2
  205. data/src/core/lib/experiments/config.h +6 -0
  206. data/src/core/lib/experiments/experiments.cc +57 -18
  207. data/src/core/lib/experiments/experiments.h +16 -8
  208. data/src/core/lib/gpr/posix/sync.cc +2 -2
  209. data/src/core/lib/gpr/posix/time.cc +0 -5
  210. data/src/core/lib/gpr/windows/sync.cc +2 -2
  211. data/src/core/lib/gprpp/debug_location.h +2 -0
  212. data/src/core/lib/gprpp/down_cast.h +49 -0
  213. data/src/core/lib/gprpp/linux/env.cc +1 -19
  214. data/src/core/lib/gprpp/load_file.cc +2 -1
  215. data/src/core/lib/gprpp/load_file.h +2 -1
  216. data/src/core/lib/gprpp/posix/thd.cc +27 -2
  217. data/src/core/lib/gprpp/thd.h +8 -0
  218. data/src/core/lib/gprpp/time.h +4 -3
  219. data/src/core/lib/gprpp/windows/directory_reader.cc +1 -0
  220. data/src/core/lib/gprpp/windows/thd.cc +10 -1
  221. data/src/core/lib/iomgr/combiner.cc +1 -1
  222. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +20 -14
  223. data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
  224. data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
  225. data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
  226. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
  227. data/src/core/lib/json/json_writer.cc +1 -1
  228. data/src/core/lib/promise/activity.h +8 -2
  229. data/src/core/lib/promise/context.h +45 -7
  230. data/src/core/lib/promise/for_each.h +6 -9
  231. data/src/core/lib/promise/interceptor_list.h +13 -5
  232. data/src/core/lib/promise/latch.h +3 -3
  233. data/src/core/lib/promise/party.cc +12 -0
  234. data/src/core/lib/promise/party.h +37 -6
  235. data/src/core/lib/promise/pipe.h +2 -7
  236. data/src/core/lib/promise/sleep.cc +1 -1
  237. data/src/core/lib/promise/status_flag.h +32 -2
  238. data/src/core/lib/resource_quota/memory_quota.cc +4 -4
  239. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -11
  240. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
  241. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
  242. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
  243. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
  244. data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -1
  245. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
  246. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
  247. data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
  248. data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
  249. data/src/core/lib/security/transport/legacy_server_auth_filter.cc +2 -2
  250. data/src/core/lib/security/transport/security_handshaker.cc +0 -8
  251. data/src/core/lib/security/transport/security_handshaker.h +0 -6
  252. data/src/core/lib/security/transport/server_auth_filter.cc +2 -2
  253. data/src/core/lib/slice/slice_buffer.h +3 -1
  254. data/src/core/lib/surface/call.cc +162 -76
  255. data/src/core/lib/surface/call_trace.cc +9 -9
  256. data/src/core/lib/surface/channel.cc +15 -24
  257. data/src/core/lib/surface/channel.h +4 -20
  258. data/src/core/lib/surface/channel_init.cc +81 -7
  259. data/src/core/lib/surface/channel_init.h +104 -6
  260. data/src/core/lib/surface/init.cc +1 -1
  261. data/src/core/lib/surface/server.cc +4 -7
  262. data/src/core/lib/surface/version.cc +2 -2
  263. data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
  264. data/src/core/lib/surface/wait_for_cq_end_op.h +4 -26
  265. data/src/core/lib/transport/batch_builder.cc +2 -3
  266. data/src/core/lib/transport/batch_builder.h +1 -1
  267. data/src/core/lib/transport/call_factory.cc +41 -0
  268. data/src/core/lib/transport/call_factory.h +56 -0
  269. data/src/core/lib/transport/call_filters.cc +371 -0
  270. data/src/core/lib/transport/call_filters.h +1500 -0
  271. data/src/core/lib/transport/call_size_estimator.cc +41 -0
  272. data/src/core/lib/transport/call_size_estimator.h +52 -0
  273. data/src/core/lib/transport/call_spine.cc +107 -0
  274. data/src/core/lib/transport/call_spine.h +429 -0
  275. data/src/core/lib/transport/handshaker.cc +0 -8
  276. data/src/core/lib/transport/handshaker.h +0 -7
  277. data/src/core/lib/transport/message.cc +45 -0
  278. data/src/core/lib/transport/message.h +61 -0
  279. data/src/core/lib/transport/metadata.cc +37 -0
  280. data/src/core/lib/transport/metadata.h +78 -0
  281. data/src/core/lib/transport/metadata_batch.cc +4 -2
  282. data/src/core/lib/transport/metadata_batch.h +2 -2
  283. data/src/core/lib/transport/transport.cc +0 -105
  284. data/src/core/lib/transport/transport.h +3 -452
  285. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.cc +1 -1
  286. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +4 -4
  287. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
  288. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +4 -4
  289. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
  290. data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
  291. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +6 -6
  292. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +6 -6
  293. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
  294. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
  295. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +19 -19
  296. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
  297. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
  298. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
  299. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
  300. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
  301. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
  302. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
  303. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +6 -6
  304. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
  305. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
  306. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
  307. data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +6 -6
  308. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
  309. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
  310. data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
  311. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +6 -6
  312. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
  313. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
  314. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +10 -10
  315. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
  316. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +6 -6
  317. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
  318. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +8 -8
  319. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +8 -8
  320. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
  321. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +13 -13
  322. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +7 -7
  323. data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
  324. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +8 -8
  325. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
  326. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
  327. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +10 -10
  328. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +7 -7
  329. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/cds.cc +26 -23
  330. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
  331. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +11 -11
  332. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +8 -8
  333. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.cc +10 -10
  334. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +4 -4
  335. data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +6 -6
  336. data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
  337. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +9 -9
  338. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
  339. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
  340. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
  341. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
  342. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
  343. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
  344. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
  345. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
  346. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
  347. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
  348. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +9 -9
  349. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
  350. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
  351. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
  352. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
  353. data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
  354. data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -1
  355. data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +3 -3
  356. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +2 -2
  357. data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
  358. data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +3 -3
  359. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +3 -3
  360. data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
  361. data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
  362. data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
  363. data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
  364. data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
  365. data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
  366. data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
  367. data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
  368. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.cc +4 -4
  369. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.h +4 -4
  370. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +11 -11
  371. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_attributes.h +4 -4
  372. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.cc +1 -1
  373. data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.h +3 -3
  374. data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
  375. data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
  376. data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
  377. data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
  378. data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
  379. data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
  380. data/src/core/tsi/fake_transport_security.cc +1 -1
  381. data/src/ruby/ext/grpc/extconf.rb +0 -1
  382. data/src/ruby/ext/grpc/rb_channel.c +11 -5
  383. data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
  384. data/src/ruby/lib/grpc/version.rb +1 -1
  385. data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
  386. data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
  387. data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
  388. data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
  389. data/third_party/abseil-cpp/absl/base/casts.h +1 -1
  390. data/third_party/abseil-cpp/absl/base/config.h +91 -24
  391. data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
  392. data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
  393. data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
  394. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
  395. data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
  396. data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
  397. data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
  398. data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
  399. data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
  400. data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
  401. data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
  402. data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
  403. data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
  404. data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
  405. data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
  406. data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
  407. data/third_party/abseil-cpp/absl/base/options.h +27 -1
  408. data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
  409. data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
  410. data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
  411. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
  412. data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
  413. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
  414. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
  415. data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
  416. data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
  417. data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
  418. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
  419. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
  420. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
  421. data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
  422. data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
  423. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
  424. data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
  425. data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
  426. data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
  427. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
  428. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
  429. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
  430. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
  431. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
  432. data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
  433. data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
  434. data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
  435. data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
  436. data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
  437. data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
  438. data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
  439. data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
  440. data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
  441. data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
  442. data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
  443. data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
  444. data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
  445. data/third_party/abseil-cpp/absl/status/status.cc +36 -238
  446. data/third_party/abseil-cpp/absl/status/status.h +95 -53
  447. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
  448. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
  449. data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
  450. data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
  451. data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
  452. data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
  453. data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
  454. data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
  455. data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
  456. data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
  457. data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
  458. data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
  459. data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
  460. data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
  461. data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
  462. data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
  463. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
  464. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
  465. data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
  466. data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
  467. data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
  468. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
  469. data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
  470. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
  471. data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
  472. data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
  473. data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
  474. data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
  475. data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
  476. data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
  477. data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
  478. data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
  479. data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
  480. data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
  481. data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
  482. data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
  483. data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
  484. data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
  485. data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
  486. data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
  487. data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
  488. data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
  489. data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
  490. data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
  491. data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
  492. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
  493. data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
  494. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
  495. data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
  496. data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
  497. data/third_party/abseil-cpp/absl/time/clock.h +5 -1
  498. data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
  499. data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
  500. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
  501. data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
  502. data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
  503. data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
  504. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
  505. data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
  506. data/third_party/abseil-cpp/absl/types/optional.h +3 -2
  507. data/third_party/abseil-cpp/absl/types/span.h +9 -4
  508. data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
  509. data/third_party/boringssl-with-bazel/err_data.c +278 -276
  510. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
  511. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
  512. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
  513. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
  514. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
  515. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
  516. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
  517. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
  518. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
  519. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
  520. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
  521. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
  522. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
  523. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
  524. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
  525. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
  526. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
  527. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
  528. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
  529. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
  530. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
  531. data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
  532. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
  533. data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
  534. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
  535. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
  536. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
  537. data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
  538. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
  539. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
  540. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
  541. data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
  542. data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
  543. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
  544. data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
  545. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
  546. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
  547. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
  548. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
  549. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
  550. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
  551. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
  552. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
  553. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
  554. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
  555. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
  556. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
  557. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
  558. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
  559. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
  560. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
  561. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
  562. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
  563. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
  564. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
  565. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
  566. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
  567. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
  568. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
  569. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
  570. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
  571. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
  572. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
  573. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
  574. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
  575. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
  576. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
  577. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
  578. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
  579. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
  580. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
  581. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
  582. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
  583. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
  584. data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
  585. data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
  586. data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
  587. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
  588. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
  589. data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
  590. data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
  591. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
  592. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
  593. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
  594. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
  595. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
  596. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
  597. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
  598. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
  599. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
  600. data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
  601. data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
  602. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
  603. data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
  604. data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
  605. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
  606. data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
  607. data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
  608. data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
  609. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
  610. data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
  611. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
  612. data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
  613. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
  614. data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
  615. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
  616. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
  617. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
  618. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
  619. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
  620. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
  621. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
  622. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
  623. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
  624. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
  625. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
  626. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
  627. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
  628. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
  629. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
  630. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
  631. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
  632. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
  633. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
  634. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
  635. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
  636. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
  637. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
  638. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
  639. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
  640. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
  641. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
  642. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
  643. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
  644. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
  645. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
  646. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
  647. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
  648. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
  649. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
  650. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
  651. data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
  652. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
  653. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
  654. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
  655. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
  656. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
  657. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
  658. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
  659. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
  660. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
  661. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
  662. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  663. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
  664. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
  665. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
  666. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
  667. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
  668. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
  669. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
  670. data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
  671. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
  672. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
  673. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
  674. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
  675. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
  676. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
  677. data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
  678. data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
  679. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
  680. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
  681. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
  682. data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
  683. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
  684. data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
  685. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  686. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
  687. data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
  688. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
  689. data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
  690. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
  691. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
  692. data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
  693. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
  694. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
  695. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
  696. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
  697. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
  698. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
  699. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
  700. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
  701. data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
  702. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
  703. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
  704. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
  705. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
  706. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
  707. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
  708. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
  709. data/third_party/cares/config_linux/ares_config.h +2 -38
  710. metadata +214 -179
  711. data/src/core/lib/iomgr/load_file.cc +0 -78
  712. data/src/core/lib/iomgr/load_file.h +0 -35
  713. data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
  714. data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
  715. data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
  716. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
  717. data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
  718. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
  719. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
  720. data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
  721. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
  722. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
  723. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
  724. /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
@@ -54,8 +54,8 @@
54
54
  * (eay@cryptsoft.com). This product includes software written by Tim
55
55
  * Hudson (tjh@cryptsoft.com). */
56
56
 
57
- #include <stdio.h>
58
-
57
+ #include <assert.h>
58
+ #include <limits.h>
59
59
  #include <string.h>
60
60
 
61
61
  #include <openssl/digest.h>
@@ -63,10 +63,9 @@
63
63
  #include <openssl/mem.h>
64
64
  #include <openssl/obj.h>
65
65
  #include <openssl/thread.h>
66
- #include <openssl/x509v3.h>
66
+ #include <openssl/x509.h>
67
67
 
68
68
  #include "../internal.h"
69
- #include "../x509/internal.h"
70
69
  #include "internal.h"
71
70
 
72
71
  #define V1_ROOT (EXFLAG_V1 | EXFLAG_SS)
@@ -74,16 +73,14 @@
74
73
  (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
75
74
  #define xku_reject(x, usage) \
76
75
  (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
77
- #define ns_reject(x, usage) \
78
- (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
79
76
 
77
+ static int check_ca(const X509 *x);
80
78
  static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
81
79
  int ca);
82
80
  static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
83
81
  int ca);
84
82
  static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
85
83
  int ca);
86
- static int purpose_smime(const X509 *x, int ca);
87
84
  static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
88
85
  int ca);
89
86
  static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
@@ -93,12 +90,8 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
93
90
  static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
94
91
  int ca);
95
92
  static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
96
- static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
97
-
98
- static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
99
- static void xptable_free(X509_PURPOSE *p);
100
93
 
101
- static X509_PURPOSE xstandard[] = {
94
+ static const X509_PURPOSE xstandard[] = {
102
95
  {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
103
96
  check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient", NULL},
104
97
  {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
@@ -115,39 +108,37 @@ static X509_PURPOSE xstandard[] = {
115
108
  (char *)"CRL signing", (char *)"crlsign", NULL},
116
109
  {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, (char *)"Any Purpose",
117
110
  (char *)"any", NULL},
118
- {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
111
+ // |X509_PURPOSE_OCSP_HELPER| performs no actual checks. OpenSSL's OCSP
112
+ // implementation relied on the caller performing EKU and KU checks.
113
+ {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, no_check,
119
114
  (char *)"OCSP helper", (char *)"ocsphelper", NULL},
120
115
  {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
121
116
  check_purpose_timestamp_sign, (char *)"Time Stamp signing",
122
117
  (char *)"timestampsign", NULL},
123
118
  };
124
119
 
125
- #define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(X509_PURPOSE))
126
-
127
- static STACK_OF(X509_PURPOSE) *xptable = NULL;
128
-
129
- static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) {
130
- return (*a)->purpose - (*b)->purpose;
131
- }
132
-
133
- // As much as I'd like to make X509_check_purpose use a "const" X509* I
134
- // really can't because it does recalculate hashes and do other non-const
135
- // things.
136
120
  int X509_check_purpose(X509 *x, int id, int ca) {
137
- int idx;
138
- const X509_PURPOSE *pt;
121
+ // This differs from OpenSSL, which uses -1 to indicate a fatal error and 0 to
122
+ // indicate an invalid certificate. BoringSSL uses 0 for both.
139
123
  if (!x509v3_cache_extensions(x)) {
140
- return -1;
124
+ return 0;
141
125
  }
142
126
 
143
127
  if (id == -1) {
144
128
  return 1;
145
129
  }
146
- idx = X509_PURPOSE_get_by_id(id);
130
+ int idx = X509_PURPOSE_get_by_id(id);
147
131
  if (idx == -1) {
148
- return -1;
132
+ return 0;
133
+ }
134
+ // Historically, |check_purpose| implementations other than |X509_PURPOSE_ANY|
135
+ // called |check_ca|. This is redundant with the |X509_V_ERR_INVALID_CA|
136
+ // logic, but |X509_check_purpose| is public API, so we preserve this
137
+ // behavior.
138
+ if (ca && id != X509_PURPOSE_ANY && !check_ca(x)) {
139
+ return 0;
149
140
  }
150
- pt = X509_PURPOSE_get0(idx);
141
+ const X509_PURPOSE *pt = X509_PURPOSE_get0(idx);
151
142
  return pt->check_purpose(pt, x, ca);
152
143
  }
153
144
 
@@ -160,25 +151,17 @@ int X509_PURPOSE_set(int *p, int purpose) {
160
151
  return 1;
161
152
  }
162
153
 
163
- int X509_PURPOSE_get_count(void) {
164
- if (!xptable) {
165
- return X509_PURPOSE_COUNT;
166
- }
167
- return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
168
- }
154
+ int X509_PURPOSE_get_count(void) { return OPENSSL_ARRAY_SIZE(xstandard); }
169
155
 
170
- X509_PURPOSE *X509_PURPOSE_get0(int idx) {
171
- if (idx < 0) {
156
+ const X509_PURPOSE *X509_PURPOSE_get0(int idx) {
157
+ if (idx < 0 || (size_t)idx >= OPENSSL_ARRAY_SIZE(xstandard)) {
172
158
  return NULL;
173
159
  }
174
- if (idx < (int)X509_PURPOSE_COUNT) {
175
- return xstandard + idx;
176
- }
177
- return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
160
+ return xstandard + idx;
178
161
  }
179
162
 
180
163
  int X509_PURPOSE_get_by_sname(const char *sname) {
181
- X509_PURPOSE *xptmp;
164
+ const X509_PURPOSE *xptmp;
182
165
  for (int i = 0; i < X509_PURPOSE_get_count(); i++) {
183
166
  xptmp = X509_PURPOSE_get0(i);
184
167
  if (!strcmp(xptmp->sname, sname)) {
@@ -189,118 +172,14 @@ int X509_PURPOSE_get_by_sname(const char *sname) {
189
172
  }
190
173
 
191
174
  int X509_PURPOSE_get_by_id(int purpose) {
192
- X509_PURPOSE tmp;
193
- size_t idx;
194
-
195
- if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) {
196
- return purpose - X509_PURPOSE_MIN;
197
- }
198
- tmp.purpose = purpose;
199
- if (!xptable) {
200
- return -1;
201
- }
202
-
203
- if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp)) {
204
- return -1;
205
- }
206
- return idx + X509_PURPOSE_COUNT;
207
- }
208
-
209
- int X509_PURPOSE_add(int id, int trust, int flags,
210
- int (*ck)(const X509_PURPOSE *, const X509 *, int),
211
- const char *name, const char *sname, void *arg) {
212
- X509_PURPOSE *ptmp;
213
- char *name_dup, *sname_dup;
214
-
215
- // This is set according to what we change: application can't set it
216
- flags &= ~X509_PURPOSE_DYNAMIC;
217
- // This will always be set for application modified trust entries
218
- flags |= X509_PURPOSE_DYNAMIC_NAME;
219
- // Get existing entry if any
220
- int idx = X509_PURPOSE_get_by_id(id);
221
- // Need a new entry
222
- if (idx == -1) {
223
- if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
224
- return 0;
225
- }
226
- ptmp->flags = X509_PURPOSE_DYNAMIC;
227
- } else {
228
- ptmp = X509_PURPOSE_get0(idx);
229
- }
230
-
231
- // Duplicate the supplied names.
232
- name_dup = OPENSSL_strdup(name);
233
- sname_dup = OPENSSL_strdup(sname);
234
- if (name_dup == NULL || sname_dup == NULL) {
235
- if (name_dup != NULL) {
236
- OPENSSL_free(name_dup);
237
- }
238
- if (sname_dup != NULL) {
239
- OPENSSL_free(sname_dup);
175
+ for (size_t i = 0; i <OPENSSL_ARRAY_SIZE(xstandard); i++) {
176
+ if (xstandard[i].purpose == purpose) {
177
+ static_assert(OPENSSL_ARRAY_SIZE(xstandard) <= INT_MAX,
178
+ "indices must fit in int");
179
+ return (int)i;
240
180
  }
241
- if (idx == -1) {
242
- OPENSSL_free(ptmp);
243
- }
244
- return 0;
245
181
  }
246
-
247
- // OPENSSL_free existing name if dynamic
248
- if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
249
- OPENSSL_free(ptmp->name);
250
- OPENSSL_free(ptmp->sname);
251
- }
252
- // dup supplied name
253
- ptmp->name = name_dup;
254
- ptmp->sname = sname_dup;
255
- // Keep the dynamic flag of existing entry
256
- ptmp->flags &= X509_PURPOSE_DYNAMIC;
257
- // Set all other flags
258
- ptmp->flags |= flags;
259
-
260
- ptmp->purpose = id;
261
- ptmp->trust = trust;
262
- ptmp->check_purpose = ck;
263
- ptmp->usr_data = arg;
264
-
265
- // If its a new entry manage the dynamic table
266
- if (idx == -1) {
267
- // TODO(davidben): This should be locked. Alternatively, remove the dynamic
268
- // registration mechanism entirely. The trouble is there no way to pass in
269
- // the various parameters into an |X509_VERIFY_PARAM| directly. You can only
270
- // register it in the global table and get an ID.
271
- if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
272
- xptable_free(ptmp);
273
- return 0;
274
- }
275
- if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
276
- xptable_free(ptmp);
277
- return 0;
278
- }
279
- sk_X509_PURPOSE_sort(xptable);
280
- }
281
- return 1;
282
- }
283
-
284
- static void xptable_free(X509_PURPOSE *p) {
285
- if (!p) {
286
- return;
287
- }
288
- if (p->flags & X509_PURPOSE_DYNAMIC) {
289
- if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
290
- OPENSSL_free(p->name);
291
- OPENSSL_free(p->sname);
292
- }
293
- OPENSSL_free(p);
294
- }
295
- }
296
-
297
- void X509_PURPOSE_cleanup(void) {
298
- unsigned int i;
299
- sk_X509_PURPOSE_pop_free(xptable, xptable_free);
300
- for (i = 0; i < X509_PURPOSE_COUNT; i++) {
301
- xptable_free(xstandard + i);
302
- }
303
- xptable = NULL;
182
+ return -1;
304
183
  }
305
184
 
306
185
  int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; }
@@ -311,63 +190,25 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; }
311
190
 
312
191
  int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; }
313
192
 
314
- static int nid_cmp(const void *void_a, const void *void_b) {
315
- const int *a = void_a, *b = void_b;
316
-
317
- return *a - *b;
318
- }
319
-
320
193
  int X509_supported_extension(const X509_EXTENSION *ex) {
321
- // This table is a list of the NIDs of supported extensions: that is
322
- // those which are used by the verify process. If an extension is
323
- // critical and doesn't appear in this list then the verify process will
324
- // normally reject the certificate. The list must be kept in numerical
325
- // order because it will be searched using bsearch.
326
-
327
- static const int supported_nids[] = {
328
- NID_netscape_cert_type, // 71
329
- NID_key_usage, // 83
330
- NID_subject_alt_name, // 85
331
- NID_basic_constraints, // 87
332
- NID_certificate_policies, // 89
333
- NID_ext_key_usage, // 126
334
- NID_policy_constraints, // 401
335
- NID_name_constraints, // 666
336
- NID_policy_mappings, // 747
337
- NID_inhibit_any_policy // 748
338
- };
339
-
340
- int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
341
-
342
- if (ex_nid == NID_undef) {
343
- return 0;
344
- }
345
-
346
- if (bsearch(&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
347
- sizeof(int), nid_cmp) != NULL) {
348
- return 1;
349
- }
350
- return 0;
194
+ int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
195
+ return nid == NID_key_usage || //
196
+ nid == NID_subject_alt_name || //
197
+ nid == NID_basic_constraints || //
198
+ nid == NID_certificate_policies || //
199
+ nid == NID_ext_key_usage || //
200
+ nid == NID_policy_constraints || //
201
+ nid == NID_name_constraints || //
202
+ nid == NID_policy_mappings || //
203
+ nid == NID_inhibit_any_policy;
351
204
  }
352
205
 
353
206
  static int setup_dp(X509 *x, DIST_POINT *dp) {
354
- X509_NAME *iname = NULL;
355
- size_t i;
356
- if (dp->reasons) {
357
- if (dp->reasons->length > 0) {
358
- dp->dp_reasons = dp->reasons->data[0];
359
- }
360
- if (dp->reasons->length > 1) {
361
- dp->dp_reasons |= (dp->reasons->data[1] << 8);
362
- }
363
- dp->dp_reasons &= CRLDP_ALL_REASONS;
364
- } else {
365
- dp->dp_reasons = CRLDP_ALL_REASONS;
366
- }
367
207
  if (!dp->distpoint || (dp->distpoint->type != 1)) {
368
208
  return 1;
369
209
  }
370
- for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
210
+ X509_NAME *iname = NULL;
211
+ for (size_t i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
371
212
  GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
372
213
  if (gen->type == GEN_DIRNAME) {
373
214
  iname = gen->d.directoryName;
@@ -398,7 +239,6 @@ static int setup_crldp(X509 *x) {
398
239
  int x509v3_cache_extensions(X509 *x) {
399
240
  BASIC_CONSTRAINTS *bs;
400
241
  ASN1_BIT_STRING *usage;
401
- ASN1_BIT_STRING *ns;
402
242
  EXTENDED_KEY_USAGE *extusage;
403
243
  size_t i;
404
244
  int j;
@@ -512,17 +352,6 @@ int x509v3_cache_extensions(X509 *x) {
512
352
  x->ex_flags |= EXFLAG_INVALID;
513
353
  }
514
354
 
515
- if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
516
- if (ns->length > 0) {
517
- x->ex_nscert = ns->data[0];
518
- } else {
519
- x->ex_nscert = 0;
520
- }
521
- x->ex_flags |= EXFLAG_NSCERT;
522
- ASN1_BIT_STRING_free(ns);
523
- } else if (j != -1) {
524
- x->ex_flags |= EXFLAG_INVALID;
525
- }
526
355
  x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
527
356
  if (x->skid == NULL && j != -1) {
528
357
  x->ex_flags |= EXFLAG_INVALID;
@@ -536,7 +365,7 @@ int x509v3_cache_extensions(X509 *x) {
536
365
  x->ex_flags |= EXFLAG_SI;
537
366
  // If SKID matches AKID also indicate self signed
538
367
  if (X509_check_akid(x, x->akid) == X509_V_OK &&
539
- !ku_reject(x, KU_KEY_CERT_SIGN)) {
368
+ !ku_reject(x, X509v3_KU_KEY_CERT_SIGN)) {
540
369
  x->ex_flags |= EXFLAG_SS;
541
370
  }
542
371
  }
@@ -554,9 +383,6 @@ int x509v3_cache_extensions(X509 *x) {
554
383
 
555
384
  for (j = 0; j < X509_get_ext_count(x); j++) {
556
385
  const X509_EXTENSION *ex = X509_get_ext(x, j);
557
- if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) {
558
- x->ex_flags |= EXFLAG_FRESHEST;
559
- }
560
386
  if (!X509_EXTENSION_get_critical(ex)) {
561
387
  continue;
562
388
  }
@@ -575,7 +401,7 @@ int x509v3_cache_extensions(X509 *x) {
575
401
  // otherwise.
576
402
  static int check_ca(const X509 *x) {
577
403
  // keyUsage if present should allow cert signing
578
- if (ku_reject(x, KU_KEY_CERT_SIGN)) {
404
+ if (ku_reject(x, X509v3_KU_KEY_CERT_SIGN)) {
579
405
  return 0;
580
406
  }
581
407
  // Version 1 certificates are considered CAs and don't have extensions.
@@ -593,138 +419,68 @@ int X509_check_ca(X509 *x) {
593
419
  return check_ca(x);
594
420
  }
595
421
 
596
- static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
597
- int ca) {
598
- if (xku_reject(x, XKU_SSL_CLIENT)) {
422
+ // check_purpose returns one if |x| is a valid part of a certificate path for
423
+ // extended key usage |required_xku| and at least one of key usages in
424
+ // |required_kus|. |ca| indicates whether |x| is a CA or end-entity certificate.
425
+ static int check_purpose(const X509 *x, int ca, int required_xku,
426
+ int required_kus) {
427
+ // Check extended key usage on the entire chain.
428
+ if (required_xku != 0 && xku_reject(x, required_xku)) {
599
429
  return 0;
600
430
  }
601
- if (ca) {
602
- return check_ca(x);
603
- }
604
- // We need to do digital signatures or key agreement
605
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT)) {
606
- return 0;
607
- }
608
- // nsCertType if present should allow SSL client use
609
- if (ns_reject(x, NS_SSL_CLIENT)) {
610
- return 0;
611
- }
612
- return 1;
431
+
432
+ // Check key usages only on the end-entity certificate.
433
+ return ca || !ku_reject(x, required_kus);
434
+ }
435
+
436
+ static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
437
+ int ca) {
438
+ // We need to do digital signatures or key agreement.
439
+ //
440
+ // TODO(davidben): We do not implement any TLS client certificate modes based
441
+ // on key agreement.
442
+ return check_purpose(x, ca, XKU_SSL_CLIENT,
443
+ X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_AGREEMENT);
613
444
  }
614
445
 
615
446
  // Key usage needed for TLS/SSL server: digital signature, encipherment or
616
447
  // key agreement. The ssl code can check this more thoroughly for individual
617
448
  // key types.
618
- #define KU_TLS (KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT | KU_KEY_AGREEMENT)
449
+ #define X509v3_KU_TLS \
450
+ (X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_ENCIPHERMENT | \
451
+ X509v3_KU_KEY_AGREEMENT)
619
452
 
620
453
  static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
621
454
  int ca) {
622
- if (xku_reject(x, XKU_SSL_SERVER)) {
623
- return 0;
624
- }
625
- if (ca) {
626
- return check_ca(x);
627
- }
628
-
629
- if (ns_reject(x, NS_SSL_SERVER)) {
630
- return 0;
631
- }
632
- if (ku_reject(x, KU_TLS)) {
633
- return 0;
634
- }
635
-
636
- return 1;
455
+ return check_purpose(x, ca, XKU_SSL_SERVER, X509v3_KU_TLS);
637
456
  }
638
457
 
639
458
  static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
640
459
  int ca) {
641
- int ret;
642
- ret = check_purpose_ssl_server(xp, x, ca);
643
- if (!ret || ca) {
644
- return ret;
645
- }
646
- // We need to encipher or Netscape complains
647
- if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
648
- return 0;
649
- }
650
- return ret;
651
- }
652
-
653
- // purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
654
- // (|ca| is one) certificate, and zero otherwise.
655
- static int purpose_smime(const X509 *x, int ca) {
656
- if (xku_reject(x, XKU_SMIME)) {
657
- return 0;
658
- }
659
- if (ca) {
660
- // check nsCertType if present
661
- if ((x->ex_flags & EXFLAG_NSCERT) && (x->ex_nscert & NS_SMIME_CA) == 0) {
662
- return 0;
663
- }
664
-
665
- return check_ca(x);
666
- }
667
- if (x->ex_flags & EXFLAG_NSCERT) {
668
- return (x->ex_nscert & NS_SMIME) == NS_SMIME;
669
- }
670
- return 1;
460
+ // We need to encipher or Netscape complains.
461
+ return check_purpose(x, ca, XKU_SSL_SERVER, X509v3_KU_KEY_ENCIPHERMENT);
671
462
  }
672
463
 
673
464
  static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
674
465
  int ca) {
675
- int ret;
676
- ret = purpose_smime(x, ca);
677
- if (!ret || ca) {
678
- return ret;
679
- }
680
- if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) {
681
- return 0;
682
- }
683
- return ret;
466
+ return check_purpose(x, ca, XKU_SMIME,
467
+ X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION);
684
468
  }
685
469
 
686
470
  static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
687
471
  int ca) {
688
- int ret;
689
- ret = purpose_smime(x, ca);
690
- if (!ret || ca) {
691
- return ret;
692
- }
693
- if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
694
- return 0;
695
- }
696
- return ret;
472
+ return check_purpose(x, ca, XKU_SMIME, X509v3_KU_KEY_ENCIPHERMENT);
697
473
  }
698
474
 
699
475
  static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
700
476
  int ca) {
701
- if (ca) {
702
- return check_ca(x);
703
- }
704
- if (ku_reject(x, KU_CRL_SIGN)) {
705
- return 0;
706
- }
707
- return 1;
708
- }
709
-
710
- // OCSP helper: this is *not* a full OCSP check. It just checks that each CA
711
- // is valid. Additional checks must be made on the chain.
712
-
713
- static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) {
714
- if (ca) {
715
- return check_ca(x);
716
- }
717
- // leaf certificate is checked in OCSP_verify()
718
- return 1;
477
+ return check_purpose(x, ca, /*required_xku=*/0, X509v3_KU_CRL_SIGN);
719
478
  }
720
479
 
721
480
  static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
722
481
  int ca) {
723
- int i_ext;
724
-
725
- // If ca is true we must return if this is a valid CA certificate.
726
482
  if (ca) {
727
- return check_ca(x);
483
+ return 1;
728
484
  }
729
485
 
730
486
  // Check the optional key usage field:
@@ -732,20 +488,24 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
732
488
  // and/or nonRepudiation (other values are not consistent and shall
733
489
  // be rejected).
734
490
  if ((x->ex_flags & EXFLAG_KUSAGE) &&
735
- ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
736
- !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) {
491
+ ((x->ex_kusage &
492
+ ~(X509v3_KU_NON_REPUDIATION | X509v3_KU_DIGITAL_SIGNATURE)) ||
493
+ !(x->ex_kusage &
494
+ (X509v3_KU_NON_REPUDIATION | X509v3_KU_DIGITAL_SIGNATURE)))) {
737
495
  return 0;
738
496
  }
739
497
 
740
498
  // Only time stamp key usage is permitted and it's required.
499
+ //
500
+ // TODO(davidben): Should we check EKUs up the chain like the other cases?
741
501
  if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) {
742
502
  return 0;
743
503
  }
744
504
 
745
505
  // Extended Key Usage MUST be critical
746
- i_ext = X509_get_ext_by_NID((X509 *)x, NID_ext_key_usage, -1);
506
+ int i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
747
507
  if (i_ext >= 0) {
748
- const X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
508
+ const X509_EXTENSION *ext = X509_get_ext(x, i_ext);
749
509
  if (!X509_EXTENSION_get_critical(ext)) {
750
510
  return 0;
751
511
  }
@@ -756,14 +516,6 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
756
516
 
757
517
  static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; }
758
518
 
759
- // Various checks to see if one certificate issued the second. This can be
760
- // used to prune a set of possible issuer certificates which have been looked
761
- // up using some simple method such as by subject name. These are: 1. Check
762
- // issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
763
- // check it matches issuer 3. If key_usage(issuer) exists check it supports
764
- // certificate signing returns 0 for OK, positive for reason for mismatch,
765
- // reasons match codes for X509_verify_cert()
766
-
767
519
  int X509_check_issued(X509 *issuer, X509 *subject) {
768
520
  if (X509_NAME_cmp(X509_get_subject_name(issuer),
769
521
  X509_get_issuer_name(subject))) {
@@ -780,13 +532,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) {
780
532
  }
781
533
  }
782
534
 
783
- if (ku_reject(issuer, KU_KEY_CERT_SIGN)) {
535
+ if (ku_reject(issuer, X509v3_KU_KEY_CERT_SIGN)) {
784
536
  return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
785
537
  }
786
538
  return X509_V_OK;
787
539
  }
788
540
 
789
- int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) {
541
+ int X509_check_akid(X509 *issuer, const AUTHORITY_KEYID *akid) {
790
542
  if (!akid) {
791
543
  return X509_V_OK;
792
544
  }
@@ -839,6 +591,9 @@ uint32_t X509_get_key_usage(X509 *x) {
839
591
  if (x->ex_flags & EXFLAG_KUSAGE) {
840
592
  return x->ex_kusage;
841
593
  }
594
+ // If there is no extension, key usage is unconstrained, so set all bits to
595
+ // one. Note that, although we use |UINT32_MAX|, |ex_kusage| only contains the
596
+ // first 16 bits when the extension is present.
842
597
  return UINT32_MAX;
843
598
  }
844
599
 
@@ -849,6 +604,8 @@ uint32_t X509_get_extended_key_usage(X509 *x) {
849
604
  if (x->ex_flags & EXFLAG_XKUSAGE) {
850
605
  return x->ex_xkusage;
851
606
  }
607
+ // If there is no extension, extended key usage is unconstrained, so set all
608
+ // bits to one.
852
609
  return UINT32_MAX;
853
610
  }
854
611
 
@@ -62,9 +62,8 @@
62
62
  #include <openssl/err.h>
63
63
  #include <openssl/obj.h>
64
64
  #include <openssl/mem.h>
65
- #include <openssl/x509v3.h>
65
+ #include <openssl/x509.h>
66
66
 
67
- #include "../x509/internal.h"
68
67
  #include "internal.h"
69
68
 
70
69