grpc 1.24.0 → 1.25.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +71 -43
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
|
@@ -154,10 +154,9 @@
|
|
|
154
154
|
#include "../crypto/internal.h"
|
|
155
155
|
|
|
156
156
|
|
|
157
|
-
|
|
157
|
+
BSSL_NAMESPACE_BEGIN
|
|
158
158
|
|
|
159
|
-
|
|
160
|
-
static const SSL_CIPHER kCiphers[] = {
|
|
159
|
+
static constexpr SSL_CIPHER kCiphers[] = {
|
|
161
160
|
// The RSA ciphers
|
|
162
161
|
// Cipher 02
|
|
163
162
|
{
|
|
@@ -210,33 +209,6 @@ static const SSL_CIPHER kCiphers[] = {
|
|
|
210
209
|
SSL_HANDSHAKE_MAC_DEFAULT,
|
|
211
210
|
},
|
|
212
211
|
|
|
213
|
-
|
|
214
|
-
// TLS v1.2 ciphersuites
|
|
215
|
-
|
|
216
|
-
// Cipher 3C
|
|
217
|
-
{
|
|
218
|
-
TLS1_TXT_RSA_WITH_AES_128_SHA256,
|
|
219
|
-
"TLS_RSA_WITH_AES_128_CBC_SHA256",
|
|
220
|
-
TLS1_CK_RSA_WITH_AES_128_SHA256,
|
|
221
|
-
SSL_kRSA,
|
|
222
|
-
SSL_aRSA,
|
|
223
|
-
SSL_AES128,
|
|
224
|
-
SSL_SHA256,
|
|
225
|
-
SSL_HANDSHAKE_MAC_SHA256,
|
|
226
|
-
},
|
|
227
|
-
|
|
228
|
-
// Cipher 3D
|
|
229
|
-
{
|
|
230
|
-
TLS1_TXT_RSA_WITH_AES_256_SHA256,
|
|
231
|
-
"TLS_RSA_WITH_AES_256_CBC_SHA256",
|
|
232
|
-
TLS1_CK_RSA_WITH_AES_256_SHA256,
|
|
233
|
-
SSL_kRSA,
|
|
234
|
-
SSL_aRSA,
|
|
235
|
-
SSL_AES256,
|
|
236
|
-
SSL_SHA256,
|
|
237
|
-
SSL_HANDSHAKE_MAC_SHA256,
|
|
238
|
-
},
|
|
239
|
-
|
|
240
212
|
// PSK cipher suites.
|
|
241
213
|
|
|
242
214
|
// Cipher 8C
|
|
@@ -375,58 +347,6 @@ static const SSL_CIPHER kCiphers[] = {
|
|
|
375
347
|
SSL_HANDSHAKE_MAC_DEFAULT,
|
|
376
348
|
},
|
|
377
349
|
|
|
378
|
-
|
|
379
|
-
// HMAC based TLS v1.2 ciphersuites from RFC5289
|
|
380
|
-
|
|
381
|
-
// Cipher C023
|
|
382
|
-
{
|
|
383
|
-
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
|
|
384
|
-
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
|
385
|
-
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
|
|
386
|
-
SSL_kECDHE,
|
|
387
|
-
SSL_aECDSA,
|
|
388
|
-
SSL_AES128,
|
|
389
|
-
SSL_SHA256,
|
|
390
|
-
SSL_HANDSHAKE_MAC_SHA256,
|
|
391
|
-
},
|
|
392
|
-
|
|
393
|
-
// Cipher C024
|
|
394
|
-
{
|
|
395
|
-
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
|
|
396
|
-
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
|
|
397
|
-
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
|
|
398
|
-
SSL_kECDHE,
|
|
399
|
-
SSL_aECDSA,
|
|
400
|
-
SSL_AES256,
|
|
401
|
-
SSL_SHA384,
|
|
402
|
-
SSL_HANDSHAKE_MAC_SHA384,
|
|
403
|
-
},
|
|
404
|
-
|
|
405
|
-
// Cipher C027
|
|
406
|
-
{
|
|
407
|
-
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
|
|
408
|
-
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
|
409
|
-
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
|
|
410
|
-
SSL_kECDHE,
|
|
411
|
-
SSL_aRSA,
|
|
412
|
-
SSL_AES128,
|
|
413
|
-
SSL_SHA256,
|
|
414
|
-
SSL_HANDSHAKE_MAC_SHA256,
|
|
415
|
-
},
|
|
416
|
-
|
|
417
|
-
// Cipher C028
|
|
418
|
-
{
|
|
419
|
-
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
|
|
420
|
-
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
|
|
421
|
-
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
|
|
422
|
-
SSL_kECDHE,
|
|
423
|
-
SSL_aRSA,
|
|
424
|
-
SSL_AES256,
|
|
425
|
-
SSL_SHA384,
|
|
426
|
-
SSL_HANDSHAKE_MAC_SHA384,
|
|
427
|
-
},
|
|
428
|
-
|
|
429
|
-
|
|
430
350
|
// GCM based TLS v1.2 ciphersuites from RFC5289
|
|
431
351
|
|
|
432
352
|
// Cipher C02B
|
|
@@ -543,7 +463,9 @@ static const SSL_CIPHER kCiphers[] = {
|
|
|
543
463
|
|
|
544
464
|
};
|
|
545
465
|
|
|
546
|
-
|
|
466
|
+
Span<const SSL_CIPHER> AllCiphers() {
|
|
467
|
+
return MakeConstSpan(kCiphers, OPENSSL_ARRAY_SIZE(kCiphers));
|
|
468
|
+
}
|
|
547
469
|
|
|
548
470
|
#define CIPHER_ADD 1
|
|
549
471
|
#define CIPHER_KILL 2
|
|
@@ -616,8 +538,6 @@ static const CIPHER_ALIAS kCipherAliases[] = {
|
|
|
616
538
|
// MAC aliases
|
|
617
539
|
{"SHA1", ~0u, ~0u, ~0u, SSL_SHA1, 0},
|
|
618
540
|
{"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
|
|
619
|
-
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
|
|
620
|
-
{"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
|
|
621
541
|
|
|
622
542
|
// Legacy protocol minimum version aliases. "TLSv1" is intentionally the
|
|
623
543
|
// same as "SSLv3".
|
|
@@ -628,41 +548,44 @@ static const CIPHER_ALIAS kCipherAliases[] = {
|
|
|
628
548
|
// Legacy strength classes.
|
|
629
549
|
{"HIGH", ~0u, ~0u, ~0u, ~0u, 0},
|
|
630
550
|
{"FIPS", ~0u, ~0u, ~0u, ~0u, 0},
|
|
551
|
+
|
|
552
|
+
// Temporary no-op aliases corresponding to removed SHA-2 legacy CBC
|
|
553
|
+
// ciphers. These should be removed after 2018-05-14.
|
|
554
|
+
{"SHA256", 0, 0, 0, 0, 0},
|
|
555
|
+
{"SHA384", 0, 0, 0, 0, 0},
|
|
631
556
|
};
|
|
632
557
|
|
|
633
558
|
static const size_t kCipherAliasesLen = OPENSSL_ARRAY_SIZE(kCipherAliases);
|
|
634
559
|
|
|
635
|
-
static int ssl_cipher_id_cmp(const void *in_a, const void *in_b) {
|
|
636
|
-
const SSL_CIPHER *a = reinterpret_cast<const SSL_CIPHER *>(in_a);
|
|
637
|
-
const SSL_CIPHER *b = reinterpret_cast<const SSL_CIPHER *>(in_b);
|
|
638
|
-
|
|
639
|
-
if (a->id > b->id) {
|
|
640
|
-
return 1;
|
|
641
|
-
} else if (a->id < b->id) {
|
|
642
|
-
return -1;
|
|
643
|
-
} else {
|
|
644
|
-
return 0;
|
|
645
|
-
}
|
|
646
|
-
}
|
|
647
|
-
|
|
648
560
|
bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
|
|
649
561
|
size_t *out_mac_secret_len,
|
|
650
562
|
size_t *out_fixed_iv_len, const SSL_CIPHER *cipher,
|
|
651
|
-
uint16_t version,
|
|
563
|
+
uint16_t version, bool is_dtls) {
|
|
652
564
|
*out_aead = NULL;
|
|
653
565
|
*out_mac_secret_len = 0;
|
|
654
566
|
*out_fixed_iv_len = 0;
|
|
655
567
|
|
|
656
|
-
const
|
|
568
|
+
const bool is_tls12 = version == TLS1_2_VERSION && !is_dtls;
|
|
569
|
+
const bool is_tls13 = version == TLS1_3_VERSION && !is_dtls;
|
|
657
570
|
|
|
658
571
|
if (cipher->algorithm_mac == SSL_AEAD) {
|
|
659
572
|
if (cipher->algorithm_enc == SSL_AES128GCM) {
|
|
660
|
-
|
|
661
|
-
|
|
573
|
+
if (is_tls12) {
|
|
574
|
+
*out_aead = EVP_aead_aes_128_gcm_tls12();
|
|
575
|
+
} else if (is_tls13) {
|
|
576
|
+
*out_aead = EVP_aead_aes_128_gcm_tls13();
|
|
577
|
+
} else {
|
|
578
|
+
*out_aead = EVP_aead_aes_128_gcm();
|
|
579
|
+
}
|
|
662
580
|
*out_fixed_iv_len = 4;
|
|
663
581
|
} else if (cipher->algorithm_enc == SSL_AES256GCM) {
|
|
664
|
-
|
|
665
|
-
|
|
582
|
+
if (is_tls12) {
|
|
583
|
+
*out_aead = EVP_aead_aes_256_gcm_tls12();
|
|
584
|
+
} else if (is_tls13) {
|
|
585
|
+
*out_aead = EVP_aead_aes_256_gcm_tls13();
|
|
586
|
+
} else {
|
|
587
|
+
*out_aead = EVP_aead_aes_256_gcm();
|
|
588
|
+
}
|
|
666
589
|
*out_fixed_iv_len = 4;
|
|
667
590
|
} else if (cipher->algorithm_enc == SSL_CHACHA20POLY1305) {
|
|
668
591
|
*out_aead = EVP_aead_chacha20_poly1305();
|
|
@@ -678,36 +601,23 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
|
|
|
678
601
|
}
|
|
679
602
|
} else if (cipher->algorithm_mac == SSL_SHA1) {
|
|
680
603
|
if (cipher->algorithm_enc == SSL_eNULL) {
|
|
681
|
-
|
|
682
|
-
*out_aead = EVP_aead_null_sha1_ssl3();
|
|
683
|
-
} else {
|
|
684
|
-
*out_aead = EVP_aead_null_sha1_tls();
|
|
685
|
-
}
|
|
604
|
+
*out_aead = EVP_aead_null_sha1_tls();
|
|
686
605
|
} else if (cipher->algorithm_enc == SSL_3DES) {
|
|
687
|
-
if (version ==
|
|
688
|
-
*out_aead = EVP_aead_des_ede3_cbc_sha1_ssl3();
|
|
689
|
-
*out_fixed_iv_len = 8;
|
|
690
|
-
} else if (version == TLS1_VERSION) {
|
|
606
|
+
if (version == TLS1_VERSION) {
|
|
691
607
|
*out_aead = EVP_aead_des_ede3_cbc_sha1_tls_implicit_iv();
|
|
692
608
|
*out_fixed_iv_len = 8;
|
|
693
609
|
} else {
|
|
694
610
|
*out_aead = EVP_aead_des_ede3_cbc_sha1_tls();
|
|
695
611
|
}
|
|
696
612
|
} else if (cipher->algorithm_enc == SSL_AES128) {
|
|
697
|
-
if (version ==
|
|
698
|
-
*out_aead = EVP_aead_aes_128_cbc_sha1_ssl3();
|
|
699
|
-
*out_fixed_iv_len = 16;
|
|
700
|
-
} else if (version == TLS1_VERSION) {
|
|
613
|
+
if (version == TLS1_VERSION) {
|
|
701
614
|
*out_aead = EVP_aead_aes_128_cbc_sha1_tls_implicit_iv();
|
|
702
615
|
*out_fixed_iv_len = 16;
|
|
703
616
|
} else {
|
|
704
617
|
*out_aead = EVP_aead_aes_128_cbc_sha1_tls();
|
|
705
618
|
}
|
|
706
619
|
} else if (cipher->algorithm_enc == SSL_AES256) {
|
|
707
|
-
if (version ==
|
|
708
|
-
*out_aead = EVP_aead_aes_256_cbc_sha1_ssl3();
|
|
709
|
-
*out_fixed_iv_len = 16;
|
|
710
|
-
} else if (version == TLS1_VERSION) {
|
|
620
|
+
if (version == TLS1_VERSION) {
|
|
711
621
|
*out_aead = EVP_aead_aes_256_cbc_sha1_tls_implicit_iv();
|
|
712
622
|
*out_fixed_iv_len = 16;
|
|
713
623
|
} else {
|
|
@@ -718,23 +628,6 @@ bool ssl_cipher_get_evp_aead(const EVP_AEAD **out_aead,
|
|
|
718
628
|
}
|
|
719
629
|
|
|
720
630
|
*out_mac_secret_len = SHA_DIGEST_LENGTH;
|
|
721
|
-
} else if (cipher->algorithm_mac == SSL_SHA256) {
|
|
722
|
-
if (cipher->algorithm_enc == SSL_AES128) {
|
|
723
|
-
*out_aead = EVP_aead_aes_128_cbc_sha256_tls();
|
|
724
|
-
} else if (cipher->algorithm_enc == SSL_AES256) {
|
|
725
|
-
*out_aead = EVP_aead_aes_256_cbc_sha256_tls();
|
|
726
|
-
} else {
|
|
727
|
-
return false;
|
|
728
|
-
}
|
|
729
|
-
|
|
730
|
-
*out_mac_secret_len = SHA256_DIGEST_LENGTH;
|
|
731
|
-
} else if (cipher->algorithm_mac == SSL_SHA384) {
|
|
732
|
-
if (cipher->algorithm_enc != SSL_AES256) {
|
|
733
|
-
return false;
|
|
734
|
-
}
|
|
735
|
-
|
|
736
|
-
*out_aead = EVP_aead_aes_256_cbc_sha384_tls();
|
|
737
|
-
*out_mac_secret_len = SHA384_DIGEST_LENGTH;
|
|
738
631
|
} else {
|
|
739
632
|
return false;
|
|
740
633
|
}
|
|
@@ -757,7 +650,7 @@ const EVP_MD *ssl_get_handshake_digest(uint16_t version,
|
|
|
757
650
|
}
|
|
758
651
|
}
|
|
759
652
|
|
|
760
|
-
static bool is_cipher_list_separator(char c,
|
|
653
|
+
static bool is_cipher_list_separator(char c, bool is_strict) {
|
|
761
654
|
if (c == ':') {
|
|
762
655
|
return true;
|
|
763
656
|
}
|
|
@@ -811,9 +704,14 @@ static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
|
|
|
811
704
|
*head = curr;
|
|
812
705
|
}
|
|
813
706
|
|
|
814
|
-
static
|
|
815
|
-
CIPHER_ORDER **
|
|
816
|
-
CIPHER_ORDER **
|
|
707
|
+
static bool ssl_cipher_collect_ciphers(Array<CIPHER_ORDER> *out_co_list,
|
|
708
|
+
CIPHER_ORDER **out_head,
|
|
709
|
+
CIPHER_ORDER **out_tail) {
|
|
710
|
+
Array<CIPHER_ORDER> co_list;
|
|
711
|
+
if (!co_list.Init(OPENSSL_ARRAY_SIZE(kCiphers))) {
|
|
712
|
+
return false;
|
|
713
|
+
}
|
|
714
|
+
|
|
817
715
|
size_t co_list_num = 0;
|
|
818
716
|
for (const SSL_CIPHER &cipher : kCiphers) {
|
|
819
717
|
// TLS 1.3 ciphers do not participate in this mechanism.
|
|
@@ -844,9 +742,60 @@ static void ssl_cipher_collect_ciphers(CIPHER_ORDER *co_list,
|
|
|
844
742
|
|
|
845
743
|
co_list[co_list_num - 1].next = NULL;
|
|
846
744
|
|
|
847
|
-
*
|
|
848
|
-
*
|
|
745
|
+
*out_head = &co_list[0];
|
|
746
|
+
*out_tail = &co_list[co_list_num - 1];
|
|
747
|
+
} else {
|
|
748
|
+
*out_head = nullptr;
|
|
749
|
+
*out_tail = nullptr;
|
|
750
|
+
}
|
|
751
|
+
*out_co_list = std::move(co_list);
|
|
752
|
+
return true;
|
|
753
|
+
}
|
|
754
|
+
|
|
755
|
+
SSLCipherPreferenceList::~SSLCipherPreferenceList() {
|
|
756
|
+
OPENSSL_free(in_group_flags);
|
|
757
|
+
}
|
|
758
|
+
|
|
759
|
+
bool SSLCipherPreferenceList::Init(UniquePtr<STACK_OF(SSL_CIPHER)> ciphers_arg,
|
|
760
|
+
Span<const bool> in_group_flags_arg) {
|
|
761
|
+
if (sk_SSL_CIPHER_num(ciphers_arg.get()) != in_group_flags_arg.size()) {
|
|
762
|
+
OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
|
|
763
|
+
return false;
|
|
764
|
+
}
|
|
765
|
+
|
|
766
|
+
Array<bool> copy;
|
|
767
|
+
if (!copy.CopyFrom(in_group_flags_arg)) {
|
|
768
|
+
return false;
|
|
769
|
+
}
|
|
770
|
+
ciphers = std::move(ciphers_arg);
|
|
771
|
+
size_t unused_len;
|
|
772
|
+
copy.Release(&in_group_flags, &unused_len);
|
|
773
|
+
return true;
|
|
774
|
+
}
|
|
775
|
+
|
|
776
|
+
bool SSLCipherPreferenceList::Init(const SSLCipherPreferenceList& other) {
|
|
777
|
+
size_t size = sk_SSL_CIPHER_num(other.ciphers.get());
|
|
778
|
+
Span<const bool> other_flags(other.in_group_flags, size);
|
|
779
|
+
UniquePtr<STACK_OF(SSL_CIPHER)> other_ciphers(sk_SSL_CIPHER_dup(
|
|
780
|
+
other.ciphers.get()));
|
|
781
|
+
if (!other_ciphers) {
|
|
782
|
+
return false;
|
|
849
783
|
}
|
|
784
|
+
return Init(std::move(other_ciphers), other_flags);
|
|
785
|
+
}
|
|
786
|
+
|
|
787
|
+
void SSLCipherPreferenceList::Remove(const SSL_CIPHER *cipher) {
|
|
788
|
+
size_t index;
|
|
789
|
+
if (!sk_SSL_CIPHER_find(ciphers.get(), &index, cipher)) {
|
|
790
|
+
return;
|
|
791
|
+
}
|
|
792
|
+
if (!in_group_flags[index] /* last element of group */ && index > 0) {
|
|
793
|
+
in_group_flags[index-1] = false;
|
|
794
|
+
}
|
|
795
|
+
for (size_t i = index; i < sk_SSL_CIPHER_num(ciphers.get()) - 1; ++i) {
|
|
796
|
+
in_group_flags[i] = in_group_flags[i+1];
|
|
797
|
+
}
|
|
798
|
+
sk_SSL_CIPHER_delete(ciphers.get(), index);
|
|
850
799
|
}
|
|
851
800
|
|
|
852
801
|
// ssl_cipher_apply_rule applies the rule type |rule| to ciphers matching its
|
|
@@ -1128,7 +1077,7 @@ static bool ssl_cipher_process_rulestr(const char *rule_str,
|
|
|
1128
1077
|
// Look for a matching exact cipher. These aren't allowed in multipart
|
|
1129
1078
|
// rules.
|
|
1130
1079
|
if (!multi && ch != '+') {
|
|
1131
|
-
for (j = 0; j <
|
|
1080
|
+
for (j = 0; j < OPENSSL_ARRAY_SIZE(kCiphers); j++) {
|
|
1132
1081
|
const SSL_CIPHER *cipher = &kCiphers[j];
|
|
1133
1082
|
if (rule_equals(cipher->name, buf, buf_len) ||
|
|
1134
1083
|
rule_equals(cipher->standard_name, buf, buf_len)) {
|
|
@@ -1201,15 +1150,8 @@ static bool ssl_cipher_process_rulestr(const char *rule_str,
|
|
|
1201
1150
|
return true;
|
|
1202
1151
|
}
|
|
1203
1152
|
|
|
1204
|
-
bool ssl_create_cipher_list(
|
|
1205
|
-
|
|
1206
|
-
const char *rule_str, bool strict) {
|
|
1207
|
-
STACK_OF(SSL_CIPHER) *cipherstack = NULL;
|
|
1208
|
-
CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
|
|
1209
|
-
uint8_t *in_group_flags = NULL;
|
|
1210
|
-
unsigned int num_in_group_flags = 0;
|
|
1211
|
-
struct ssl_cipher_preference_list_st *pref_list = NULL;
|
|
1212
|
-
|
|
1153
|
+
bool ssl_create_cipher_list(UniquePtr<SSLCipherPreferenceList> *out_cipher_list,
|
|
1154
|
+
const char *rule_str, bool strict) {
|
|
1213
1155
|
// Return with error if nothing to do.
|
|
1214
1156
|
if (rule_str == NULL || out_cipher_list == NULL) {
|
|
1215
1157
|
return false;
|
|
@@ -1218,14 +1160,12 @@ bool ssl_create_cipher_list(
|
|
|
1218
1160
|
// Now we have to collect the available ciphers from the compiled in ciphers.
|
|
1219
1161
|
// We cannot get more than the number compiled in, so it is used for
|
|
1220
1162
|
// allocation.
|
|
1221
|
-
|
|
1222
|
-
|
|
1223
|
-
|
|
1163
|
+
Array<CIPHER_ORDER> co_list;
|
|
1164
|
+
CIPHER_ORDER *head = nullptr, *tail = nullptr;
|
|
1165
|
+
if (!ssl_cipher_collect_ciphers(&co_list, &head, &tail)) {
|
|
1224
1166
|
return false;
|
|
1225
1167
|
}
|
|
1226
1168
|
|
|
1227
|
-
ssl_cipher_collect_ciphers(co_list, &head, &tail);
|
|
1228
|
-
|
|
1229
1169
|
// Now arrange all ciphers by preference:
|
|
1230
1170
|
// TODO(davidben): Compute this order once and copy it.
|
|
1231
1171
|
|
|
@@ -1285,7 +1225,7 @@ bool ssl_create_cipher_list(
|
|
|
1285
1225
|
if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
|
1286
1226
|
if (!ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, &head, &tail,
|
|
1287
1227
|
strict)) {
|
|
1288
|
-
|
|
1228
|
+
return false;
|
|
1289
1229
|
}
|
|
1290
1230
|
rule_p += 7;
|
|
1291
1231
|
if (*rule_p == ':') {
|
|
@@ -1295,80 +1235,55 @@ bool ssl_create_cipher_list(
|
|
|
1295
1235
|
|
|
1296
1236
|
if (*rule_p != '\0' &&
|
|
1297
1237
|
!ssl_cipher_process_rulestr(rule_p, &head, &tail, strict)) {
|
|
1298
|
-
|
|
1238
|
+
return false;
|
|
1299
1239
|
}
|
|
1300
1240
|
|
|
1301
1241
|
// Allocate new "cipherstack" for the result, return with error
|
|
1302
1242
|
// if we cannot get one.
|
|
1303
|
-
cipherstack
|
|
1304
|
-
|
|
1305
|
-
|
|
1306
|
-
|
|
1307
|
-
|
|
1308
|
-
in_group_flags = (uint8_t *)OPENSSL_malloc(kCiphersLen);
|
|
1309
|
-
if (!in_group_flags) {
|
|
1310
|
-
goto err;
|
|
1243
|
+
UniquePtr<STACK_OF(SSL_CIPHER)> cipherstack(sk_SSL_CIPHER_new_null());
|
|
1244
|
+
Array<bool> in_group_flags;
|
|
1245
|
+
if (cipherstack == nullptr ||
|
|
1246
|
+
!in_group_flags.Init(OPENSSL_ARRAY_SIZE(kCiphers))) {
|
|
1247
|
+
return false;
|
|
1311
1248
|
}
|
|
1312
1249
|
|
|
1313
1250
|
// The cipher selection for the list is done. The ciphers are added
|
|
1314
1251
|
// to the resulting precedence to the STACK_OF(SSL_CIPHER).
|
|
1315
|
-
|
|
1252
|
+
size_t num_in_group_flags = 0;
|
|
1253
|
+
for (CIPHER_ORDER *curr = head; curr != NULL; curr = curr->next) {
|
|
1316
1254
|
if (curr->active) {
|
|
1317
|
-
if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
|
|
1318
|
-
|
|
1255
|
+
if (!sk_SSL_CIPHER_push(cipherstack.get(), curr->cipher)) {
|
|
1256
|
+
return false;
|
|
1319
1257
|
}
|
|
1320
1258
|
in_group_flags[num_in_group_flags++] = curr->in_group;
|
|
1321
1259
|
}
|
|
1322
1260
|
}
|
|
1323
|
-
OPENSSL_free(co_list); // Not needed any longer
|
|
1324
|
-
co_list = NULL;
|
|
1325
1261
|
|
|
1326
|
-
pref_list =
|
|
1327
|
-
|
|
1328
|
-
if (!pref_list
|
|
1329
|
-
|
|
1330
|
-
|
|
1331
|
-
|
|
1332
|
-
|
|
1333
|
-
if (num_in_group_flags) {
|
|
1334
|
-
pref_list->in_group_flags = (uint8_t *)OPENSSL_malloc(num_in_group_flags);
|
|
1335
|
-
if (!pref_list->in_group_flags) {
|
|
1336
|
-
goto err;
|
|
1337
|
-
}
|
|
1338
|
-
OPENSSL_memcpy(pref_list->in_group_flags, in_group_flags,
|
|
1339
|
-
num_in_group_flags);
|
|
1340
|
-
}
|
|
1341
|
-
OPENSSL_free(in_group_flags);
|
|
1342
|
-
in_group_flags = NULL;
|
|
1343
|
-
if (*out_cipher_list != NULL) {
|
|
1344
|
-
ssl_cipher_preference_list_free(*out_cipher_list);
|
|
1262
|
+
UniquePtr<SSLCipherPreferenceList> pref_list =
|
|
1263
|
+
MakeUnique<SSLCipherPreferenceList>();
|
|
1264
|
+
if (!pref_list ||
|
|
1265
|
+
!pref_list->Init(
|
|
1266
|
+
std::move(cipherstack),
|
|
1267
|
+
MakeConstSpan(in_group_flags).subspan(0, num_in_group_flags))) {
|
|
1268
|
+
return false;
|
|
1345
1269
|
}
|
|
1346
|
-
|
|
1347
|
-
|
|
1270
|
+
|
|
1271
|
+
*out_cipher_list = std::move(pref_list);
|
|
1348
1272
|
|
|
1349
1273
|
// Configuring an empty cipher list is an error but still updates the
|
|
1350
1274
|
// output.
|
|
1351
|
-
if (sk_SSL_CIPHER_num((*out_cipher_list)->ciphers) == 0) {
|
|
1275
|
+
if (sk_SSL_CIPHER_num((*out_cipher_list)->ciphers.get()) == 0) {
|
|
1352
1276
|
OPENSSL_PUT_ERROR(SSL, SSL_R_NO_CIPHER_MATCH);
|
|
1353
1277
|
return false;
|
|
1354
1278
|
}
|
|
1355
1279
|
|
|
1356
1280
|
return true;
|
|
1357
|
-
|
|
1358
|
-
err:
|
|
1359
|
-
OPENSSL_free(co_list);
|
|
1360
|
-
OPENSSL_free(in_group_flags);
|
|
1361
|
-
sk_SSL_CIPHER_free(cipherstack);
|
|
1362
|
-
if (pref_list) {
|
|
1363
|
-
OPENSSL_free(pref_list->in_group_flags);
|
|
1364
|
-
}
|
|
1365
|
-
OPENSSL_free(pref_list);
|
|
1366
|
-
return false;
|
|
1367
1281
|
}
|
|
1368
1282
|
|
|
1369
1283
|
uint16_t ssl_cipher_get_value(const SSL_CIPHER *cipher) {
|
|
1370
1284
|
uint32_t id = cipher->id;
|
|
1371
|
-
// All
|
|
1285
|
+
// All OpenSSL cipher IDs are prefaced with 0x03. Historically this referred
|
|
1286
|
+
// to SSLv2 vs SSLv3.
|
|
1372
1287
|
assert((id & 0xff000000) == 0x03000000);
|
|
1373
1288
|
return id & 0xffff;
|
|
1374
1289
|
}
|
|
@@ -1417,20 +1332,55 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) {
|
|
|
1417
1332
|
return ret;
|
|
1418
1333
|
}
|
|
1419
1334
|
|
|
1420
|
-
|
|
1335
|
+
BSSL_NAMESPACE_END
|
|
1421
1336
|
|
|
1422
1337
|
using namespace bssl;
|
|
1423
1338
|
|
|
1339
|
+
static constexpr int ssl_cipher_id_cmp_inner(const SSL_CIPHER *a,
|
|
1340
|
+
const SSL_CIPHER *b) {
|
|
1341
|
+
// C++11's constexpr functions must have a body consisting of just a
|
|
1342
|
+
// return-statement.
|
|
1343
|
+
return (a->id > b->id) ? 1 : ((a->id < b->id) ? -1 : 0);
|
|
1344
|
+
}
|
|
1345
|
+
|
|
1346
|
+
static int ssl_cipher_id_cmp(const void *in_a, const void *in_b) {
|
|
1347
|
+
return ssl_cipher_id_cmp_inner(reinterpret_cast<const SSL_CIPHER *>(in_a),
|
|
1348
|
+
reinterpret_cast<const SSL_CIPHER *>(in_b));
|
|
1349
|
+
}
|
|
1350
|
+
|
|
1351
|
+
template <typename T, size_t N>
|
|
1352
|
+
static constexpr size_t countof(T const (&)[N]) {
|
|
1353
|
+
return N;
|
|
1354
|
+
}
|
|
1355
|
+
|
|
1356
|
+
template <typename T, size_t I>
|
|
1357
|
+
static constexpr int check_order(const T (&arr)[I], size_t N) {
|
|
1358
|
+
// C++11's constexpr functions must have a body consisting of just a
|
|
1359
|
+
// return-statement.
|
|
1360
|
+
return N > 1 ? ((ssl_cipher_id_cmp_inner(&arr[N - 2], &arr[N - 1]) < 0)
|
|
1361
|
+
? check_order(arr, N - 1)
|
|
1362
|
+
: 0)
|
|
1363
|
+
: 1;
|
|
1364
|
+
}
|
|
1365
|
+
|
|
1366
|
+
static_assert(check_order(kCiphers, countof(kCiphers)) == 1,
|
|
1367
|
+
"Ciphers are not sorted, bsearch won't work");
|
|
1368
|
+
|
|
1424
1369
|
const SSL_CIPHER *SSL_get_cipher_by_value(uint16_t value) {
|
|
1425
1370
|
SSL_CIPHER c;
|
|
1426
1371
|
|
|
1427
1372
|
c.id = 0x03000000L | value;
|
|
1428
1373
|
return reinterpret_cast<const SSL_CIPHER *>(bsearch(
|
|
1429
|
-
&c, kCiphers,
|
|
1374
|
+
&c, kCiphers, OPENSSL_ARRAY_SIZE(kCiphers), sizeof(SSL_CIPHER),
|
|
1375
|
+
ssl_cipher_id_cmp));
|
|
1430
1376
|
}
|
|
1431
1377
|
|
|
1432
1378
|
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher) { return cipher->id; }
|
|
1433
1379
|
|
|
1380
|
+
uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *cipher) {
|
|
1381
|
+
return static_cast<uint16_t>(cipher->id);
|
|
1382
|
+
}
|
|
1383
|
+
|
|
1434
1384
|
int SSL_CIPHER_is_aead(const SSL_CIPHER *cipher) {
|
|
1435
1385
|
return (cipher->algorithm_mac & SSL_AEAD) != 0;
|
|
1436
1386
|
}
|
|
@@ -1462,10 +1412,6 @@ int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *cipher) {
|
|
|
1462
1412
|
return NID_undef;
|
|
1463
1413
|
case SSL_SHA1:
|
|
1464
1414
|
return NID_sha1;
|
|
1465
|
-
case SSL_SHA256:
|
|
1466
|
-
return NID_sha256;
|
|
1467
|
-
case SSL_SHA384:
|
|
1468
|
-
return NID_sha384;
|
|
1469
1415
|
}
|
|
1470
1416
|
assert(0);
|
|
1471
1417
|
return NID_undef;
|
|
@@ -1732,14 +1678,6 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
|
|
|
1732
1678
|
mac = "SHA1";
|
|
1733
1679
|
break;
|
|
1734
1680
|
|
|
1735
|
-
case SSL_SHA256:
|
|
1736
|
-
mac = "SHA256";
|
|
1737
|
-
break;
|
|
1738
|
-
|
|
1739
|
-
case SSL_SHA384:
|
|
1740
|
-
mac = "SHA384";
|
|
1741
|
-
break;
|
|
1742
|
-
|
|
1743
1681
|
case SSL_AEAD:
|
|
1744
1682
|
mac = "AEAD";
|
|
1745
1683
|
break;
|