grpc 1.12.0 → 1.13.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +314 -23
- data/include/grpc/impl/codegen/fork.h +4 -4
- data/include/grpc/impl/codegen/grpc_types.h +1 -1
- data/include/grpc/impl/codegen/port_platform.h +3 -0
- data/src/boringssl/err_data.c +256 -246
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel.cc +367 -272
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +11 -9
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +42 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h +36 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +36 -102
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.h +37 -32
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.cc +22 -19
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/load_balancer_api.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver.h +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +3 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +0 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/subchannel.cc +3 -3
- data/src/core/ext/filters/http/client_authority_filter.cc +5 -4
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +4 -4
- data/src/core/ext/filters/http/server/http_server_filter.cc +123 -131
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +9 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -19
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +10 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +4 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +14 -12
- data/src/core/ext/transport/chttp2/transport/writing.cc +6 -6
- data/src/core/lib/channel/channel_stack.cc +0 -5
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channel_stack_builder.cc +0 -3
- data/src/core/lib/channel/channel_stack_builder.h +0 -2
- data/src/core/lib/channel/channel_trace.cc +3 -3
- data/src/core/lib/channel/channelz_registry.cc +77 -0
- data/src/core/lib/channel/channelz_registry.h +99 -0
- data/src/core/lib/channel/handshaker.cc +20 -1
- data/src/core/lib/debug/stats.h +7 -0
- data/src/core/lib/debug/stats_data.cc +5 -0
- data/src/core/lib/debug/stats_data.h +120 -0
- data/src/core/lib/debug/trace.h +11 -9
- data/src/core/lib/gprpp/fork.cc +260 -0
- data/src/core/lib/gprpp/fork.h +79 -0
- data/src/core/lib/gprpp/memory.h +12 -0
- data/src/core/lib/gprpp/orphanable.h +2 -6
- data/src/core/lib/gprpp/ref_counted.h +2 -6
- data/src/core/lib/gprpp/thd.h +0 -3
- data/src/core/lib/gprpp/thd_posix.cc +4 -53
- data/src/core/lib/gprpp/thd_windows.cc +0 -7
- data/src/core/lib/http/httpcli_security_connector.cc +1 -3
- data/src/core/lib/iomgr/combiner.cc +19 -2
- data/src/core/lib/iomgr/combiner.h +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +2 -2
- data/src/core/lib/iomgr/ev_epollex_linux.cc +59 -3
- data/src/core/lib/iomgr/ev_epollsig_linux.cc +1 -1
- data/src/core/lib/iomgr/ev_poll_posix.cc +2 -2
- data/src/core/lib/iomgr/ev_posix.cc +11 -4
- data/src/core/lib/iomgr/ev_posix.h +6 -0
- data/src/core/lib/iomgr/exec_ctx.cc +9 -9
- data/src/core/lib/iomgr/exec_ctx.h +39 -20
- data/src/core/lib/iomgr/fork_posix.cc +30 -18
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/polling_entity.cc +11 -2
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/port.h +38 -1
- data/src/core/lib/iomgr/resolve_address.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +1 -1
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_posix.h +1 -1
- data/src/core/lib/iomgr/socket_factory_posix.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_client_custom.cc +3 -3
- data/src/core/lib/iomgr/tcp_client_posix.cc +3 -2
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +18 -10
- data/src/core/lib/iomgr/tcp_server_posix.cc +9 -8
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +16 -4
- data/src/core/lib/iomgr/timer.h +1 -1
- data/src/core/lib/iomgr/timer_generic.cc +113 -41
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +88 -115
- data/src/core/lib/security/credentials/google_default/google_default_credentials.h +16 -0
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -6
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/security_connector/alts_security_connector.cc +2 -1
- data/src/core/lib/security/security_connector/security_connector.cc +7 -7
- data/src/core/lib/security/transport/security_handshaker.cc +1 -0
- data/src/core/lib/security/util/json_util.cc +4 -0
- data/src/core/lib/slice/slice_buffer.cc +15 -3
- data/src/core/lib/surface/call.cc +31 -17
- data/src/core/lib/surface/call.h +5 -0
- data/src/core/lib/surface/channel.cc +2 -5
- data/src/core/lib/surface/completion_queue.cc +1 -3
- data/src/core/lib/surface/completion_queue.h +0 -1
- data/src/core/lib/surface/init.cc +7 -8
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/byte_stream.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -1
- data/src/core/lib/transport/transport.h +4 -8
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +19 -7
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +10 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +28 -2
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker_private.h +3 -0
- data/src/core/tsi/fake_transport_security.cc +1 -0
- data/src/core/tsi/ssl_transport_security.cc +238 -110
- data/src/core/tsi/transport_security.cc +14 -0
- data/src/core/tsi/transport_security.h +2 -0
- data/src/core/tsi/transport_security_interface.h +11 -1
- data/src/ruby/bin/math_client.rb +17 -9
- data/src/ruby/lib/grpc/generic/rpc_server.rb +2 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +4 -1
- data/third_party/boringssl/crypto/asn1/a_int.c +33 -28
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +24 -22
- data/third_party/boringssl/crypto/asn1/a_utf8.c +13 -11
- data/third_party/boringssl/crypto/asn1/asn1_locl.h +3 -0
- data/third_party/boringssl/crypto/bio/fd.c +1 -0
- data/third_party/boringssl/crypto/bio/file.c +2 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +6 -5
- data/third_party/boringssl/crypto/bytestring/ber.c +1 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +116 -16
- data/third_party/boringssl/crypto/bytestring/cbs.c +150 -20
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +171 -0
- data/third_party/boringssl/crypto/cipher_extra/e_rc2.c +2 -0
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +1 -2
- data/third_party/boringssl/crypto/cpu-aarch64-fuchsia.c +55 -0
- data/third_party/boringssl/crypto/cpu-aarch64-linux.c +2 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +16 -54
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +11 -542
- data/third_party/boringssl/crypto/fipsmodule/bn/add.c +33 -64
- data/third_party/boringssl/crypto/fipsmodule/bn/asm/x86_64-gcc.c +4 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +122 -70
- data/third_party/boringssl/crypto/fipsmodule/bn/bytes.c +32 -71
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +58 -112
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +198 -122
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +31 -65
- data/third_party/boringssl/crypto/fipsmodule/bn/generic.c +2 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +98 -15
- data/third_party/boringssl/crypto/fipsmodule/bn/jacobi.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +124 -81
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +8 -30
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +303 -347
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +2 -3
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +3 -4
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +199 -222
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +27 -47
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +45 -28
- data/third_party/boringssl/crypto/fipsmodule/bn/sqrt.c +1 -1
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +10 -10
- data/third_party/boringssl/crypto/fipsmodule/des/internal.h +2 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +78 -47
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +35 -54
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +3 -10
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +36 -22
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +59 -90
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +29 -48
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +17 -26
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +15 -11
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +45 -51
- data/third_party/boringssl/crypto/fipsmodule/ec/{util-64.c → util.c} +0 -5
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +144 -264
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +78 -56
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +256 -0
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +36 -32
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +9 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +16 -10
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +255 -102
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +581 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/internal.h +39 -0
- data/third_party/boringssl/crypto/fipsmodule/tls/kdf.c +165 -0
- data/third_party/boringssl/crypto/internal.h +65 -2
- data/third_party/boringssl/crypto/mem.c +0 -2
- data/third_party/boringssl/crypto/obj/obj.c +6 -73
- data/third_party/boringssl/crypto/thread_pthread.c +35 -5
- data/third_party/boringssl/crypto/x509/a_strex.c +11 -11
- data/third_party/boringssl/crypto/x509/x_name.c +13 -0
- data/third_party/boringssl/include/openssl/aead.h +4 -0
- data/third_party/boringssl/include/openssl/asn1.h +1 -3
- data/third_party/boringssl/include/openssl/base.h +1 -14
- data/third_party/boringssl/include/openssl/bio.h +1 -1
- data/third_party/boringssl/include/openssl/bn.h +49 -15
- data/third_party/boringssl/include/openssl/bytestring.h +49 -24
- data/third_party/boringssl/include/openssl/crypto.h +4 -0
- data/third_party/boringssl/include/openssl/ec_key.h +7 -3
- data/third_party/boringssl/include/openssl/err.h +9 -9
- data/third_party/boringssl/include/openssl/evp.h +1 -1
- data/third_party/boringssl/include/openssl/rsa.h +34 -10
- data/third_party/boringssl/include/openssl/ssl.h +160 -17
- data/third_party/boringssl/include/openssl/stack.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +10 -2
- data/third_party/boringssl/include/openssl/x509.h +3 -0
- data/third_party/boringssl/ssl/d1_both.cc +16 -2
- data/third_party/boringssl/ssl/dtls_method.cc +1 -1
- data/third_party/boringssl/ssl/handoff.cc +285 -0
- data/third_party/boringssl/ssl/handshake.cc +26 -12
- data/third_party/boringssl/ssl/handshake_client.cc +65 -31
- data/third_party/boringssl/ssl/handshake_server.cc +14 -2
- data/third_party/boringssl/ssl/internal.h +132 -79
- data/third_party/boringssl/ssl/s3_both.cc +2 -2
- data/third_party/boringssl/ssl/s3_lib.cc +3 -1
- data/third_party/boringssl/ssl/s3_pkt.cc +0 -18
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +1 -4
- data/third_party/boringssl/ssl/ssl_asn1.cc +47 -43
- data/third_party/boringssl/ssl/ssl_cipher.cc +8 -8
- data/third_party/boringssl/ssl/ssl_key_share.cc +3 -1
- data/third_party/boringssl/ssl/ssl_lib.cc +83 -14
- data/third_party/boringssl/ssl/ssl_privkey.cc +6 -0
- data/third_party/boringssl/ssl/ssl_stat.cc +6 -6
- data/third_party/boringssl/ssl/ssl_versions.cc +12 -85
- data/third_party/boringssl/ssl/ssl_x509.cc +59 -61
- data/third_party/boringssl/ssl/t1_enc.cc +73 -124
- data/third_party/boringssl/ssl/t1_lib.cc +367 -41
- data/third_party/boringssl/ssl/tls13_both.cc +8 -0
- data/third_party/boringssl/ssl/tls13_client.cc +98 -184
- data/third_party/boringssl/ssl/tls13_enc.cc +88 -158
- data/third_party/boringssl/ssl/tls13_server.cc +91 -137
- data/third_party/boringssl/ssl/tls_method.cc +0 -17
- data/third_party/boringssl/ssl/tls_record.cc +1 -10
- data/third_party/boringssl/third_party/fiat/curve25519.c +921 -2753
- data/third_party/boringssl/third_party/fiat/curve25519_tables.h +7880 -0
- data/third_party/boringssl/third_party/fiat/internal.h +32 -20
- data/third_party/boringssl/third_party/fiat/p256.c +1824 -0
- metadata +64 -64
- data/src/core/lib/channel/channel_trace_registry.cc +0 -80
- data/src/core/lib/channel/channel_trace_registry.h +0 -43
- data/src/core/lib/gpr/fork.cc +0 -78
- data/src/core/lib/gpr/fork.h +0 -35
- data/src/core/tsi/transport_security_adapter.cc +0 -235
- data/src/core/tsi/transport_security_adapter.h +0 -41
- data/src/ruby/bin/apis/google/protobuf/empty.rb +0 -29
- data/src/ruby/bin/apis/pubsub_demo.rb +0 -241
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub.rb +0 -159
- data/src/ruby/bin/apis/tech/pubsub/proto/pubsub_services.rb +0 -88
- data/src/ruby/pb/test/client.rb +0 -764
- data/src/ruby/pb/test/server.rb +0 -252
- data/third_party/boringssl/crypto/curve25519/x25519-x86_64.c +0 -247
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-64.c +0 -1674
@@ -77,8 +77,9 @@ int BN_bn2cbb_padded(CBB *out, size_t len, const BIGNUM *in) {
|
|
77
77
|
static const char hextable[] = "0123456789abcdef";
|
78
78
|
|
79
79
|
char *BN_bn2hex(const BIGNUM *bn) {
|
80
|
+
int width = bn_minimal_width(bn);
|
80
81
|
char *buf = OPENSSL_malloc(1 /* leading '-' */ + 1 /* zero is non-empty */ +
|
81
|
-
|
82
|
+
width * BN_BYTES * 2 + 1 /* trailing NUL */);
|
82
83
|
if (buf == NULL) {
|
83
84
|
OPENSSL_PUT_ERROR(BN, ERR_R_MALLOC_FAILURE);
|
84
85
|
return NULL;
|
@@ -94,7 +95,7 @@ char *BN_bn2hex(const BIGNUM *bn) {
|
|
94
95
|
}
|
95
96
|
|
96
97
|
int z = 0;
|
97
|
-
for (int i =
|
98
|
+
for (int i = width - 1; i >= 0; i--) {
|
98
99
|
for (int j = BN_BITS2 - 8; j >= 0; j -= 8) {
|
99
100
|
// strip leading zeros
|
100
101
|
int v = ((int)(bn->d[i] >> (long)j)) & 0xff;
|
@@ -153,7 +154,7 @@ static int decode_hex(BIGNUM *bn, const char *in, int in_len) {
|
|
153
154
|
in_len -= todo;
|
154
155
|
}
|
155
156
|
assert(i <= bn->dmax);
|
156
|
-
bn->
|
157
|
+
bn->width = i;
|
157
158
|
return 1;
|
158
159
|
}
|
159
160
|
|
@@ -222,7 +223,7 @@ static int bn_x2bn(BIGNUM **outp, const char *in, decode_func decode, char_test_
|
|
222
223
|
goto err;
|
223
224
|
}
|
224
225
|
|
225
|
-
|
226
|
+
bn_set_minimal_width(ret);
|
226
227
|
if (!BN_is_zero(ret)) {
|
227
228
|
ret->neg = neg;
|
228
229
|
}
|
@@ -347,7 +348,7 @@ int BN_print(BIO *bp, const BIGNUM *a) {
|
|
347
348
|
goto end;
|
348
349
|
}
|
349
350
|
|
350
|
-
for (i = a
|
351
|
+
for (i = bn_minimal_width(a) - 1; i >= 0; i--) {
|
351
352
|
for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
|
352
353
|
// strip leading zeros
|
353
354
|
v = ((int)(a->d[i] >> (long)j)) & 0x0f;
|
@@ -29,10 +29,7 @@ static const unsigned kMaxDepth = 2048;
|
|
29
29
|
// is_string_type returns one if |tag| is a string type and zero otherwise. It
|
30
30
|
// ignores the constructed bit.
|
31
31
|
static int is_string_type(unsigned tag) {
|
32
|
-
|
33
|
-
return 0;
|
34
|
-
}
|
35
|
-
switch (tag & 0x1f) {
|
32
|
+
switch (tag & ~CBS_ASN1_CONSTRUCTED) {
|
36
33
|
case CBS_ASN1_BITSTRING:
|
37
34
|
case CBS_ASN1_OCTETSTRING:
|
38
35
|
case CBS_ASN1_UTF8STRING:
|
@@ -18,6 +18,7 @@
|
|
18
18
|
#include <limits.h>
|
19
19
|
#include <string.h>
|
20
20
|
|
21
|
+
#include <openssl/buf.h>
|
21
22
|
#include <openssl/mem.h>
|
22
23
|
|
23
24
|
#include "../internal.h"
|
@@ -332,9 +333,9 @@ int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) {
|
|
332
333
|
// add_base128_integer encodes |v| as a big-endian base-128 integer where the
|
333
334
|
// high bit of each byte indicates where there is more data. This is the
|
334
335
|
// encoding used in DER for both high tag number form and OID components.
|
335
|
-
static int add_base128_integer(CBB *cbb,
|
336
|
+
static int add_base128_integer(CBB *cbb, uint64_t v) {
|
336
337
|
unsigned len_len = 0;
|
337
|
-
|
338
|
+
uint64_t copy = v;
|
338
339
|
while (copy > 0) {
|
339
340
|
len_len++;
|
340
341
|
copy >>= 7;
|
@@ -356,17 +357,20 @@ static int add_base128_integer(CBB *cbb, uint32_t v) {
|
|
356
357
|
}
|
357
358
|
|
358
359
|
int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) {
|
359
|
-
if (
|
360
|
-
(tag & 0x1f) == 0x1f) {
|
361
|
-
// Long form identifier octets are not supported. Further, all current valid
|
362
|
-
// tag serializations are 8 bits.
|
363
|
-
cbb->base->error = 1;
|
360
|
+
if (!CBB_flush(cbb)) {
|
364
361
|
return 0;
|
365
362
|
}
|
366
363
|
|
367
|
-
|
368
|
-
|
369
|
-
|
364
|
+
// Split the tag into leading bits and tag number.
|
365
|
+
uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0;
|
366
|
+
unsigned tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;
|
367
|
+
if (tag_number >= 0x1f) {
|
368
|
+
// Set all the bits in the tag number to signal high tag number form.
|
369
|
+
if (!CBB_add_u8(cbb, tag_bits | 0x1f) ||
|
370
|
+
!add_base128_integer(cbb, tag_number)) {
|
371
|
+
return 0;
|
372
|
+
}
|
373
|
+
} else if (!CBB_add_u8(cbb, tag_bits | tag_number)) {
|
370
374
|
return 0;
|
371
375
|
}
|
372
376
|
|
@@ -501,11 +505,33 @@ int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
|
|
501
505
|
return CBB_flush(cbb);
|
502
506
|
}
|
503
507
|
|
508
|
+
int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
|
509
|
+
CBB child;
|
510
|
+
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
|
511
|
+
!CBB_add_bytes(&child, data, data_len) ||
|
512
|
+
!CBB_flush(cbb)) {
|
513
|
+
return 0;
|
514
|
+
}
|
515
|
+
|
516
|
+
return 1;
|
517
|
+
}
|
518
|
+
|
519
|
+
int CBB_add_asn1_bool(CBB *cbb, int value) {
|
520
|
+
CBB child;
|
521
|
+
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) ||
|
522
|
+
!CBB_add_u8(&child, value != 0 ? 0xff : 0) ||
|
523
|
+
!CBB_flush(cbb)) {
|
524
|
+
return 0;
|
525
|
+
}
|
526
|
+
|
527
|
+
return 1;
|
528
|
+
}
|
529
|
+
|
504
530
|
// parse_dotted_decimal parses one decimal component from |cbs|, where |cbs| is
|
505
531
|
// an OID literal, e.g., "1.2.840.113554.4.1.72585". It consumes both the
|
506
532
|
// component and the dot, so |cbs| may be passed into the function again for the
|
507
533
|
// next value.
|
508
|
-
static int parse_dotted_decimal(CBS *cbs,
|
534
|
+
static int parse_dotted_decimal(CBS *cbs, uint64_t *out) {
|
509
535
|
*out = 0;
|
510
536
|
int seen_digit = 0;
|
511
537
|
for (;;) {
|
@@ -521,8 +547,8 @@ static int parse_dotted_decimal(CBS *cbs, uint32_t *out) {
|
|
521
547
|
// Forbid stray leading zeros.
|
522
548
|
(seen_digit && *out == 0) ||
|
523
549
|
// Check for overflow.
|
524
|
-
*out >
|
525
|
-
*out * 10 >
|
550
|
+
*out > UINT64_MAX / 10 ||
|
551
|
+
*out * 10 > UINT64_MAX - (u - '0')) {
|
526
552
|
return 0;
|
527
553
|
}
|
528
554
|
*out = *out * 10 + (u - '0');
|
@@ -541,7 +567,7 @@ int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
|
|
541
567
|
CBS_init(&cbs, (const uint8_t *)text, len);
|
542
568
|
|
543
569
|
// OIDs must have at least two components.
|
544
|
-
|
570
|
+
uint64_t a, b;
|
545
571
|
if (!parse_dotted_decimal(&cbs, &a) ||
|
546
572
|
!parse_dotted_decimal(&cbs, &b)) {
|
547
573
|
return 0;
|
@@ -551,8 +577,8 @@ int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
|
|
551
577
|
// 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39.
|
552
578
|
if (a > 2 ||
|
553
579
|
(a < 2 && b > 39) ||
|
554
|
-
b >
|
555
|
-
!add_base128_integer(cbb,
|
580
|
+
b > UINT64_MAX - 80 ||
|
581
|
+
!add_base128_integer(cbb, 40u * a + b)) {
|
556
582
|
return 0;
|
557
583
|
}
|
558
584
|
|
@@ -566,3 +592,77 @@ int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
|
|
566
592
|
|
567
593
|
return 1;
|
568
594
|
}
|
595
|
+
|
596
|
+
static int compare_set_of_element(const void *a_ptr, const void *b_ptr) {
|
597
|
+
// See X.690, section 11.6 for the ordering. They are sorted in ascending
|
598
|
+
// order by their DER encoding.
|
599
|
+
const CBS *a = a_ptr, *b = b_ptr;
|
600
|
+
size_t a_len = CBS_len(a), b_len = CBS_len(b);
|
601
|
+
size_t min_len = a_len < b_len ? a_len : b_len;
|
602
|
+
int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len);
|
603
|
+
if (ret != 0) {
|
604
|
+
return ret;
|
605
|
+
}
|
606
|
+
if (a_len == b_len) {
|
607
|
+
return 0;
|
608
|
+
}
|
609
|
+
// If one is a prefix of the other, the shorter one sorts first. (This is not
|
610
|
+
// actually reachable. No DER encoding is a prefix of another DER encoding.)
|
611
|
+
return a_len < b_len ? -1 : 1;
|
612
|
+
}
|
613
|
+
|
614
|
+
int CBB_flush_asn1_set_of(CBB *cbb) {
|
615
|
+
if (!CBB_flush(cbb)) {
|
616
|
+
return 0;
|
617
|
+
}
|
618
|
+
|
619
|
+
CBS cbs;
|
620
|
+
size_t num_children = 0;
|
621
|
+
CBS_init(&cbs, CBB_data(cbb), CBB_len(cbb));
|
622
|
+
while (CBS_len(&cbs) != 0) {
|
623
|
+
if (!CBS_get_any_asn1_element(&cbs, NULL, NULL, NULL)) {
|
624
|
+
return 0;
|
625
|
+
}
|
626
|
+
num_children++;
|
627
|
+
}
|
628
|
+
|
629
|
+
if (num_children < 2) {
|
630
|
+
return 1; // Nothing to do. This is the common case for X.509.
|
631
|
+
}
|
632
|
+
if (num_children > ((size_t)-1) / sizeof(CBS)) {
|
633
|
+
return 0; // Overflow.
|
634
|
+
}
|
635
|
+
|
636
|
+
// Parse out the children and sort. We alias them into a copy of so they
|
637
|
+
// remain valid as we rewrite |cbb|.
|
638
|
+
int ret = 0;
|
639
|
+
size_t buf_len = CBB_len(cbb);
|
640
|
+
uint8_t *buf = BUF_memdup(CBB_data(cbb), buf_len);
|
641
|
+
CBS *children = OPENSSL_malloc(num_children * sizeof(CBS));
|
642
|
+
if (buf == NULL || children == NULL) {
|
643
|
+
goto err;
|
644
|
+
}
|
645
|
+
CBS_init(&cbs, buf, buf_len);
|
646
|
+
for (size_t i = 0; i < num_children; i++) {
|
647
|
+
if (!CBS_get_any_asn1_element(&cbs, &children[i], NULL, NULL)) {
|
648
|
+
goto err;
|
649
|
+
}
|
650
|
+
}
|
651
|
+
qsort(children, num_children, sizeof(CBS), compare_set_of_element);
|
652
|
+
|
653
|
+
// Rewind |cbb| and write the contents back in the new order.
|
654
|
+
cbb->base->len = cbb->offset + cbb->pending_len_len;
|
655
|
+
for (size_t i = 0; i < num_children; i++) {
|
656
|
+
if (!CBB_add_bytes(cbb, CBS_data(&children[i]), CBS_len(&children[i]))) {
|
657
|
+
goto err;
|
658
|
+
}
|
659
|
+
}
|
660
|
+
assert(CBB_len(cbb) == buf_len);
|
661
|
+
|
662
|
+
ret = 1;
|
663
|
+
|
664
|
+
err:
|
665
|
+
OPENSSL_free(buf);
|
666
|
+
OPENSSL_free(children);
|
667
|
+
return ret;
|
668
|
+
}
|
@@ -12,11 +12,16 @@
|
|
12
12
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
13
13
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
14
14
|
|
15
|
+
#if !defined(__STDC_FORMAT_MACROS)
|
16
|
+
#define __STDC_FORMAT_MACROS
|
17
|
+
#endif
|
18
|
+
|
15
19
|
#include <openssl/buf.h>
|
16
20
|
#include <openssl/mem.h>
|
17
21
|
#include <openssl/bytestring.h>
|
18
22
|
|
19
23
|
#include <assert.h>
|
24
|
+
#include <inttypes.h>
|
20
25
|
#include <string.h>
|
21
26
|
|
22
27
|
#include "internal.h"
|
@@ -175,18 +180,36 @@ int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) {
|
|
175
180
|
return cbs_get_length_prefixed(cbs, out, 3);
|
176
181
|
}
|
177
182
|
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
+
// parse_base128_integer reads a big-endian base-128 integer from |cbs| and sets
|
184
|
+
// |*out| to the result. This is the encoding used in DER for both high tag
|
185
|
+
// number form and OID components.
|
186
|
+
static int parse_base128_integer(CBS *cbs, uint64_t *out) {
|
187
|
+
uint64_t v = 0;
|
188
|
+
uint8_t b;
|
189
|
+
do {
|
190
|
+
if (!CBS_get_u8(cbs, &b)) {
|
191
|
+
return 0;
|
192
|
+
}
|
193
|
+
if ((v >> (64 - 7)) != 0) {
|
194
|
+
// The value is too large.
|
195
|
+
return 0;
|
196
|
+
}
|
197
|
+
if (v == 0 && b == 0x80) {
|
198
|
+
// The value must be minimally encoded.
|
199
|
+
return 0;
|
200
|
+
}
|
201
|
+
v = (v << 7) | (b & 0x7f);
|
183
202
|
|
184
|
-
|
185
|
-
|
186
|
-
|
203
|
+
// Values end at an octet with the high bit cleared.
|
204
|
+
} while (b & 0x80);
|
205
|
+
|
206
|
+
*out = v;
|
207
|
+
return 1;
|
208
|
+
}
|
187
209
|
|
188
|
-
|
189
|
-
|
210
|
+
static int parse_asn1_tag(CBS *cbs, unsigned *out) {
|
211
|
+
uint8_t tag_byte;
|
212
|
+
if (!CBS_get_u8(cbs, &tag_byte)) {
|
190
213
|
return 0;
|
191
214
|
}
|
192
215
|
|
@@ -197,22 +220,58 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
197
220
|
// allotted bits), then the tag is more than one byte long and the
|
198
221
|
// continuation bytes contain the tag number. This parser only supports tag
|
199
222
|
// numbers less than 31 (and thus single-byte tags).
|
200
|
-
|
201
|
-
|
223
|
+
unsigned tag = ((unsigned)tag_byte & 0xe0) << CBS_ASN1_TAG_SHIFT;
|
224
|
+
unsigned tag_number = tag_byte & 0x1f;
|
225
|
+
if (tag_number == 0x1f) {
|
226
|
+
uint64_t v;
|
227
|
+
if (!parse_base128_integer(cbs, &v) ||
|
228
|
+
// Check the tag number is within our supported bounds.
|
229
|
+
v > CBS_ASN1_TAG_NUMBER_MASK ||
|
230
|
+
// Small tag numbers should have used low tag number form.
|
231
|
+
v < 0x1f) {
|
232
|
+
return 0;
|
233
|
+
}
|
234
|
+
tag_number = (unsigned)v;
|
202
235
|
}
|
203
236
|
|
237
|
+
tag |= tag_number;
|
238
|
+
|
239
|
+
*out = tag;
|
240
|
+
return 1;
|
241
|
+
}
|
242
|
+
|
243
|
+
static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
244
|
+
size_t *out_header_len, int ber_ok) {
|
245
|
+
CBS header = *cbs;
|
246
|
+
CBS throwaway;
|
247
|
+
|
248
|
+
if (out == NULL) {
|
249
|
+
out = &throwaway;
|
250
|
+
}
|
251
|
+
|
252
|
+
unsigned tag;
|
253
|
+
if (!parse_asn1_tag(&header, &tag)) {
|
254
|
+
return 0;
|
255
|
+
}
|
204
256
|
if (out_tag != NULL) {
|
205
257
|
*out_tag = tag;
|
206
258
|
}
|
207
259
|
|
260
|
+
uint8_t length_byte;
|
261
|
+
if (!CBS_get_u8(&header, &length_byte)) {
|
262
|
+
return 0;
|
263
|
+
}
|
264
|
+
|
265
|
+
size_t header_len = CBS_len(cbs) - CBS_len(&header);
|
266
|
+
|
208
267
|
size_t len;
|
209
268
|
// The format for the length encoding is specified in ITU-T X.690 section
|
210
269
|
// 8.1.3.
|
211
270
|
if ((length_byte & 0x80) == 0) {
|
212
271
|
// Short form length.
|
213
|
-
len = ((size_t) length_byte) +
|
272
|
+
len = ((size_t) length_byte) + header_len;
|
214
273
|
if (out_header_len != NULL) {
|
215
|
-
*out_header_len =
|
274
|
+
*out_header_len = header_len;
|
216
275
|
}
|
217
276
|
} else {
|
218
277
|
// The high bit indicate that this is the long form, while the next 7 bits
|
@@ -224,9 +283,9 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
224
283
|
if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
|
225
284
|
// indefinite length
|
226
285
|
if (out_header_len != NULL) {
|
227
|
-
*out_header_len =
|
286
|
+
*out_header_len = header_len;
|
228
287
|
}
|
229
|
-
return CBS_get_bytes(cbs, out,
|
288
|
+
return CBS_get_bytes(cbs, out, header_len);
|
230
289
|
}
|
231
290
|
|
232
291
|
// ITU-T X.690 clause 8.1.3.5.c specifies that the value 0xff shall not be
|
@@ -249,13 +308,13 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
249
308
|
return 0;
|
250
309
|
}
|
251
310
|
len = len32;
|
252
|
-
if (len +
|
311
|
+
if (len + header_len + num_bytes < len) {
|
253
312
|
// Overflow.
|
254
313
|
return 0;
|
255
314
|
}
|
256
|
-
len +=
|
315
|
+
len += header_len + num_bytes;
|
257
316
|
if (out_header_len != NULL) {
|
258
|
-
*out_header_len =
|
317
|
+
*out_header_len = header_len + num_bytes;
|
259
318
|
}
|
260
319
|
}
|
261
320
|
|
@@ -323,7 +382,10 @@ int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value) {
|
|
323
382
|
if (CBS_len(cbs) < 1) {
|
324
383
|
return 0;
|
325
384
|
}
|
326
|
-
|
385
|
+
|
386
|
+
CBS copy = *cbs;
|
387
|
+
unsigned actual_tag;
|
388
|
+
return parse_asn1_tag(©, &actual_tag) && tag_value == actual_tag;
|
327
389
|
}
|
328
390
|
|
329
391
|
int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
|
@@ -363,6 +425,22 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
|
|
363
425
|
return 1;
|
364
426
|
}
|
365
427
|
|
428
|
+
int CBS_get_asn1_bool(CBS *cbs, int *out) {
|
429
|
+
CBS bytes;
|
430
|
+
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
|
431
|
+
CBS_len(&bytes) != 1) {
|
432
|
+
return 0;
|
433
|
+
}
|
434
|
+
|
435
|
+
const uint8_t value = *CBS_data(&bytes);
|
436
|
+
if (value != 0 && value != 0xff) {
|
437
|
+
return 0;
|
438
|
+
}
|
439
|
+
|
440
|
+
*out = !!value;
|
441
|
+
return 1;
|
442
|
+
}
|
443
|
+
|
366
444
|
int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned tag) {
|
367
445
|
int present = 0;
|
368
446
|
|
@@ -485,3 +563,55 @@ int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit) {
|
|
485
563
|
return byte_num < CBS_len(cbs) &&
|
486
564
|
(CBS_data(cbs)[byte_num] & (1 << bit_num)) != 0;
|
487
565
|
}
|
566
|
+
|
567
|
+
static int add_decimal(CBB *out, uint64_t v) {
|
568
|
+
char buf[DECIMAL_SIZE(uint64_t) + 1];
|
569
|
+
BIO_snprintf(buf, sizeof(buf), "%" PRIu64, v);
|
570
|
+
return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
|
571
|
+
}
|
572
|
+
|
573
|
+
char *CBS_asn1_oid_to_text(const CBS *cbs) {
|
574
|
+
CBB cbb;
|
575
|
+
if (!CBB_init(&cbb, 32)) {
|
576
|
+
goto err;
|
577
|
+
}
|
578
|
+
|
579
|
+
CBS copy = *cbs;
|
580
|
+
// The first component is 40 * value1 + value2, where value1 is 0, 1, or 2.
|
581
|
+
uint64_t v;
|
582
|
+
if (!parse_base128_integer(©, &v)) {
|
583
|
+
goto err;
|
584
|
+
}
|
585
|
+
|
586
|
+
if (v >= 80) {
|
587
|
+
if (!CBB_add_bytes(&cbb, (const uint8_t *)"2.", 2) ||
|
588
|
+
!add_decimal(&cbb, v - 80)) {
|
589
|
+
goto err;
|
590
|
+
}
|
591
|
+
} else if (!add_decimal(&cbb, v / 40) ||
|
592
|
+
!CBB_add_u8(&cbb, '.') ||
|
593
|
+
!add_decimal(&cbb, v % 40)) {
|
594
|
+
goto err;
|
595
|
+
}
|
596
|
+
|
597
|
+
while (CBS_len(©) != 0) {
|
598
|
+
if (!parse_base128_integer(©, &v) ||
|
599
|
+
!CBB_add_u8(&cbb, '.') ||
|
600
|
+
!add_decimal(&cbb, v)) {
|
601
|
+
goto err;
|
602
|
+
}
|
603
|
+
}
|
604
|
+
|
605
|
+
uint8_t *txt;
|
606
|
+
size_t txt_len;
|
607
|
+
if (!CBB_add_u8(&cbb, '\0') ||
|
608
|
+
!CBB_finish(&cbb, &txt, &txt_len)) {
|
609
|
+
goto err;
|
610
|
+
}
|
611
|
+
|
612
|
+
return (char *)txt;
|
613
|
+
|
614
|
+
err:
|
615
|
+
CBB_cleanup(&cbb);
|
616
|
+
return NULL;
|
617
|
+
}
|