grpc 1.61.3 → 1.62.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Makefile +218 -196
- data/include/grpc/event_engine/event_engine.h +5 -43
- data/include/grpc/event_engine/extensible.h +68 -0
- data/include/grpc/impl/slice_type.h +1 -1
- data/include/grpc/support/port_platform.h +12 -20
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/backend_metric.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/backup_poller.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/channel_connectivity.cc +11 -11
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_channelz.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_factory.h +4 -4
- data/src/core/{ext/filters/client_channel/client_channel.cc → client_channel/client_channel_filter.cc} +247 -231
- data/src/core/{ext/filters/client_channel/client_channel.h → client_channel/client_channel_filter.h} +42 -42
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_internal.h +6 -6
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_plugin.cc +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/client_channel_service_config.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/config_selector.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/connector.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/dynamic_filters.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/global_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/http_proxy_mapper.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/local_subchannel_pool.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.cc +8 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter.h +8 -8
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.cc +12 -9
- data/src/core/{ext/filters/client_channel → client_channel}/retry_filter_legacy_call_data.h +11 -10
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_service_config.h +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/retry_throttle.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/service_config_channel_arg_filter.cc +4 -4
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.cc +2 -2
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel.h +6 -6
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_interface_internal.h +5 -5
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_pool_interface.h +3 -3
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.cc +1 -1
- data/src/core/{ext/filters/client_channel → client_channel}/subchannel_stream_client.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.h +1 -1
- data/src/core/ext/filters/http/message_compress/legacy_compression_filter.cc +2 -2
- data/src/core/ext/filters/http/server/http_server_filter.cc +1 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +3 -3
- data/src/core/ext/filters/message_size/message_size_filter.h +1 -1
- data/src/core/ext/filters/rbac/rbac_filter.cc +1 -1
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +2 -2
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +2 -2
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +2 -2
- data/src/core/ext/filters/stateful_session/stateful_session_filter.h +1 -1
- data/src/core/ext/filters/stateful_session/stateful_session_service_config_parser.h +1 -1
- data/src/core/ext/transport/chttp2/alpn/alpn.cc +4 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +5 -5
- data/src/core/ext/transport/chttp2/client/chttp2_connector.h +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +1 -0
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +5 -0
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +27 -36
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +3 -3
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +3 -1
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/ext/transport/inproc/inproc_transport.h +8 -0
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb.h +351 -164
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.c +89 -50
- data/src/core/ext/upb-gen/envoy/config/bootstrap/v3/bootstrap.upb_minitable.h +2 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb.h +47 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/cluster.upb_minitable.c +15 -7
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb.h +32 -3
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/filter.upb_minitable.c +8 -5
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb.h +28 -0
- data/src/core/ext/upb-gen/envoy/config/cluster/v3/outlier_detection.upb_minitable.c +6 -4
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb.h +0 -1
- data/src/core/ext/upb-gen/envoy/config/common/matcher/v3/matcher.upb_minitable.c +0 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb.h +29 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/address.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb.h +17 -1
- data/src/core/ext/upb-gen/envoy/config/core/v3/base.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb.h +166 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.c +55 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/http_service.upb_minitable.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/core/v3/protocol.upb_minitable.c +7 -5
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb.h +99 -19
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.c +29 -12
- data/src/core/ext/upb-gen/envoy/config/core/v3/substitution_format_string.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/config/endpoint/v3/endpoint.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb.h +31 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route.upb_minitable.c +22 -4
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb.h +91 -3
- data/src/core/ext/upb-gen/envoy/config/route/v3/route_components.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb.h +30 -0
- data/src/core/ext/upb-gen/envoy/config/tap/v3/common.upb_minitable.c +7 -4
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/dynamic_ot.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb.h +125 -3
- data/src/core/ext/upb-gen/envoy/config/trace/v3/opentelemetry.upb_minitable.c +17 -4
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb.h +19 -1
- data/src/core/ext/upb-gen/envoy/data/accesslog/v3/accesslog.upb_minitable.c +4 -3
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb.h +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/router/v3/router.upb_minitable.c +1 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upb_minitable.c +5 -2
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +42 -0
- data/src/core/ext/upb-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb_minitable.c +11 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb.h +23 -8
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/common.upb_minitable.c +9 -4
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +58 -16
- data/src/core/ext/upb-gen/envoy/extensions/transport_sockets/tls/v3/tls.upb_minitable.c +14 -11
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb.h +15 -0
- data/src/core/ext/upb-gen/envoy/service/status/v3/csds.upb_minitable.c +7 -2
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb.h +129 -0
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.c +27 -6
- data/src/core/ext/upb-gen/envoy/type/matcher/v3/value.upb_minitable.h +1 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb.h +15 -0
- data/src/core/ext/upb-gen/xds/type/matcher/v3/cel.upb_minitable.c +5 -2
- data/src/core/ext/upbdefs-gen/envoy/config/accesslog/v3/accesslog.upbdefs.c +60 -60
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +278 -256
- data/src/core/ext/upbdefs-gen/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/cluster.upbdefs.c +483 -475
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/filter.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/config/cluster/v3/outlier_detection.upbdefs.c +17 -12
- data/src/core/ext/upbdefs-gen/envoy/config/common/matcher/v3/matcher.upbdefs.c +157 -161
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/address.upbdefs.c +105 -97
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/base.upbdefs.c +106 -102
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_service.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/http_uri.upbdefs.c +14 -13
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/protocol.upbdefs.c +228 -224
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.c +32 -26
- data/src/core/ext/upbdefs-gen/envoy/config/core/v3/substitution_format_string.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/envoy/config/endpoint/v3/endpoint.upbdefs.c +31 -28
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route.upbdefs.c +22 -19
- data/src/core/ext/upbdefs-gen/envoy/config/route/v3/route_components.upbdefs.c +818 -813
- data/src/core/ext/upbdefs-gen/envoy/config/tap/v3/common.upbdefs.c +158 -151
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/dynamic_ot.upbdefs.c +27 -23
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opencensus.upbdefs.c +59 -53
- data/src/core/ext/upbdefs-gen/envoy/config/trace/v3/opentelemetry.upbdefs.c +40 -18
- data/src/core/ext/upbdefs-gen/envoy/data/accesslog/v3/accesslog.upbdefs.c +106 -103
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/router/v3/router.upbdefs.c +16 -12
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/http/stateful_session/v3/stateful_session.upbdefs.c +22 -21
- data/src/core/ext/upbdefs-gen/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +265 -261
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +127 -125
- data/src/core/ext/upbdefs-gen/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +188 -182
- data/src/core/ext/upbdefs-gen/envoy/service/status/v3/csds.upbdefs.c +57 -56
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.c +27 -20
- data/src/core/ext/upbdefs-gen/envoy/type/matcher/v3/value.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-gen/xds/type/matcher/v3/cel.upbdefs.c +10 -8
- data/src/core/ext/xds/xds_api.cc +63 -150
- data/src/core/ext/xds/xds_api.h +2 -7
- data/src/core/ext/xds/xds_bootstrap.h +3 -4
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +4 -15
- data/src/core/ext/xds/xds_bootstrap_grpc.h +2 -1
- data/src/core/ext/xds/xds_client.cc +111 -59
- data/src/core/ext/xds/xds_client.h +20 -15
- data/src/core/ext/xds/xds_client_grpc.cc +53 -15
- data/src/core/ext/xds/xds_client_grpc.h +4 -1
- data/src/core/ext/xds/xds_client_stats.cc +11 -11
- data/src/core/ext/xds/xds_client_stats.h +8 -13
- data/src/core/ext/xds/xds_cluster.cc +1 -1
- data/src/core/ext/xds/xds_cluster.h +1 -1
- data/src/core/ext/xds/xds_endpoint.h +1 -1
- data/src/core/ext/xds/xds_health_status.h +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +1 -1
- data/src/core/ext/xds/xds_route_config.cc +1 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +2 -2
- data/src/core/ext/xds/xds_transport_grpc.cc +5 -5
- data/src/core/lib/channel/channel_args.h +15 -1
- data/src/core/lib/channel/connected_channel.cc +13 -12
- data/src/core/lib/channel/promise_based_filter.cc +4 -4
- data/src/core/lib/channel/promise_based_filter.h +1 -2
- data/src/core/lib/config/core_configuration.h +3 -3
- data/src/core/lib/event_engine/ares_resolver.cc +106 -59
- data/src/core/lib/event_engine/extensions/can_track_errors.h +40 -0
- data/src/core/lib/event_engine/extensions/supports_fd.h +160 -0
- data/src/core/lib/event_engine/forkable.cc +7 -5
- data/src/core/lib/event_engine/posix.h +11 -122
- data/src/core/lib/event_engine/posix_engine/native_posix_dns_resolver.h +1 -5
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +31 -7
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +1 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +3 -4
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +2 -3
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +14 -6
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener_utils.cc +10 -0
- data/src/core/lib/event_engine/query_extensions.h +85 -0
- data/src/core/lib/event_engine/shim.cc +3 -17
- data/src/core/lib/event_engine/shim.h +0 -2
- data/src/core/lib/event_engine/thread_pool/thread_count.cc +28 -7
- data/src/core/lib/event_engine/thread_pool/thread_count.h +6 -1
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +109 -5
- data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +9 -0
- data/src/core/lib/event_engine/utils.cc +2 -1
- data/src/core/lib/event_engine/windows/grpc_polled_fd_windows.cc +1 -0
- data/src/core/lib/experiments/config.cc +10 -2
- data/src/core/lib/experiments/config.h +6 -0
- data/src/core/lib/experiments/experiments.cc +57 -18
- data/src/core/lib/experiments/experiments.h +16 -8
- data/src/core/lib/gpr/posix/sync.cc +2 -2
- data/src/core/lib/gpr/posix/time.cc +0 -5
- data/src/core/lib/gpr/windows/sync.cc +2 -2
- data/src/core/lib/gprpp/debug_location.h +2 -0
- data/src/core/lib/gprpp/down_cast.h +49 -0
- data/src/core/lib/gprpp/linux/env.cc +1 -19
- data/src/core/lib/gprpp/load_file.cc +2 -1
- data/src/core/lib/gprpp/load_file.h +2 -1
- data/src/core/lib/gprpp/posix/thd.cc +27 -2
- data/src/core/lib/gprpp/thd.h +8 -0
- data/src/core/lib/gprpp/time.h +4 -3
- data/src/core/lib/gprpp/windows/thd.cc +10 -1
- data/src/core/lib/iomgr/combiner.cc +1 -1
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +20 -14
- data/src/core/lib/iomgr/grpc_if_nametoindex_posix.cc +2 -2
- data/src/core/lib/iomgr/grpc_if_nametoindex_unsupported.cc +2 -2
- data/src/core/lib/iomgr/tcp_server_posix.cc +65 -50
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -0
- data/src/core/lib/json/json_writer.cc +1 -1
- data/src/core/lib/promise/activity.h +8 -2
- data/src/core/lib/promise/context.h +45 -7
- data/src/core/lib/promise/for_each.h +6 -9
- data/src/core/lib/promise/interceptor_list.h +13 -5
- data/src/core/lib/promise/latch.h +3 -3
- data/src/core/lib/promise/party.cc +12 -0
- data/src/core/lib/promise/party.h +37 -6
- data/src/core/lib/promise/pipe.h +2 -7
- data/src/core/lib/promise/sleep.cc +1 -1
- data/src/core/lib/promise/status_flag.h +32 -2
- data/src/core/lib/resource_quota/memory_quota.cc +4 -4
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +5 -11
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +11 -10
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +9 -7
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +16 -24
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +1 -1
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +3 -7
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +1 -1
- data/src/core/lib/security/security_connector/ssl_utils.cc +26 -17
- data/src/core/lib/security/transport/legacy_server_auth_filter.cc +2 -2
- data/src/core/lib/security/transport/security_handshaker.cc +0 -8
- data/src/core/lib/security/transport/security_handshaker.h +0 -6
- data/src/core/lib/security/transport/server_auth_filter.cc +2 -2
- data/src/core/lib/slice/slice_buffer.h +3 -1
- data/src/core/lib/surface/call.cc +162 -76
- data/src/core/lib/surface/call_trace.cc +9 -9
- data/src/core/lib/surface/channel.cc +15 -24
- data/src/core/lib/surface/channel.h +4 -20
- data/src/core/lib/surface/channel_init.cc +81 -7
- data/src/core/lib/surface/channel_init.h +104 -6
- data/src/core/lib/surface/init.cc +1 -1
- data/src/core/lib/surface/server.cc +4 -7
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/surface/wait_for_cq_end_op.cc +75 -0
- data/src/core/lib/surface/wait_for_cq_end_op.h +4 -26
- data/src/core/lib/transport/batch_builder.cc +2 -3
- data/src/core/lib/transport/batch_builder.h +1 -1
- data/src/core/lib/transport/call_factory.cc +41 -0
- data/src/core/lib/transport/call_factory.h +56 -0
- data/src/core/lib/transport/call_filters.cc +371 -0
- data/src/core/lib/transport/call_filters.h +1500 -0
- data/src/core/lib/transport/call_size_estimator.cc +41 -0
- data/src/core/lib/transport/call_size_estimator.h +52 -0
- data/src/core/lib/transport/call_spine.cc +107 -0
- data/src/core/lib/transport/call_spine.h +429 -0
- data/src/core/lib/transport/handshaker.cc +0 -8
- data/src/core/lib/transport/handshaker.h +0 -7
- data/src/core/lib/transport/message.cc +45 -0
- data/src/core/lib/transport/message.h +61 -0
- data/src/core/lib/transport/metadata.cc +37 -0
- data/src/core/lib/transport/metadata.h +78 -0
- data/src/core/lib/transport/metadata_batch.cc +4 -2
- data/src/core/lib/transport/metadata_batch.h +2 -2
- data/src/core/lib/transport/transport.cc +0 -105
- data/src/core/lib/transport/transport.h +3 -452
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/address_filtering.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/backend_metric_data.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.cc +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/child_policy_handler.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/delegating_helper.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/endpoint_list.h +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.cc +2 -2
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/client_load_reporting_filter.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.cc +19 -19
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_balancer_addresses.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/grpclb_client_stats.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/grpclb/load_balancer_api.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/health_check_client_internal.h +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.cc +1 -1
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy.h +6 -6
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_factory.h +4 -4
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.cc +2 -2
- data/src/core/{lib/load_balancing → load_balancing}/lb_policy_registry.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric.h +5 -5
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/oob_backend_metric_internal.h +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/outlier_detection/outlier_detection.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.cc +6 -6
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/pick_first/pick_first.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/priority/priority.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/ring_hash/ring_hash.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/rls/rls.cc +13 -13
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/round_robin/round_robin.cc +7 -7
- data/src/core/{lib/load_balancing → load_balancing}/subchannel_interface.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/subchannel_list.h +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.cc +1 -1
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/static_stride_scheduler.h +3 -3
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_round_robin/weighted_round_robin.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/weighted_target/weighted_target.cc +7 -7
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/cds.cc +26 -23
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_channel_args.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_impl.cc +11 -11
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_cluster_manager.cc +8 -8
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.cc +10 -10
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_override_host.h +4 -4
- data/src/core/{ext/filters/client_channel/lb_policy → load_balancing}/xds/xds_wrr_locality.cc +6 -6
- data/src/core/{ext/filters/client_channel/resolver → resolver}/binder/binder_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.cc +9 -9
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/dns_resolver_ares.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_ev_driver_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_posix.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/c_ares/grpc_ares_wrapper_windows.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.cc +7 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/dns_resolver_plugin.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.cc +9 -9
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/event_engine_client_channel_resolver.h +5 -5
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/event_engine/service_config_helper.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/dns/native/dns_resolver.h +3 -3
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.cc +1 -1
- data/src/core/{lib/resolver → resolver}/endpoint_addresses.h +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.cc +2 -2
- data/src/core/{ext/filters/client_channel/resolver → resolver}/fake/fake_resolver.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/google_c2p/google_c2p_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/polling_resolver.h +5 -5
- data/src/core/{lib/resolver → resolver}/resolver.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver.h +6 -6
- data/src/core/{lib/resolver → resolver}/resolver_factory.h +4 -4
- data/src/core/{lib/resolver → resolver}/resolver_registry.cc +1 -1
- data/src/core/{lib/resolver → resolver}/resolver_registry.h +5 -5
- data/src/core/{lib/resolver → resolver}/server_address.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/sockaddr/sockaddr_resolver.cc +3 -3
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.cc +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_dependency_manager.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver.cc +11 -11
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_attributes.h +4 -4
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver → resolver}/xds/xds_resolver_trace.h +3 -3
- data/src/core/{lib/service_config → service_config}/service_config.h +4 -4
- data/src/core/{lib/service_config → service_config}/service_config_call_data.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_impl.cc +2 -2
- data/src/core/{lib/service_config → service_config}/service_config_impl.h +5 -5
- data/src/core/{lib/service_config → service_config}/service_config_parser.cc +1 -1
- data/src/core/{lib/service_config → service_config}/service_config_parser.h +3 -3
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/ruby/ext/grpc/extconf.rb +0 -1
- data/src/ruby/ext/grpc/rb_channel.c +11 -5
- data/src/ruby/ext/grpc/rb_event_thread.c +9 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/algorithm/algorithm.h +8 -103
- data/third_party/abseil-cpp/absl/algorithm/container.h +57 -71
- data/third_party/abseil-cpp/absl/base/attributes.h +51 -12
- data/third_party/abseil-cpp/absl/base/call_once.h +15 -9
- data/third_party/abseil-cpp/absl/base/casts.h +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +91 -24
- data/third_party/abseil-cpp/absl/base/internal/endian.h +13 -12
- data/third_party/abseil-cpp/absl/base/internal/identity.h +4 -2
- data/third_party/abseil-cpp/absl/base/internal/inline_variable.h +19 -18
- data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +1 -1
- data/third_party/abseil-cpp/absl/base/internal/nullability_impl.h +106 -0
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.cc +9 -11
- data/third_party/abseil-cpp/absl/base/internal/raw_logging.h +2 -0
- data/third_party/abseil-cpp/absl/base/internal/spinlock.h +17 -4
- data/third_party/abseil-cpp/absl/base/internal/sysinfo.cc +20 -0
- data/third_party/abseil-cpp/absl/base/internal/thread_identity.cc +10 -4
- data/third_party/abseil-cpp/absl/base/internal/unaligned_access.h +13 -6
- data/third_party/abseil-cpp/absl/base/log_severity.cc +1 -0
- data/third_party/abseil-cpp/absl/base/log_severity.h +23 -10
- data/third_party/abseil-cpp/absl/base/no_destructor.h +217 -0
- data/third_party/abseil-cpp/absl/base/nullability.h +224 -0
- data/third_party/abseil-cpp/absl/base/optimization.h +1 -0
- data/third_party/abseil-cpp/absl/base/options.h +27 -1
- data/third_party/abseil-cpp/absl/base/prefetch.h +25 -14
- data/third_party/abseil-cpp/absl/base/thread_annotations.h +0 -2
- data/third_party/abseil-cpp/absl/container/flat_hash_map.h +3 -3
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +1 -1
- data/third_party/abseil-cpp/absl/container/internal/common_policy_traits.h +4 -2
- data/third_party/abseil-cpp/absl/container/internal/container_memory.h +13 -9
- data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +2 -12
- data/third_party/abseil-cpp/absl/container/internal/inlined_vector.h +12 -1
- data/third_party/abseil-cpp/absl/container/internal/layout.h +6 -21
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_map.h +11 -2
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +148 -31
- data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +717 -278
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.cc +26 -2
- data/third_party/abseil-cpp/absl/crc/internal/cpu_detect.h +6 -0
- data/third_party/abseil-cpp/absl/crc/internal/crc32_x86_arm_combined_simd.h +34 -5
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy.h +6 -3
- data/third_party/abseil-cpp/absl/crc/internal/crc_memcpy_fallback.cc +4 -2
- data/third_party/abseil-cpp/absl/crc/internal/{crc_memcpy_x86_64.cc → crc_memcpy_x86_arm_combined.cc} +65 -47
- data/third_party/abseil-cpp/absl/crc/internal/crc_x86_arm_combined.cc +10 -2
- data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +4 -2
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +24 -0
- data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +35 -33
- data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +41 -17
- data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +108 -44
- data/third_party/abseil-cpp/absl/flags/declare.h +0 -5
- data/third_party/abseil-cpp/absl/flags/flag.h +1 -10
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +0 -5
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +10 -1
- data/third_party/abseil-cpp/absl/flags/reflection.cc +2 -1
- data/third_party/abseil-cpp/absl/functional/function_ref.h +8 -0
- data/third_party/abseil-cpp/absl/functional/internal/any_invocable.h +2 -2
- data/third_party/abseil-cpp/absl/hash/internal/hash.h +49 -2
- data/third_party/abseil-cpp/absl/numeric/bits.h +37 -18
- data/third_party/abseil-cpp/absl/random/distributions.h +1 -1
- data/third_party/abseil-cpp/absl/status/internal/status_internal.cc +248 -0
- data/third_party/abseil-cpp/absl/status/internal/status_internal.h +55 -14
- data/third_party/abseil-cpp/absl/status/internal/statusor_internal.h +53 -2
- data/third_party/abseil-cpp/absl/status/status.cc +36 -238
- data/third_party/abseil-cpp/absl/status/status.h +95 -53
- data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +1 -3
- data/third_party/abseil-cpp/absl/status/status_payload_printer.h +3 -2
- data/third_party/abseil-cpp/absl/status/statusor.cc +5 -2
- data/third_party/abseil-cpp/absl/status/statusor.h +43 -3
- data/third_party/abseil-cpp/absl/strings/ascii.cc +84 -12
- data/third_party/abseil-cpp/absl/strings/ascii.h +8 -6
- data/third_party/abseil-cpp/absl/strings/charconv.cc +19 -12
- data/third_party/abseil-cpp/absl/strings/charconv.h +6 -3
- data/third_party/abseil-cpp/absl/strings/charset.h +164 -0
- data/third_party/abseil-cpp/absl/strings/cord.cc +266 -69
- data/third_party/abseil-cpp/absl/strings/cord.h +138 -92
- data/third_party/abseil-cpp/absl/strings/cord_analysis.cc +19 -33
- data/third_party/abseil-cpp/absl/strings/cord_analysis.h +4 -3
- data/third_party/abseil-cpp/absl/strings/escaping.cc +5 -4
- data/third_party/abseil-cpp/absl/strings/has_absl_stringify.h +63 -0
- data/third_party/abseil-cpp/absl/strings/has_ostream_operator.h +42 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.cc +0 -6
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +19 -45
- data/third_party/abseil-cpp/absl/strings/internal/cordz_info.cc +23 -28
- data/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h +15 -26
- data/third_party/abseil-cpp/absl/strings/internal/memutil.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.cc +145 -8
- data/third_party/abseil-cpp/absl/strings/internal/str_format/arg.h +72 -24
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.cc +17 -1
- data/third_party/abseil-cpp/absl/strings/internal/str_format/bind.h +7 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/constexpr_parser.h +8 -3
- data/third_party/abseil-cpp/absl/strings/internal/str_format/extension.h +10 -4
- data/third_party/abseil-cpp/absl/strings/internal/str_format/parser.h +5 -4
- data/third_party/abseil-cpp/absl/strings/match.cc +3 -0
- data/third_party/abseil-cpp/absl/strings/numbers.cc +396 -153
- data/third_party/abseil-cpp/absl/strings/numbers.h +193 -35
- data/third_party/abseil-cpp/absl/strings/str_cat.cc +151 -21
- data/third_party/abseil-cpp/absl/strings/str_cat.h +127 -25
- data/third_party/abseil-cpp/absl/strings/str_format.h +30 -20
- data/third_party/abseil-cpp/absl/strings/str_join.h +16 -16
- data/third_party/abseil-cpp/absl/strings/str_replace.cc +12 -3
- data/third_party/abseil-cpp/absl/strings/str_replace.h +8 -5
- data/third_party/abseil-cpp/absl/strings/str_split.cc +8 -6
- data/third_party/abseil-cpp/absl/strings/str_split.h +18 -0
- data/third_party/abseil-cpp/absl/strings/string_view.cc +26 -5
- data/third_party/abseil-cpp/absl/strings/string_view.h +91 -26
- data/third_party/abseil-cpp/absl/strings/strip.h +5 -2
- data/third_party/abseil-cpp/absl/strings/substitute.cc +12 -4
- data/third_party/abseil-cpp/absl/strings/substitute.h +103 -91
- data/third_party/abseil-cpp/absl/synchronization/internal/pthread_waiter.h +2 -2
- data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +2 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/win32_waiter.h +4 -2
- data/third_party/abseil-cpp/absl/synchronization/mutex.cc +296 -332
- data/third_party/abseil-cpp/absl/synchronization/mutex.h +89 -34
- data/third_party/abseil-cpp/absl/time/civil_time.h +26 -0
- data/third_party/abseil-cpp/absl/time/clock.h +5 -1
- data/third_party/abseil-cpp/absl/time/duration.cc +3 -3
- data/third_party/abseil-cpp/absl/time/internal/cctz/include/cctz/civil_time_detail.h +2 -2
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_format.cc +1 -1
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc +9 -14
- data/third_party/abseil-cpp/absl/time/internal/cctz/src/tzfile.h +0 -8
- data/third_party/abseil-cpp/absl/types/bad_optional_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +18 -0
- data/third_party/abseil-cpp/absl/types/internal/variant.h +3 -3
- data/third_party/abseil-cpp/absl/types/optional.h +3 -2
- data/third_party/abseil-cpp/absl/types/span.h +9 -4
- data/third_party/abseil-cpp/absl/utility/utility.h +11 -93
- data/third_party/boringssl-with-bazel/err_data.c +278 -276
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +8 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +19 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +11 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +4 -13
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +1 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +27 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +1 -11
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +42 -12
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/unicode.c +9 -9
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +34 -1
- data/third_party/boringssl-with-bazel/src/crypto/chacha/internal.h +49 -3
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +30 -42
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +87 -96
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_intel.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +11 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/des/des.c +105 -31
- data/third_party/boringssl-with-bazel/src/crypto/des/internal.h +10 -81
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +2 -15
- data/third_party/boringssl-with-bazel/src/crypto/engine/engine.c +1 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +1 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +2 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/add.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +26 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +26 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +10 -41
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +49 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +26 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +27 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +1 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +8 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +11 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aesccm.c +43 -50
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +16 -9
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +7 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +51 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +17 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +5 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +6 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +153 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +87 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +39 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +32 -5
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +254 -54
- data/third_party/boringssl-with-bazel/src/crypto/keccak/internal.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/{kyber → keccak}/keccak.c +124 -49
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +8 -39
- data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +39 -29
- data/third_party/boringssl-with-bazel/src/crypto/lhash/lhash.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +17 -33
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +36 -16
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +9 -13
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/forkunsafe.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.c +101 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/address.h +50 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.c +133 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/fors.h +54 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/internal.h +79 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.c +150 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/merkle.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/params.h +71 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx.c +139 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.c +53 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/spx_util.h +44 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.c +136 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/thash.h +70 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.c +135 -0
- data/third_party/boringssl-with-bazel/src/crypto/spx/wots.h +45 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +4 -9
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +10 -22
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +12 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +14 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +23 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +225 -51
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akey.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_akeya.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_alt.c +5 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_bitst.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_conf.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_cpols.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_crld.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_enum.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_extku.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_genn.c +12 -12
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ia5.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_info.c +4 -6
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_lib.c +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ncons.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_ocsp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pcons.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_pmaps.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_prn.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_purp.c +92 -335
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_skey.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/v3_utl.c +20 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +35 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +44 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +107 -255
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +32 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +25 -152
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +330 -944
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +93 -215
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -129
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +46 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +0 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/asm_base.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +24 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +14 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/curve25519.h +2 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/des.h +0 -13
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +33 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +5 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/kyber.h +26 -18
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +13 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/obj.h +5 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +19 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/posix_time.h +45 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +5 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/sha.h +20 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +18 -20
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +76 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/target.h +31 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +3 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +2806 -941
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +38 -1025
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3_errors.h +124 -0
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +82 -9
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +42 -4
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +9 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +5 -1
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -1
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_adx.h +4 -2
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +21 -0
- data/third_party/cares/config_linux/ares_config.h +2 -38
- metadata +214 -179
- data/src/core/lib/iomgr/load_file.cc +0 -78
- data/src/core/lib/iomgr/load_file.h +0 -35
- data/third_party/abseil-cpp/absl/base/internal/prefetch.h +0 -137
- data/third_party/abseil-cpp/absl/base/internal/thread_annotations.h +0 -280
- data/third_party/abseil-cpp/absl/flags/flag.cc +0 -38
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +0 -116
- data/third_party/abseil-cpp/absl/strings/internal/char_map.h +0 -158
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.cc +0 -773
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring.h +0 -607
- data/third_party/abseil-cpp/absl/strings/internal/cord_rep_ring_reader.h +0 -118
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +0 -100
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +0 -111
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +0 -197
- /data/third_party/boringssl-with-bazel/src/crypto/{x509v3 → x509}/ext_dat.h +0 -0
|
@@ -54,8 +54,8 @@
|
|
|
54
54
|
* (eay@cryptsoft.com). This product includes software written by Tim
|
|
55
55
|
* Hudson (tjh@cryptsoft.com). */
|
|
56
56
|
|
|
57
|
-
#include <
|
|
58
|
-
|
|
57
|
+
#include <assert.h>
|
|
58
|
+
#include <limits.h>
|
|
59
59
|
#include <string.h>
|
|
60
60
|
|
|
61
61
|
#include <openssl/digest.h>
|
|
@@ -63,10 +63,9 @@
|
|
|
63
63
|
#include <openssl/mem.h>
|
|
64
64
|
#include <openssl/obj.h>
|
|
65
65
|
#include <openssl/thread.h>
|
|
66
|
-
#include <openssl/
|
|
66
|
+
#include <openssl/x509.h>
|
|
67
67
|
|
|
68
68
|
#include "../internal.h"
|
|
69
|
-
#include "../x509/internal.h"
|
|
70
69
|
#include "internal.h"
|
|
71
70
|
|
|
72
71
|
#define V1_ROOT (EXFLAG_V1 | EXFLAG_SS)
|
|
@@ -74,16 +73,14 @@
|
|
|
74
73
|
(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
|
|
75
74
|
#define xku_reject(x, usage) \
|
|
76
75
|
(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
|
|
77
|
-
#define ns_reject(x, usage) \
|
|
78
|
-
(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
|
|
79
76
|
|
|
77
|
+
static int check_ca(const X509 *x);
|
|
80
78
|
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
|
|
81
79
|
int ca);
|
|
82
80
|
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
|
|
83
81
|
int ca);
|
|
84
82
|
static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
|
|
85
83
|
int ca);
|
|
86
|
-
static int purpose_smime(const X509 *x, int ca);
|
|
87
84
|
static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
88
85
|
int ca);
|
|
89
86
|
static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
|
|
@@ -93,12 +90,8 @@ static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
|
93
90
|
static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
94
91
|
int ca);
|
|
95
92
|
static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
|
|
96
|
-
static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
|
|
97
|
-
|
|
98
|
-
static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
|
|
99
|
-
static void xptable_free(X509_PURPOSE *p);
|
|
100
93
|
|
|
101
|
-
static X509_PURPOSE xstandard[] = {
|
|
94
|
+
static const X509_PURPOSE xstandard[] = {
|
|
102
95
|
{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
|
|
103
96
|
check_purpose_ssl_client, (char *)"SSL client", (char *)"sslclient", NULL},
|
|
104
97
|
{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
|
|
@@ -115,39 +108,37 @@ static X509_PURPOSE xstandard[] = {
|
|
|
115
108
|
(char *)"CRL signing", (char *)"crlsign", NULL},
|
|
116
109
|
{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, (char *)"Any Purpose",
|
|
117
110
|
(char *)"any", NULL},
|
|
118
|
-
|
|
111
|
+
// |X509_PURPOSE_OCSP_HELPER| performs no actual checks. OpenSSL's OCSP
|
|
112
|
+
// implementation relied on the caller performing EKU and KU checks.
|
|
113
|
+
{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, no_check,
|
|
119
114
|
(char *)"OCSP helper", (char *)"ocsphelper", NULL},
|
|
120
115
|
{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
|
|
121
116
|
check_purpose_timestamp_sign, (char *)"Time Stamp signing",
|
|
122
117
|
(char *)"timestampsign", NULL},
|
|
123
118
|
};
|
|
124
119
|
|
|
125
|
-
#define X509_PURPOSE_COUNT (sizeof(xstandard) / sizeof(X509_PURPOSE))
|
|
126
|
-
|
|
127
|
-
static STACK_OF(X509_PURPOSE) *xptable = NULL;
|
|
128
|
-
|
|
129
|
-
static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) {
|
|
130
|
-
return (*a)->purpose - (*b)->purpose;
|
|
131
|
-
}
|
|
132
|
-
|
|
133
|
-
// As much as I'd like to make X509_check_purpose use a "const" X509* I
|
|
134
|
-
// really can't because it does recalculate hashes and do other non-const
|
|
135
|
-
// things.
|
|
136
120
|
int X509_check_purpose(X509 *x, int id, int ca) {
|
|
137
|
-
|
|
138
|
-
|
|
121
|
+
// This differs from OpenSSL, which uses -1 to indicate a fatal error and 0 to
|
|
122
|
+
// indicate an invalid certificate. BoringSSL uses 0 for both.
|
|
139
123
|
if (!x509v3_cache_extensions(x)) {
|
|
140
|
-
return
|
|
124
|
+
return 0;
|
|
141
125
|
}
|
|
142
126
|
|
|
143
127
|
if (id == -1) {
|
|
144
128
|
return 1;
|
|
145
129
|
}
|
|
146
|
-
idx = X509_PURPOSE_get_by_id(id);
|
|
130
|
+
int idx = X509_PURPOSE_get_by_id(id);
|
|
147
131
|
if (idx == -1) {
|
|
148
|
-
return
|
|
132
|
+
return 0;
|
|
133
|
+
}
|
|
134
|
+
// Historically, |check_purpose| implementations other than |X509_PURPOSE_ANY|
|
|
135
|
+
// called |check_ca|. This is redundant with the |X509_V_ERR_INVALID_CA|
|
|
136
|
+
// logic, but |X509_check_purpose| is public API, so we preserve this
|
|
137
|
+
// behavior.
|
|
138
|
+
if (ca && id != X509_PURPOSE_ANY && !check_ca(x)) {
|
|
139
|
+
return 0;
|
|
149
140
|
}
|
|
150
|
-
pt = X509_PURPOSE_get0(idx);
|
|
141
|
+
const X509_PURPOSE *pt = X509_PURPOSE_get0(idx);
|
|
151
142
|
return pt->check_purpose(pt, x, ca);
|
|
152
143
|
}
|
|
153
144
|
|
|
@@ -160,25 +151,17 @@ int X509_PURPOSE_set(int *p, int purpose) {
|
|
|
160
151
|
return 1;
|
|
161
152
|
}
|
|
162
153
|
|
|
163
|
-
int X509_PURPOSE_get_count(void) {
|
|
164
|
-
if (!xptable) {
|
|
165
|
-
return X509_PURPOSE_COUNT;
|
|
166
|
-
}
|
|
167
|
-
return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
|
|
168
|
-
}
|
|
154
|
+
int X509_PURPOSE_get_count(void) { return OPENSSL_ARRAY_SIZE(xstandard); }
|
|
169
155
|
|
|
170
|
-
X509_PURPOSE *X509_PURPOSE_get0(int idx) {
|
|
171
|
-
if (idx < 0) {
|
|
156
|
+
const X509_PURPOSE *X509_PURPOSE_get0(int idx) {
|
|
157
|
+
if (idx < 0 || (size_t)idx >= OPENSSL_ARRAY_SIZE(xstandard)) {
|
|
172
158
|
return NULL;
|
|
173
159
|
}
|
|
174
|
-
|
|
175
|
-
return xstandard + idx;
|
|
176
|
-
}
|
|
177
|
-
return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
|
|
160
|
+
return xstandard + idx;
|
|
178
161
|
}
|
|
179
162
|
|
|
180
163
|
int X509_PURPOSE_get_by_sname(const char *sname) {
|
|
181
|
-
X509_PURPOSE *xptmp;
|
|
164
|
+
const X509_PURPOSE *xptmp;
|
|
182
165
|
for (int i = 0; i < X509_PURPOSE_get_count(); i++) {
|
|
183
166
|
xptmp = X509_PURPOSE_get0(i);
|
|
184
167
|
if (!strcmp(xptmp->sname, sname)) {
|
|
@@ -189,118 +172,14 @@ int X509_PURPOSE_get_by_sname(const char *sname) {
|
|
|
189
172
|
}
|
|
190
173
|
|
|
191
174
|
int X509_PURPOSE_get_by_id(int purpose) {
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
}
|
|
198
|
-
tmp.purpose = purpose;
|
|
199
|
-
if (!xptable) {
|
|
200
|
-
return -1;
|
|
201
|
-
}
|
|
202
|
-
|
|
203
|
-
if (!sk_X509_PURPOSE_find(xptable, &idx, &tmp)) {
|
|
204
|
-
return -1;
|
|
205
|
-
}
|
|
206
|
-
return idx + X509_PURPOSE_COUNT;
|
|
207
|
-
}
|
|
208
|
-
|
|
209
|
-
int X509_PURPOSE_add(int id, int trust, int flags,
|
|
210
|
-
int (*ck)(const X509_PURPOSE *, const X509 *, int),
|
|
211
|
-
const char *name, const char *sname, void *arg) {
|
|
212
|
-
X509_PURPOSE *ptmp;
|
|
213
|
-
char *name_dup, *sname_dup;
|
|
214
|
-
|
|
215
|
-
// This is set according to what we change: application can't set it
|
|
216
|
-
flags &= ~X509_PURPOSE_DYNAMIC;
|
|
217
|
-
// This will always be set for application modified trust entries
|
|
218
|
-
flags |= X509_PURPOSE_DYNAMIC_NAME;
|
|
219
|
-
// Get existing entry if any
|
|
220
|
-
int idx = X509_PURPOSE_get_by_id(id);
|
|
221
|
-
// Need a new entry
|
|
222
|
-
if (idx == -1) {
|
|
223
|
-
if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
|
|
224
|
-
return 0;
|
|
225
|
-
}
|
|
226
|
-
ptmp->flags = X509_PURPOSE_DYNAMIC;
|
|
227
|
-
} else {
|
|
228
|
-
ptmp = X509_PURPOSE_get0(idx);
|
|
229
|
-
}
|
|
230
|
-
|
|
231
|
-
// Duplicate the supplied names.
|
|
232
|
-
name_dup = OPENSSL_strdup(name);
|
|
233
|
-
sname_dup = OPENSSL_strdup(sname);
|
|
234
|
-
if (name_dup == NULL || sname_dup == NULL) {
|
|
235
|
-
if (name_dup != NULL) {
|
|
236
|
-
OPENSSL_free(name_dup);
|
|
237
|
-
}
|
|
238
|
-
if (sname_dup != NULL) {
|
|
239
|
-
OPENSSL_free(sname_dup);
|
|
175
|
+
for (size_t i = 0; i <OPENSSL_ARRAY_SIZE(xstandard); i++) {
|
|
176
|
+
if (xstandard[i].purpose == purpose) {
|
|
177
|
+
static_assert(OPENSSL_ARRAY_SIZE(xstandard) <= INT_MAX,
|
|
178
|
+
"indices must fit in int");
|
|
179
|
+
return (int)i;
|
|
240
180
|
}
|
|
241
|
-
if (idx == -1) {
|
|
242
|
-
OPENSSL_free(ptmp);
|
|
243
|
-
}
|
|
244
|
-
return 0;
|
|
245
181
|
}
|
|
246
|
-
|
|
247
|
-
// OPENSSL_free existing name if dynamic
|
|
248
|
-
if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
|
|
249
|
-
OPENSSL_free(ptmp->name);
|
|
250
|
-
OPENSSL_free(ptmp->sname);
|
|
251
|
-
}
|
|
252
|
-
// dup supplied name
|
|
253
|
-
ptmp->name = name_dup;
|
|
254
|
-
ptmp->sname = sname_dup;
|
|
255
|
-
// Keep the dynamic flag of existing entry
|
|
256
|
-
ptmp->flags &= X509_PURPOSE_DYNAMIC;
|
|
257
|
-
// Set all other flags
|
|
258
|
-
ptmp->flags |= flags;
|
|
259
|
-
|
|
260
|
-
ptmp->purpose = id;
|
|
261
|
-
ptmp->trust = trust;
|
|
262
|
-
ptmp->check_purpose = ck;
|
|
263
|
-
ptmp->usr_data = arg;
|
|
264
|
-
|
|
265
|
-
// If its a new entry manage the dynamic table
|
|
266
|
-
if (idx == -1) {
|
|
267
|
-
// TODO(davidben): This should be locked. Alternatively, remove the dynamic
|
|
268
|
-
// registration mechanism entirely. The trouble is there no way to pass in
|
|
269
|
-
// the various parameters into an |X509_VERIFY_PARAM| directly. You can only
|
|
270
|
-
// register it in the global table and get an ID.
|
|
271
|
-
if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
|
|
272
|
-
xptable_free(ptmp);
|
|
273
|
-
return 0;
|
|
274
|
-
}
|
|
275
|
-
if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
|
|
276
|
-
xptable_free(ptmp);
|
|
277
|
-
return 0;
|
|
278
|
-
}
|
|
279
|
-
sk_X509_PURPOSE_sort(xptable);
|
|
280
|
-
}
|
|
281
|
-
return 1;
|
|
282
|
-
}
|
|
283
|
-
|
|
284
|
-
static void xptable_free(X509_PURPOSE *p) {
|
|
285
|
-
if (!p) {
|
|
286
|
-
return;
|
|
287
|
-
}
|
|
288
|
-
if (p->flags & X509_PURPOSE_DYNAMIC) {
|
|
289
|
-
if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
|
|
290
|
-
OPENSSL_free(p->name);
|
|
291
|
-
OPENSSL_free(p->sname);
|
|
292
|
-
}
|
|
293
|
-
OPENSSL_free(p);
|
|
294
|
-
}
|
|
295
|
-
}
|
|
296
|
-
|
|
297
|
-
void X509_PURPOSE_cleanup(void) {
|
|
298
|
-
unsigned int i;
|
|
299
|
-
sk_X509_PURPOSE_pop_free(xptable, xptable_free);
|
|
300
|
-
for (i = 0; i < X509_PURPOSE_COUNT; i++) {
|
|
301
|
-
xptable_free(xstandard + i);
|
|
302
|
-
}
|
|
303
|
-
xptable = NULL;
|
|
182
|
+
return -1;
|
|
304
183
|
}
|
|
305
184
|
|
|
306
185
|
int X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; }
|
|
@@ -311,63 +190,25 @@ char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; }
|
|
|
311
190
|
|
|
312
191
|
int X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; }
|
|
313
192
|
|
|
314
|
-
static int nid_cmp(const void *void_a, const void *void_b) {
|
|
315
|
-
const int *a = void_a, *b = void_b;
|
|
316
|
-
|
|
317
|
-
return *a - *b;
|
|
318
|
-
}
|
|
319
|
-
|
|
320
193
|
int X509_supported_extension(const X509_EXTENSION *ex) {
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
NID_basic_constraints, // 87
|
|
332
|
-
NID_certificate_policies, // 89
|
|
333
|
-
NID_ext_key_usage, // 126
|
|
334
|
-
NID_policy_constraints, // 401
|
|
335
|
-
NID_name_constraints, // 666
|
|
336
|
-
NID_policy_mappings, // 747
|
|
337
|
-
NID_inhibit_any_policy // 748
|
|
338
|
-
};
|
|
339
|
-
|
|
340
|
-
int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
|
|
341
|
-
|
|
342
|
-
if (ex_nid == NID_undef) {
|
|
343
|
-
return 0;
|
|
344
|
-
}
|
|
345
|
-
|
|
346
|
-
if (bsearch(&ex_nid, supported_nids, sizeof(supported_nids) / sizeof(int),
|
|
347
|
-
sizeof(int), nid_cmp) != NULL) {
|
|
348
|
-
return 1;
|
|
349
|
-
}
|
|
350
|
-
return 0;
|
|
194
|
+
int nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
|
|
195
|
+
return nid == NID_key_usage || //
|
|
196
|
+
nid == NID_subject_alt_name || //
|
|
197
|
+
nid == NID_basic_constraints || //
|
|
198
|
+
nid == NID_certificate_policies || //
|
|
199
|
+
nid == NID_ext_key_usage || //
|
|
200
|
+
nid == NID_policy_constraints || //
|
|
201
|
+
nid == NID_name_constraints || //
|
|
202
|
+
nid == NID_policy_mappings || //
|
|
203
|
+
nid == NID_inhibit_any_policy;
|
|
351
204
|
}
|
|
352
205
|
|
|
353
206
|
static int setup_dp(X509 *x, DIST_POINT *dp) {
|
|
354
|
-
X509_NAME *iname = NULL;
|
|
355
|
-
size_t i;
|
|
356
|
-
if (dp->reasons) {
|
|
357
|
-
if (dp->reasons->length > 0) {
|
|
358
|
-
dp->dp_reasons = dp->reasons->data[0];
|
|
359
|
-
}
|
|
360
|
-
if (dp->reasons->length > 1) {
|
|
361
|
-
dp->dp_reasons |= (dp->reasons->data[1] << 8);
|
|
362
|
-
}
|
|
363
|
-
dp->dp_reasons &= CRLDP_ALL_REASONS;
|
|
364
|
-
} else {
|
|
365
|
-
dp->dp_reasons = CRLDP_ALL_REASONS;
|
|
366
|
-
}
|
|
367
207
|
if (!dp->distpoint || (dp->distpoint->type != 1)) {
|
|
368
208
|
return 1;
|
|
369
209
|
}
|
|
370
|
-
|
|
210
|
+
X509_NAME *iname = NULL;
|
|
211
|
+
for (size_t i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
|
|
371
212
|
GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
|
|
372
213
|
if (gen->type == GEN_DIRNAME) {
|
|
373
214
|
iname = gen->d.directoryName;
|
|
@@ -398,7 +239,6 @@ static int setup_crldp(X509 *x) {
|
|
|
398
239
|
int x509v3_cache_extensions(X509 *x) {
|
|
399
240
|
BASIC_CONSTRAINTS *bs;
|
|
400
241
|
ASN1_BIT_STRING *usage;
|
|
401
|
-
ASN1_BIT_STRING *ns;
|
|
402
242
|
EXTENDED_KEY_USAGE *extusage;
|
|
403
243
|
size_t i;
|
|
404
244
|
int j;
|
|
@@ -512,17 +352,6 @@ int x509v3_cache_extensions(X509 *x) {
|
|
|
512
352
|
x->ex_flags |= EXFLAG_INVALID;
|
|
513
353
|
}
|
|
514
354
|
|
|
515
|
-
if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &j, NULL))) {
|
|
516
|
-
if (ns->length > 0) {
|
|
517
|
-
x->ex_nscert = ns->data[0];
|
|
518
|
-
} else {
|
|
519
|
-
x->ex_nscert = 0;
|
|
520
|
-
}
|
|
521
|
-
x->ex_flags |= EXFLAG_NSCERT;
|
|
522
|
-
ASN1_BIT_STRING_free(ns);
|
|
523
|
-
} else if (j != -1) {
|
|
524
|
-
x->ex_flags |= EXFLAG_INVALID;
|
|
525
|
-
}
|
|
526
355
|
x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &j, NULL);
|
|
527
356
|
if (x->skid == NULL && j != -1) {
|
|
528
357
|
x->ex_flags |= EXFLAG_INVALID;
|
|
@@ -536,7 +365,7 @@ int x509v3_cache_extensions(X509 *x) {
|
|
|
536
365
|
x->ex_flags |= EXFLAG_SI;
|
|
537
366
|
// If SKID matches AKID also indicate self signed
|
|
538
367
|
if (X509_check_akid(x, x->akid) == X509_V_OK &&
|
|
539
|
-
!ku_reject(x,
|
|
368
|
+
!ku_reject(x, X509v3_KU_KEY_CERT_SIGN)) {
|
|
540
369
|
x->ex_flags |= EXFLAG_SS;
|
|
541
370
|
}
|
|
542
371
|
}
|
|
@@ -554,9 +383,6 @@ int x509v3_cache_extensions(X509 *x) {
|
|
|
554
383
|
|
|
555
384
|
for (j = 0; j < X509_get_ext_count(x); j++) {
|
|
556
385
|
const X509_EXTENSION *ex = X509_get_ext(x, j);
|
|
557
|
-
if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == NID_freshest_crl) {
|
|
558
|
-
x->ex_flags |= EXFLAG_FRESHEST;
|
|
559
|
-
}
|
|
560
386
|
if (!X509_EXTENSION_get_critical(ex)) {
|
|
561
387
|
continue;
|
|
562
388
|
}
|
|
@@ -575,7 +401,7 @@ int x509v3_cache_extensions(X509 *x) {
|
|
|
575
401
|
// otherwise.
|
|
576
402
|
static int check_ca(const X509 *x) {
|
|
577
403
|
// keyUsage if present should allow cert signing
|
|
578
|
-
if (ku_reject(x,
|
|
404
|
+
if (ku_reject(x, X509v3_KU_KEY_CERT_SIGN)) {
|
|
579
405
|
return 0;
|
|
580
406
|
}
|
|
581
407
|
// Version 1 certificates are considered CAs and don't have extensions.
|
|
@@ -593,138 +419,68 @@ int X509_check_ca(X509 *x) {
|
|
|
593
419
|
return check_ca(x);
|
|
594
420
|
}
|
|
595
421
|
|
|
596
|
-
|
|
597
|
-
|
|
598
|
-
|
|
422
|
+
// check_purpose returns one if |x| is a valid part of a certificate path for
|
|
423
|
+
// extended key usage |required_xku| and at least one of key usages in
|
|
424
|
+
// |required_kus|. |ca| indicates whether |x| is a CA or end-entity certificate.
|
|
425
|
+
static int check_purpose(const X509 *x, int ca, int required_xku,
|
|
426
|
+
int required_kus) {
|
|
427
|
+
// Check extended key usage on the entire chain.
|
|
428
|
+
if (required_xku != 0 && xku_reject(x, required_xku)) {
|
|
599
429
|
return 0;
|
|
600
430
|
}
|
|
601
|
-
|
|
602
|
-
|
|
603
|
-
|
|
604
|
-
|
|
605
|
-
|
|
606
|
-
|
|
607
|
-
|
|
608
|
-
//
|
|
609
|
-
|
|
610
|
-
|
|
611
|
-
|
|
612
|
-
return
|
|
431
|
+
|
|
432
|
+
// Check key usages only on the end-entity certificate.
|
|
433
|
+
return ca || !ku_reject(x, required_kus);
|
|
434
|
+
}
|
|
435
|
+
|
|
436
|
+
static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
|
|
437
|
+
int ca) {
|
|
438
|
+
// We need to do digital signatures or key agreement.
|
|
439
|
+
//
|
|
440
|
+
// TODO(davidben): We do not implement any TLS client certificate modes based
|
|
441
|
+
// on key agreement.
|
|
442
|
+
return check_purpose(x, ca, XKU_SSL_CLIENT,
|
|
443
|
+
X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_AGREEMENT);
|
|
613
444
|
}
|
|
614
445
|
|
|
615
446
|
// Key usage needed for TLS/SSL server: digital signature, encipherment or
|
|
616
447
|
// key agreement. The ssl code can check this more thoroughly for individual
|
|
617
448
|
// key types.
|
|
618
|
-
#define
|
|
449
|
+
#define X509v3_KU_TLS \
|
|
450
|
+
(X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_ENCIPHERMENT | \
|
|
451
|
+
X509v3_KU_KEY_AGREEMENT)
|
|
619
452
|
|
|
620
453
|
static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
|
|
621
454
|
int ca) {
|
|
622
|
-
|
|
623
|
-
return 0;
|
|
624
|
-
}
|
|
625
|
-
if (ca) {
|
|
626
|
-
return check_ca(x);
|
|
627
|
-
}
|
|
628
|
-
|
|
629
|
-
if (ns_reject(x, NS_SSL_SERVER)) {
|
|
630
|
-
return 0;
|
|
631
|
-
}
|
|
632
|
-
if (ku_reject(x, KU_TLS)) {
|
|
633
|
-
return 0;
|
|
634
|
-
}
|
|
635
|
-
|
|
636
|
-
return 1;
|
|
455
|
+
return check_purpose(x, ca, XKU_SSL_SERVER, X509v3_KU_TLS);
|
|
637
456
|
}
|
|
638
457
|
|
|
639
458
|
static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
|
|
640
459
|
int ca) {
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
if (!ret || ca) {
|
|
644
|
-
return ret;
|
|
645
|
-
}
|
|
646
|
-
// We need to encipher or Netscape complains
|
|
647
|
-
if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
|
|
648
|
-
return 0;
|
|
649
|
-
}
|
|
650
|
-
return ret;
|
|
651
|
-
}
|
|
652
|
-
|
|
653
|
-
// purpose_smime returns one if |x| is a valid S/MIME leaf (|ca| is zero) or CA
|
|
654
|
-
// (|ca| is one) certificate, and zero otherwise.
|
|
655
|
-
static int purpose_smime(const X509 *x, int ca) {
|
|
656
|
-
if (xku_reject(x, XKU_SMIME)) {
|
|
657
|
-
return 0;
|
|
658
|
-
}
|
|
659
|
-
if (ca) {
|
|
660
|
-
// check nsCertType if present
|
|
661
|
-
if ((x->ex_flags & EXFLAG_NSCERT) && (x->ex_nscert & NS_SMIME_CA) == 0) {
|
|
662
|
-
return 0;
|
|
663
|
-
}
|
|
664
|
-
|
|
665
|
-
return check_ca(x);
|
|
666
|
-
}
|
|
667
|
-
if (x->ex_flags & EXFLAG_NSCERT) {
|
|
668
|
-
return (x->ex_nscert & NS_SMIME) == NS_SMIME;
|
|
669
|
-
}
|
|
670
|
-
return 1;
|
|
460
|
+
// We need to encipher or Netscape complains.
|
|
461
|
+
return check_purpose(x, ca, XKU_SSL_SERVER, X509v3_KU_KEY_ENCIPHERMENT);
|
|
671
462
|
}
|
|
672
463
|
|
|
673
464
|
static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
674
465
|
int ca) {
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
if (!ret || ca) {
|
|
678
|
-
return ret;
|
|
679
|
-
}
|
|
680
|
-
if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION)) {
|
|
681
|
-
return 0;
|
|
682
|
-
}
|
|
683
|
-
return ret;
|
|
466
|
+
return check_purpose(x, ca, XKU_SMIME,
|
|
467
|
+
X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_NON_REPUDIATION);
|
|
684
468
|
}
|
|
685
469
|
|
|
686
470
|
static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
|
|
687
471
|
int ca) {
|
|
688
|
-
|
|
689
|
-
ret = purpose_smime(x, ca);
|
|
690
|
-
if (!ret || ca) {
|
|
691
|
-
return ret;
|
|
692
|
-
}
|
|
693
|
-
if (ku_reject(x, KU_KEY_ENCIPHERMENT)) {
|
|
694
|
-
return 0;
|
|
695
|
-
}
|
|
696
|
-
return ret;
|
|
472
|
+
return check_purpose(x, ca, XKU_SMIME, X509v3_KU_KEY_ENCIPHERMENT);
|
|
697
473
|
}
|
|
698
474
|
|
|
699
475
|
static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
700
476
|
int ca) {
|
|
701
|
-
|
|
702
|
-
return check_ca(x);
|
|
703
|
-
}
|
|
704
|
-
if (ku_reject(x, KU_CRL_SIGN)) {
|
|
705
|
-
return 0;
|
|
706
|
-
}
|
|
707
|
-
return 1;
|
|
708
|
-
}
|
|
709
|
-
|
|
710
|
-
// OCSP helper: this is *not* a full OCSP check. It just checks that each CA
|
|
711
|
-
// is valid. Additional checks must be made on the chain.
|
|
712
|
-
|
|
713
|
-
static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) {
|
|
714
|
-
if (ca) {
|
|
715
|
-
return check_ca(x);
|
|
716
|
-
}
|
|
717
|
-
// leaf certificate is checked in OCSP_verify()
|
|
718
|
-
return 1;
|
|
477
|
+
return check_purpose(x, ca, /*required_xku=*/0, X509v3_KU_CRL_SIGN);
|
|
719
478
|
}
|
|
720
479
|
|
|
721
480
|
static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
722
481
|
int ca) {
|
|
723
|
-
int i_ext;
|
|
724
|
-
|
|
725
|
-
// If ca is true we must return if this is a valid CA certificate.
|
|
726
482
|
if (ca) {
|
|
727
|
-
return
|
|
483
|
+
return 1;
|
|
728
484
|
}
|
|
729
485
|
|
|
730
486
|
// Check the optional key usage field:
|
|
@@ -732,20 +488,24 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
|
732
488
|
// and/or nonRepudiation (other values are not consistent and shall
|
|
733
489
|
// be rejected).
|
|
734
490
|
if ((x->ex_flags & EXFLAG_KUSAGE) &&
|
|
735
|
-
((x->ex_kusage &
|
|
736
|
-
|
|
491
|
+
((x->ex_kusage &
|
|
492
|
+
~(X509v3_KU_NON_REPUDIATION | X509v3_KU_DIGITAL_SIGNATURE)) ||
|
|
493
|
+
!(x->ex_kusage &
|
|
494
|
+
(X509v3_KU_NON_REPUDIATION | X509v3_KU_DIGITAL_SIGNATURE)))) {
|
|
737
495
|
return 0;
|
|
738
496
|
}
|
|
739
497
|
|
|
740
498
|
// Only time stamp key usage is permitted and it's required.
|
|
499
|
+
//
|
|
500
|
+
// TODO(davidben): Should we check EKUs up the chain like the other cases?
|
|
741
501
|
if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) {
|
|
742
502
|
return 0;
|
|
743
503
|
}
|
|
744
504
|
|
|
745
505
|
// Extended Key Usage MUST be critical
|
|
746
|
-
i_ext = X509_get_ext_by_NID(
|
|
506
|
+
int i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
|
|
747
507
|
if (i_ext >= 0) {
|
|
748
|
-
const X509_EXTENSION *ext = X509_get_ext(
|
|
508
|
+
const X509_EXTENSION *ext = X509_get_ext(x, i_ext);
|
|
749
509
|
if (!X509_EXTENSION_get_critical(ext)) {
|
|
750
510
|
return 0;
|
|
751
511
|
}
|
|
@@ -756,14 +516,6 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
|
|
|
756
516
|
|
|
757
517
|
static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; }
|
|
758
518
|
|
|
759
|
-
// Various checks to see if one certificate issued the second. This can be
|
|
760
|
-
// used to prune a set of possible issuer certificates which have been looked
|
|
761
|
-
// up using some simple method such as by subject name. These are: 1. Check
|
|
762
|
-
// issuer_name(subject) == subject_name(issuer) 2. If akid(subject) exists
|
|
763
|
-
// check it matches issuer 3. If key_usage(issuer) exists check it supports
|
|
764
|
-
// certificate signing returns 0 for OK, positive for reason for mismatch,
|
|
765
|
-
// reasons match codes for X509_verify_cert()
|
|
766
|
-
|
|
767
519
|
int X509_check_issued(X509 *issuer, X509 *subject) {
|
|
768
520
|
if (X509_NAME_cmp(X509_get_subject_name(issuer),
|
|
769
521
|
X509_get_issuer_name(subject))) {
|
|
@@ -780,13 +532,13 @@ int X509_check_issued(X509 *issuer, X509 *subject) {
|
|
|
780
532
|
}
|
|
781
533
|
}
|
|
782
534
|
|
|
783
|
-
if (ku_reject(issuer,
|
|
535
|
+
if (ku_reject(issuer, X509v3_KU_KEY_CERT_SIGN)) {
|
|
784
536
|
return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
|
|
785
537
|
}
|
|
786
538
|
return X509_V_OK;
|
|
787
539
|
}
|
|
788
540
|
|
|
789
|
-
int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) {
|
|
541
|
+
int X509_check_akid(X509 *issuer, const AUTHORITY_KEYID *akid) {
|
|
790
542
|
if (!akid) {
|
|
791
543
|
return X509_V_OK;
|
|
792
544
|
}
|
|
@@ -839,6 +591,9 @@ uint32_t X509_get_key_usage(X509 *x) {
|
|
|
839
591
|
if (x->ex_flags & EXFLAG_KUSAGE) {
|
|
840
592
|
return x->ex_kusage;
|
|
841
593
|
}
|
|
594
|
+
// If there is no extension, key usage is unconstrained, so set all bits to
|
|
595
|
+
// one. Note that, although we use |UINT32_MAX|, |ex_kusage| only contains the
|
|
596
|
+
// first 16 bits when the extension is present.
|
|
842
597
|
return UINT32_MAX;
|
|
843
598
|
}
|
|
844
599
|
|
|
@@ -849,6 +604,8 @@ uint32_t X509_get_extended_key_usage(X509 *x) {
|
|
|
849
604
|
if (x->ex_flags & EXFLAG_XKUSAGE) {
|
|
850
605
|
return x->ex_xkusage;
|
|
851
606
|
}
|
|
607
|
+
// If there is no extension, extended key usage is unconstrained, so set all
|
|
608
|
+
// bits to one.
|
|
852
609
|
return UINT32_MAX;
|
|
853
610
|
}
|
|
854
611
|
|