grpc 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +306 -243
- data/etc/roots.pem +0 -100
- data/include/grpc/grpc_security.h +44 -18
- data/include/grpc/impl/codegen/grpc_types.h +15 -0
- data/include/grpc/impl/codegen/port_platform.h +27 -11
- data/include/grpc/impl/codegen/sync_generic.h +1 -1
- data/src/boringssl/err_data.c +695 -650
- data/src/core/ext/filters/client_channel/client_channel.cc +257 -179
- data/src/core/ext/filters/client_channel/client_channel.h +24 -0
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +2 -3
- data/src/core/ext/filters/client_channel/client_channel_factory.h +1 -5
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +18 -45
- data/src/core/ext/filters/client_channel/health/health_check_client.h +5 -13
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy.cc +2 -3
- data/src/core/ext/filters/client_channel/lb_policy.h +65 -55
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +14 -14
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +113 -36
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +14 -19
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +36 -13
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +3 -10
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.cc +814 -1589
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds.h +2 -5
- data/src/core/ext/filters/client_channel/lb_policy_factory.h +3 -6
- data/src/core/ext/filters/client_channel/resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver.h +8 -16
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +25 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +46 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.h +10 -17
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +7 -8
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +111 -44
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +22 -14
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_fallback.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +29 -10
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +27 -36
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +7 -10
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +60 -16
- data/src/core/ext/filters/client_channel/resolver_factory.h +4 -8
- data/src/core/ext/filters/client_channel/resolver_registry.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver_registry.h +1 -1
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +7 -10
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +7 -8
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/retry_throttle.cc +5 -5
- data/src/core/ext/filters/client_channel/retry_throttle.h +1 -4
- data/src/core/ext/filters/client_channel/service_config.h +8 -8
- data/src/core/ext/filters/client_channel/subchannel.cc +53 -86
- data/src/core/ext/filters/client_channel/subchannel.h +7 -9
- data/src/core/ext/filters/client_channel/subchannel_interface.h +9 -13
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +3 -6
- data/src/core/ext/filters/client_channel/{lb_policy/xds/xds_load_balancer_api.cc → xds/xds_api.cc} +169 -52
- data/src/core/ext/filters/client_channel/xds/xds_api.h +171 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +450 -0
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.h +99 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel.h +8 -6
- data/src/core/ext/filters/client_channel/xds/xds_channel_args.h +26 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_channel_secure.cc +28 -11
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +1413 -0
- data/src/core/ext/filters/client_channel/xds/xds_client.h +221 -0
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.cc +1 -5
- data/src/core/ext/filters/client_channel/{lb_policy/xds → xds}/xds_client_stats.h +3 -4
- data/src/core/ext/filters/deadline/deadline_filter.cc +20 -20
- data/src/core/ext/filters/http/client/http_client_filter.cc +15 -15
- data/src/core/ext/filters/http/client_authority_filter.cc +14 -14
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +12 -12
- data/src/core/ext/filters/max_age/max_age_filter.cc +59 -50
- data/src/core/ext/filters/message_size/message_size_filter.cc +18 -18
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +15 -14
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +233 -175
- data/src/core/ext/transport/chttp2/transport/flow_control.h +21 -24
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +253 -163
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +24 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -15
- data/src/core/ext/transport/chttp2/transport/writing.cc +3 -0
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -13
- data/src/core/lib/channel/channel_args.cc +16 -0
- data/src/core/lib/channel/channel_args.h +22 -0
- data/src/core/lib/channel/channelz.cc +5 -6
- data/src/core/lib/channel/channelz.h +1 -1
- data/src/core/lib/channel/connected_channel.cc +20 -20
- data/src/core/lib/channel/handshaker.h +3 -4
- data/src/core/lib/channel/handshaker_factory.h +1 -3
- data/src/core/lib/debug/trace.h +3 -2
- data/src/core/lib/gprpp/arena.cc +3 -3
- data/src/core/lib/gprpp/arena.h +2 -3
- data/src/core/lib/gprpp/inlined_vector.h +9 -0
- data/src/core/lib/gprpp/map.h +3 -501
- data/src/core/lib/gprpp/memory.h +45 -41
- data/src/core/lib/gprpp/mpscq.cc +108 -0
- data/src/core/lib/gprpp/mpscq.h +98 -0
- data/src/core/lib/gprpp/orphanable.h +6 -11
- data/src/core/lib/gprpp/ref_counted.h +25 -19
- data/src/core/lib/gprpp/set.h +33 -0
- data/src/core/lib/gprpp/thd.h +2 -4
- data/src/core/lib/http/httpcli.cc +1 -1
- data/src/core/lib/http/httpcli_security_connector.cc +15 -11
- data/src/core/lib/http/parser.cc +1 -1
- data/src/core/lib/iomgr/buffer_list.cc +4 -5
- data/src/core/lib/iomgr/buffer_list.h +5 -6
- data/src/core/lib/iomgr/call_combiner.cc +4 -5
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/cfstream_handle.h +3 -5
- data/src/core/lib/iomgr/closure.h +8 -3
- data/src/core/lib/iomgr/combiner.cc +45 -82
- data/src/core/lib/iomgr/combiner.h +32 -8
- data/src/core/lib/iomgr/endpoint_cfstream.cc +5 -3
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +19 -15
- data/src/core/lib/iomgr/ev_poll_posix.cc +3 -1
- data/src/core/lib/iomgr/exec_ctx.h +4 -3
- data/src/core/lib/iomgr/executor.cc +4 -2
- data/src/core/lib/iomgr/executor.h +3 -0
- data/src/core/lib/iomgr/executor/mpmcqueue.h +3 -6
- data/src/core/lib/iomgr/executor/threadpool.cc +1 -2
- data/src/core/lib/iomgr/executor/threadpool.h +7 -11
- data/src/core/lib/iomgr/resource_quota.cc +55 -51
- data/src/core/lib/iomgr/resource_quota.h +13 -9
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +13 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +4 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +4 -11
- data/src/core/lib/iomgr/tcp_custom.cc +9 -7
- data/src/core/lib/iomgr/tcp_posix.cc +20 -16
- data/src/core/lib/iomgr/tcp_server.h +1 -4
- data/src/core/lib/iomgr/tcp_server_custom.cc +5 -5
- data/src/core/lib/iomgr/tcp_server_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -11
- data/src/core/lib/iomgr/timer_custom.cc +2 -2
- data/src/core/lib/iomgr/udp_server.cc +3 -2
- data/src/core/lib/iomgr/udp_server.h +6 -12
- data/src/core/lib/json/json.h +1 -1
- data/src/core/lib/json/json_string.cc +2 -2
- data/src/core/lib/profiling/basic_timers.cc +2 -2
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -2
- data/src/core/lib/security/credentials/alts/grpc_alts_credentials_server_options.cc +1 -1
- data/src/core/lib/security/credentials/credentials.h +4 -20
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +4 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +64 -0
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +9 -7
- data/src/core/lib/security/security_connector/load_system_roots_linux.cc +2 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +4 -4
- data/src/core/lib/security/security_connector/security_connector.cc +1 -0
- data/src/core/lib/security/security_connector/security_connector.h +19 -17
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +8 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +2 -2
- data/src/core/lib/security/security_connector/ssl_utils.h +1 -1
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.cc +14 -6
- data/src/core/lib/security/security_connector/tls/spiffe_security_connector.h +4 -2
- data/src/core/lib/security/transport/client_auth_filter.cc +17 -17
- data/src/core/lib/security/transport/security_handshaker.cc +29 -13
- data/src/core/lib/security/transport/security_handshaker.h +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +14 -14
- data/src/core/lib/slice/slice.cc +2 -10
- data/src/core/lib/slice/slice_hash_table.h +4 -6
- data/src/core/lib/slice/slice_intern.cc +42 -39
- data/src/core/lib/slice/slice_internal.h +3 -3
- data/src/core/lib/slice/slice_utils.h +21 -4
- data/src/core/lib/slice/slice_weak_hash_table.h +4 -6
- data/src/core/lib/surface/call.cc +3 -3
- data/src/core/lib/surface/channel.cc +7 -0
- data/src/core/lib/surface/completion_queue.cc +12 -11
- data/src/core/lib/surface/completion_queue.h +4 -2
- data/src/core/lib/surface/init.cc +1 -0
- data/src/core/lib/surface/lame_client.cc +33 -18
- data/src/core/lib/surface/server.cc +77 -76
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/byte_stream.h +3 -7
- data/src/core/lib/transport/connectivity_state.cc +112 -98
- data/src/core/lib/transport/connectivity_state.h +100 -50
- data/src/core/lib/transport/static_metadata.cc +276 -288
- data/src/core/lib/transport/static_metadata.h +73 -76
- data/src/core/lib/transport/status_conversion.cc +1 -1
- data/src/core/lib/transport/status_metadata.cc +1 -1
- data/src/core/lib/transport/transport.cc +2 -2
- data/src/core/lib/transport/transport.h +12 -4
- data/src/core/lib/transport/transport_op_string.cc +14 -11
- data/src/core/tsi/alts/frame_protector/alts_unseal_privacy_integrity_crypter.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_shared_resource.cc +1 -1
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +5 -5
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +12 -2
- data/src/core/tsi/fake_transport_security.cc +7 -5
- data/src/core/tsi/grpc_shadow_boringssl.h +2918 -2627
- data/src/core/tsi/local_transport_security.cc +8 -6
- data/src/core/tsi/ssl/session_cache/ssl_session.h +1 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +7 -5
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +4 -6
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +1 -2
- data/src/core/tsi/ssl_transport_security.cc +12 -12
- data/src/core/tsi/ssl_transport_security.h +2 -2
- data/src/core/tsi/transport_security_grpc.cc +7 -0
- data/src/core/tsi/transport_security_grpc.h +6 -0
- data/src/ruby/ext/grpc/extconf.rb +1 -0
- data/src/ruby/ext/grpc/rb_call.c +1 -1
- data/src/ruby/ext/grpc/rb_channel.c +1 -1
- data/src/ruby/lib/grpc/generic/bidi_call.rb +1 -1
- data/src/ruby/lib/grpc/generic/rpc_server.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/google_rpc_status_utils_spec.rb +2 -2
- data/third_party/boringssl/crypto/asn1/a_bool.c +18 -5
- data/third_party/boringssl/crypto/asn1/a_d2i_fp.c +17 -221
- data/third_party/boringssl/crypto/asn1/a_dup.c +0 -24
- data/third_party/boringssl/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl/crypto/asn1/a_i2d_fp.c +10 -72
- data/third_party/boringssl/crypto/asn1/a_int.c +12 -71
- data/third_party/boringssl/crypto/asn1/a_mbstr.c +110 -216
- data/third_party/boringssl/crypto/asn1/a_object.c +16 -5
- data/third_party/boringssl/crypto/asn1/a_strnid.c +1 -0
- data/third_party/boringssl/crypto/asn1/asn1_lib.c +5 -1
- data/third_party/boringssl/crypto/asn1/tasn_enc.c +3 -1
- data/third_party/boringssl/crypto/base64/base64.c +2 -2
- data/third_party/boringssl/crypto/bio/bio.c +73 -9
- data/third_party/boringssl/crypto/bio/connect.c +4 -0
- data/third_party/boringssl/crypto/bio/fd.c +4 -0
- data/third_party/boringssl/crypto/bio/file.c +5 -2
- data/third_party/boringssl/crypto/bio/socket.c +4 -0
- data/third_party/boringssl/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl/crypto/bn_extra/convert.c +11 -7
- data/third_party/boringssl/crypto/bytestring/ber.c +8 -4
- data/third_party/boringssl/crypto/bytestring/cbb.c +19 -7
- data/third_party/boringssl/crypto/bytestring/cbs.c +28 -15
- data/third_party/boringssl/crypto/bytestring/internal.h +28 -7
- data/third_party/boringssl/crypto/bytestring/unicode.c +155 -0
- data/third_party/boringssl/crypto/chacha/chacha.c +36 -19
- data/third_party/boringssl/crypto/chacha/internal.h +45 -0
- data/third_party/boringssl/crypto/cipher_extra/cipher_extra.c +29 -0
- data/third_party/boringssl/crypto/cipher_extra/e_aesccm.c +269 -25
- data/third_party/boringssl/crypto/cipher_extra/e_aesctrhmac.c +16 -14
- data/third_party/boringssl/crypto/cipher_extra/e_aesgcmsiv.c +54 -38
- data/third_party/boringssl/crypto/cipher_extra/e_chacha20poly1305.c +133 -41
- data/third_party/boringssl/crypto/cipher_extra/e_tls.c +23 -15
- data/third_party/boringssl/crypto/cipher_extra/tls_cbc.c +24 -15
- data/third_party/boringssl/crypto/cmac/cmac.c +62 -25
- data/third_party/boringssl/crypto/conf/conf.c +7 -0
- data/third_party/boringssl/crypto/cpu-arm-linux.c +4 -148
- data/third_party/boringssl/crypto/cpu-arm-linux.h +201 -0
- data/third_party/boringssl/crypto/cpu-intel.c +45 -51
- data/third_party/boringssl/crypto/crypto.c +39 -22
- data/third_party/boringssl/crypto/curve25519/spake25519.c +1 -1
- data/third_party/boringssl/crypto/dsa/dsa.c +77 -53
- data/third_party/boringssl/crypto/ec_extra/ec_asn1.c +20 -8
- data/third_party/boringssl/crypto/ec_extra/ec_derive.c +96 -0
- data/third_party/boringssl/crypto/{ecdh/ecdh.c → ecdh_extra/ecdh_extra.c} +20 -58
- data/third_party/boringssl/crypto/ecdsa_extra/ecdsa_asn1.c +1 -9
- data/third_party/boringssl/crypto/engine/engine.c +2 -1
- data/third_party/boringssl/crypto/err/err.c +2 -0
- data/third_party/boringssl/crypto/err/internal.h +2 -2
- data/third_party/boringssl/crypto/evp/evp.c +89 -8
- data/third_party/boringssl/crypto/evp/evp_asn1.c +56 -5
- data/third_party/boringssl/crypto/evp/evp_ctx.c +52 -14
- data/third_party/boringssl/crypto/evp/internal.h +18 -1
- data/third_party/boringssl/crypto/evp/p_dsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_ec.c +51 -3
- data/third_party/boringssl/crypto/evp/p_ec_asn1.c +6 -7
- data/third_party/boringssl/crypto/evp/p_ed25519.c +36 -3
- data/third_party/boringssl/crypto/evp/p_ed25519_asn1.c +76 -45
- data/third_party/boringssl/crypto/evp/p_rsa.c +3 -1
- data/third_party/boringssl/crypto/evp/p_rsa_asn1.c +5 -0
- data/third_party/boringssl/crypto/evp/p_x25519.c +110 -0
- data/third_party/boringssl/crypto/evp/p_x25519_asn1.c +249 -0
- data/third_party/boringssl/crypto/evp/scrypt.c +6 -2
- data/third_party/boringssl/crypto/fipsmodule/aes/aes.c +34 -274
- data/third_party/boringssl/crypto/fipsmodule/aes/internal.h +161 -21
- data/third_party/boringssl/crypto/fipsmodule/aes/key_wrap.c +111 -13
- data/third_party/boringssl/crypto/fipsmodule/aes/mode_wrappers.c +17 -21
- data/third_party/boringssl/crypto/fipsmodule/bcm.c +119 -7
- data/third_party/boringssl/crypto/fipsmodule/bn/bn.c +19 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/cmp.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/bn/ctx.c +93 -160
- data/third_party/boringssl/crypto/fipsmodule/bn/div.c +48 -57
- data/third_party/boringssl/crypto/fipsmodule/bn/div_extra.c +87 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/exponentiation.c +143 -211
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd.c +0 -305
- data/third_party/boringssl/crypto/fipsmodule/bn/gcd_extra.c +325 -0
- data/third_party/boringssl/crypto/fipsmodule/bn/internal.h +168 -50
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery.c +68 -92
- data/third_party/boringssl/crypto/fipsmodule/bn/montgomery_inv.c +7 -6
- data/third_party/boringssl/crypto/fipsmodule/bn/mul.c +11 -14
- data/third_party/boringssl/crypto/fipsmodule/bn/prime.c +358 -443
- data/third_party/boringssl/crypto/fipsmodule/bn/random.c +25 -35
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.c +20 -25
- data/third_party/boringssl/crypto/fipsmodule/bn/rsaz_exp.h +76 -5
- data/third_party/boringssl/crypto/fipsmodule/bn/shift.c +14 -14
- data/third_party/boringssl/crypto/fipsmodule/cipher/cipher.c +7 -2
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_aes.c +383 -516
- data/third_party/boringssl/crypto/fipsmodule/cipher/e_des.c +4 -0
- data/third_party/boringssl/crypto/fipsmodule/cipher/internal.h +3 -4
- data/third_party/boringssl/crypto/fipsmodule/delocate.h +3 -2
- data/third_party/boringssl/crypto/fipsmodule/digest/digest.c +32 -17
- data/third_party/boringssl/crypto/fipsmodule/digest/md32_common.h +3 -3
- data/third_party/boringssl/crypto/fipsmodule/ec/ec.c +228 -122
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_key.c +34 -8
- data/third_party/boringssl/crypto/fipsmodule/ec/ec_montgomery.c +311 -98
- data/third_party/boringssl/crypto/fipsmodule/ec/felem.c +82 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/internal.h +263 -97
- data/third_party/boringssl/crypto/fipsmodule/ec/oct.c +22 -59
- data/third_party/boringssl/crypto/fipsmodule/ec/p224-64.c +317 -234
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64-table.h +9473 -9475
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.c +313 -109
- data/third_party/boringssl/crypto/fipsmodule/ec/p256-x86_64.h +36 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/scalar.c +96 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/simple.c +126 -792
- data/third_party/boringssl/crypto/fipsmodule/ec/simple_mul.c +84 -0
- data/third_party/boringssl/crypto/fipsmodule/ec/util.c +163 -12
- data/third_party/boringssl/crypto/fipsmodule/ec/wnaf.c +84 -211
- data/third_party/boringssl/crypto/fipsmodule/ecdh/ecdh.c +122 -0
- data/third_party/boringssl/crypto/fipsmodule/ecdsa/ecdsa.c +60 -205
- data/third_party/boringssl/crypto/fipsmodule/fips_shared_support.c +32 -0
- data/third_party/boringssl/crypto/fipsmodule/is_fips.c +2 -0
- data/third_party/boringssl/crypto/fipsmodule/md4/md4.c +3 -1
- data/third_party/boringssl/crypto/fipsmodule/md5/internal.h +37 -0
- data/third_party/boringssl/crypto/fipsmodule/md5/md5.c +11 -8
- data/third_party/boringssl/crypto/fipsmodule/modes/cbc.c +35 -79
- data/third_party/boringssl/crypto/fipsmodule/modes/cfb.c +7 -39
- data/third_party/boringssl/crypto/fipsmodule/modes/ctr.c +7 -27
- data/third_party/boringssl/crypto/fipsmodule/modes/gcm.c +123 -309
- data/third_party/boringssl/crypto/fipsmodule/modes/internal.h +189 -126
- data/third_party/boringssl/crypto/fipsmodule/modes/ofb.c +3 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/ctrdrbg.c +2 -2
- data/third_party/boringssl/crypto/fipsmodule/rand/internal.h +35 -0
- data/third_party/boringssl/crypto/fipsmodule/rand/rand.c +24 -19
- data/third_party/boringssl/crypto/fipsmodule/rand/urandom.c +256 -77
- data/third_party/boringssl/crypto/fipsmodule/rsa/padding.c +10 -7
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa.c +5 -1
- data/third_party/boringssl/crypto/fipsmodule/rsa/rsa_impl.c +131 -14
- data/third_party/boringssl/crypto/fipsmodule/self_check/self_check.c +83 -10
- data/third_party/boringssl/crypto/fipsmodule/sha/internal.h +53 -0
- data/third_party/boringssl/crypto/fipsmodule/sha/sha1.c +9 -13
- data/third_party/boringssl/crypto/fipsmodule/sha/sha256.c +18 -12
- data/third_party/boringssl/crypto/fipsmodule/sha/sha512.c +95 -168
- data/third_party/boringssl/crypto/hrss/hrss.c +2201 -0
- data/third_party/boringssl/crypto/hrss/internal.h +62 -0
- data/third_party/boringssl/crypto/internal.h +95 -20
- data/third_party/boringssl/crypto/lhash/lhash.c +45 -33
- data/third_party/boringssl/crypto/mem.c +39 -2
- data/third_party/boringssl/crypto/obj/obj.c +4 -4
- data/third_party/boringssl/crypto/obj/obj_dat.h +6181 -875
- data/third_party/boringssl/crypto/pem/pem_all.c +2 -3
- data/third_party/boringssl/crypto/pem/pem_info.c +144 -162
- data/third_party/boringssl/crypto/pem/pem_lib.c +53 -52
- data/third_party/boringssl/crypto/pem/pem_pkey.c +13 -21
- data/third_party/boringssl/crypto/pkcs7/pkcs7.c +15 -22
- data/third_party/boringssl/crypto/pkcs7/pkcs7_x509.c +168 -16
- data/third_party/boringssl/crypto/pkcs8/internal.h +11 -0
- data/third_party/boringssl/crypto/pkcs8/p5_pbev2.c +24 -15
- data/third_party/boringssl/crypto/pkcs8/pkcs8.c +42 -25
- data/third_party/boringssl/crypto/pkcs8/pkcs8_x509.c +559 -43
- data/third_party/boringssl/crypto/pool/internal.h +1 -1
- data/third_party/boringssl/crypto/pool/pool.c +21 -0
- data/third_party/boringssl/crypto/rand_extra/deterministic.c +8 -0
- data/third_party/boringssl/crypto/rand_extra/fuchsia.c +1 -14
- data/third_party/boringssl/crypto/refcount_lock.c +2 -2
- data/third_party/boringssl/crypto/rsa_extra/rsa_print.c +22 -0
- data/third_party/boringssl/crypto/siphash/siphash.c +80 -0
- data/third_party/boringssl/crypto/stack/stack.c +83 -32
- data/third_party/boringssl/crypto/thread_none.c +2 -2
- data/third_party/boringssl/crypto/thread_pthread.c +2 -2
- data/third_party/boringssl/crypto/thread_win.c +38 -19
- data/third_party/boringssl/crypto/x509/a_strex.c +22 -2
- data/third_party/boringssl/crypto/x509/asn1_gen.c +2 -1
- data/third_party/boringssl/crypto/x509/by_dir.c +7 -0
- data/third_party/boringssl/crypto/x509/by_file.c +12 -10
- data/third_party/boringssl/crypto/x509/t_crl.c +5 -8
- data/third_party/boringssl/crypto/x509/t_req.c +1 -3
- data/third_party/boringssl/crypto/x509/t_x509.c +5 -8
- data/third_party/boringssl/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_def.c +1 -1
- data/third_party/boringssl/crypto/x509/x509_lu.c +114 -5
- data/third_party/boringssl/crypto/x509/x509_req.c +20 -0
- data/third_party/boringssl/crypto/x509/x509_set.c +5 -0
- data/third_party/boringssl/crypto/x509/x509_trs.c +1 -0
- data/third_party/boringssl/crypto/x509/x509_txt.c +4 -5
- data/third_party/boringssl/crypto/x509/x509_vfy.c +145 -138
- data/third_party/boringssl/crypto/x509/x509_vpm.c +2 -0
- data/third_party/boringssl/crypto/x509/x509cset.c +40 -0
- data/third_party/boringssl/crypto/x509/x509name.c +2 -3
- data/third_party/boringssl/crypto/x509/x_all.c +109 -210
- data/third_party/boringssl/crypto/x509/x_x509.c +6 -0
- data/third_party/boringssl/crypto/x509v3/ext_dat.h +1 -3
- data/third_party/boringssl/crypto/x509v3/internal.h +56 -0
- data/third_party/boringssl/crypto/x509v3/pcy_cache.c +2 -0
- data/third_party/boringssl/crypto/x509v3/pcy_node.c +1 -0
- data/third_party/boringssl/crypto/x509v3/pcy_tree.c +4 -2
- data/third_party/boringssl/crypto/x509v3/v3_akey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_alt.c +19 -13
- data/third_party/boringssl/crypto/x509v3/v3_conf.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_cpols.c +3 -2
- data/third_party/boringssl/crypto/x509v3/v3_genn.c +1 -6
- data/third_party/boringssl/crypto/x509v3/v3_lib.c +1 -0
- data/third_party/boringssl/crypto/x509v3/v3_ocsp.c +68 -0
- data/third_party/boringssl/crypto/x509v3/v3_pci.c +2 -1
- data/third_party/boringssl/crypto/x509v3/v3_purp.c +47 -69
- data/third_party/boringssl/crypto/x509v3/v3_skey.c +5 -2
- data/third_party/boringssl/crypto/x509v3/v3_utl.c +69 -25
- data/third_party/boringssl/include/openssl/aead.h +45 -19
- data/third_party/boringssl/include/openssl/aes.h +32 -7
- data/third_party/boringssl/include/openssl/asn1.h +7 -77
- data/third_party/boringssl/include/openssl/base.h +120 -6
- data/third_party/boringssl/include/openssl/base64.h +4 -1
- data/third_party/boringssl/include/openssl/bio.h +112 -81
- data/third_party/boringssl/include/openssl/blowfish.h +3 -3
- data/third_party/boringssl/include/openssl/bn.h +55 -29
- data/third_party/boringssl/include/openssl/buf.h +2 -2
- data/third_party/boringssl/include/openssl/bytestring.h +54 -32
- data/third_party/boringssl/include/openssl/cast.h +2 -2
- data/third_party/boringssl/include/openssl/cipher.h +46 -16
- data/third_party/boringssl/include/openssl/cmac.h +6 -2
- data/third_party/boringssl/include/openssl/conf.h +3 -6
- data/third_party/boringssl/include/openssl/cpu.h +25 -9
- data/third_party/boringssl/include/openssl/crypto.h +32 -10
- data/third_party/boringssl/include/openssl/curve25519.h +4 -4
- data/third_party/boringssl/include/openssl/dh.h +3 -2
- data/third_party/boringssl/include/openssl/digest.h +21 -7
- data/third_party/boringssl/include/openssl/dsa.h +8 -2
- data/third_party/boringssl/include/openssl/e_os2.h +18 -0
- data/third_party/boringssl/include/openssl/ec.h +25 -21
- data/third_party/boringssl/include/openssl/ec_key.h +36 -8
- data/third_party/boringssl/include/openssl/ecdh.h +17 -0
- data/third_party/boringssl/include/openssl/ecdsa.h +3 -3
- data/third_party/boringssl/include/openssl/engine.h +4 -4
- data/third_party/boringssl/include/openssl/err.h +3 -0
- data/third_party/boringssl/include/openssl/evp.h +199 -42
- data/third_party/boringssl/include/openssl/hmac.h +4 -4
- data/third_party/boringssl/include/openssl/hrss.h +100 -0
- data/third_party/boringssl/include/openssl/lhash.h +131 -23
- data/third_party/boringssl/include/openssl/md4.h +6 -4
- data/third_party/boringssl/include/openssl/md5.h +6 -4
- data/third_party/boringssl/include/openssl/mem.h +6 -2
- data/third_party/boringssl/include/openssl/nid.h +3 -0
- data/third_party/boringssl/include/openssl/obj.h +3 -0
- data/third_party/boringssl/include/openssl/pem.h +102 -64
- data/third_party/boringssl/include/openssl/pkcs7.h +136 -3
- data/third_party/boringssl/include/openssl/pkcs8.h +42 -3
- data/third_party/boringssl/include/openssl/pool.h +13 -2
- data/third_party/boringssl/include/openssl/ripemd.h +5 -4
- data/third_party/boringssl/include/openssl/rsa.h +46 -15
- data/third_party/boringssl/include/openssl/sha.h +40 -28
- data/third_party/boringssl/include/openssl/siphash.h +37 -0
- data/third_party/boringssl/include/openssl/span.h +17 -9
- data/third_party/boringssl/include/openssl/ssl.h +766 -393
- data/third_party/boringssl/include/openssl/ssl3.h +4 -3
- data/third_party/boringssl/include/openssl/stack.h +134 -77
- data/third_party/boringssl/include/openssl/thread.h +1 -1
- data/third_party/boringssl/include/openssl/tls1.h +25 -9
- data/third_party/boringssl/include/openssl/type_check.h +14 -15
- data/third_party/boringssl/include/openssl/x509.h +28 -3
- data/third_party/boringssl/include/openssl/x509_vfy.h +98 -32
- data/third_party/boringssl/include/openssl/x509v3.h +17 -13
- data/third_party/boringssl/ssl/d1_both.cc +9 -18
- data/third_party/boringssl/ssl/d1_lib.cc +4 -3
- data/third_party/boringssl/ssl/d1_pkt.cc +4 -4
- data/third_party/boringssl/ssl/d1_srtp.cc +15 -15
- data/third_party/boringssl/ssl/dtls_method.cc +0 -1
- data/third_party/boringssl/ssl/dtls_record.cc +28 -28
- data/third_party/boringssl/ssl/handoff.cc +295 -91
- data/third_party/boringssl/ssl/handshake.cc +133 -72
- data/third_party/boringssl/ssl/handshake_client.cc +218 -189
- data/third_party/boringssl/ssl/handshake_server.cc +399 -272
- data/third_party/boringssl/ssl/internal.h +1413 -928
- data/third_party/boringssl/ssl/s3_both.cc +175 -36
- data/third_party/boringssl/ssl/s3_lib.cc +9 -13
- data/third_party/boringssl/ssl/s3_pkt.cc +63 -29
- data/third_party/boringssl/ssl/ssl_aead_ctx.cc +55 -35
- data/third_party/boringssl/ssl/ssl_asn1.cc +57 -73
- data/third_party/boringssl/ssl/ssl_buffer.cc +13 -12
- data/third_party/boringssl/ssl/ssl_cert.cc +313 -210
- data/third_party/boringssl/ssl/ssl_cipher.cc +159 -221
- data/third_party/boringssl/ssl/ssl_file.cc +2 -0
- data/third_party/boringssl/ssl/ssl_key_share.cc +164 -19
- data/third_party/boringssl/ssl/ssl_lib.cc +847 -555
- data/third_party/boringssl/ssl/ssl_privkey.cc +441 -111
- data/third_party/boringssl/ssl/ssl_session.cc +230 -178
- data/third_party/boringssl/ssl/ssl_transcript.cc +21 -142
- data/third_party/boringssl/ssl/ssl_versions.cc +88 -93
- data/third_party/boringssl/ssl/ssl_x509.cc +279 -218
- data/third_party/boringssl/ssl/t1_enc.cc +5 -96
- data/third_party/boringssl/ssl/t1_lib.cc +931 -678
- data/third_party/boringssl/ssl/tls13_both.cc +251 -121
- data/third_party/boringssl/ssl/tls13_client.cc +129 -73
- data/third_party/boringssl/ssl/tls13_enc.cc +350 -282
- data/third_party/boringssl/ssl/tls13_server.cc +259 -192
- data/third_party/boringssl/ssl/tls_method.cc +26 -21
- data/third_party/boringssl/ssl/tls_record.cc +42 -47
- data/third_party/boringssl/third_party/fiat/curve25519.c +261 -1324
- data/third_party/boringssl/third_party/fiat/curve25519_32.h +911 -0
- data/third_party/boringssl/third_party/fiat/curve25519_64.h +559 -0
- data/third_party/boringssl/third_party/fiat/p256.c +238 -999
- data/third_party/boringssl/third_party/fiat/p256_32.h +3226 -0
- data/third_party/boringssl/third_party/fiat/p256_64.h +1217 -0
- data/third_party/upb/upb/port_def.inc +1 -1
- data/third_party/upb/upb/table.c +2 -1
- metadata +72 -44
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_load_balancer_api.h +0 -127
- data/src/core/lib/gpr/mpscq.cc +0 -117
- data/src/core/lib/gpr/mpscq.h +0 -88
- data/src/core/lib/gprpp/abstract.h +0 -47
- data/src/core/lib/gprpp/pair.h +0 -38
- data/third_party/boringssl/crypto/cipher_extra/e_ssl3.c +0 -460
- data/third_party/boringssl/crypto/fipsmodule/modes/ccm.c +0 -256
- data/third_party/boringssl/include/openssl/lhash_macros.h +0 -174
- data/third_party/boringssl/ssl/custom_extensions.cc +0 -265
@@ -84,6 +84,12 @@ extern "C" {
|
|
84
84
|
|
85
85
|
|
86
86
|
// EC key objects.
|
87
|
+
//
|
88
|
+
// An |EC_KEY| object represents a public or private EC key. A given object may
|
89
|
+
// be used concurrently on multiple threads by non-mutating functions, provided
|
90
|
+
// no other thread is concurrently calling a mutating function. Unless otherwise
|
91
|
+
// documented, functions which take a |const| pointer are non-mutating and
|
92
|
+
// functions which take a non-|const| pointer are mutating.
|
87
93
|
|
88
94
|
// EC_KEY_new returns a fresh |EC_KEY| object or NULL on error.
|
89
95
|
OPENSSL_EXPORT EC_KEY *EC_KEY_new(void);
|
@@ -102,7 +108,8 @@ OPENSSL_EXPORT void EC_KEY_free(EC_KEY *key);
|
|
102
108
|
// EC_KEY_dup returns a fresh copy of |src| or NULL on error.
|
103
109
|
OPENSSL_EXPORT EC_KEY *EC_KEY_dup(const EC_KEY *src);
|
104
110
|
|
105
|
-
// EC_KEY_up_ref increases the reference count of |key| and returns one.
|
111
|
+
// EC_KEY_up_ref increases the reference count of |key| and returns one. It does
|
112
|
+
// not mutate |key| for thread-safety purposes and may be used concurrently.
|
106
113
|
OPENSSL_EXPORT int EC_KEY_up_ref(EC_KEY *key);
|
107
114
|
|
108
115
|
// EC_KEY_is_opaque returns one if |key| is opaque and doesn't expose its key
|
@@ -113,8 +120,8 @@ OPENSSL_EXPORT int EC_KEY_is_opaque(const EC_KEY *key);
|
|
113
120
|
OPENSSL_EXPORT const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
|
114
121
|
|
115
122
|
// EC_KEY_set_group sets the |EC_GROUP| object that |key| will use to |group|.
|
116
|
-
// It returns one on success and zero
|
117
|
-
//
|
123
|
+
// It returns one on success and zero if |key| is already configured with a
|
124
|
+
// different group.
|
118
125
|
OPENSSL_EXPORT int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
|
119
126
|
|
120
127
|
// EC_KEY_get0_private_key returns a pointer to the private key inside |key|.
|
@@ -123,7 +130,7 @@ OPENSSL_EXPORT const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
|
|
123
130
|
// EC_KEY_set_private_key sets the private key of |key| to |priv|. It returns
|
124
131
|
// one on success and zero otherwise. |key| must already have had a group
|
125
132
|
// configured (see |EC_KEY_set_group| and |EC_KEY_new_by_curve_name|).
|
126
|
-
OPENSSL_EXPORT int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *
|
133
|
+
OPENSSL_EXPORT int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv);
|
127
134
|
|
128
135
|
// EC_KEY_get0_public_key returns a pointer to the public key point inside
|
129
136
|
// |key|.
|
@@ -167,8 +174,14 @@ OPENSSL_EXPORT int EC_KEY_check_fips(const EC_KEY *key);
|
|
167
174
|
// EC_KEY_set_public_key_affine_coordinates sets the public key in |key| to
|
168
175
|
// (|x|, |y|). It returns one on success and zero otherwise.
|
169
176
|
OPENSSL_EXPORT int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key,
|
170
|
-
BIGNUM *x,
|
171
|
-
BIGNUM *y);
|
177
|
+
const BIGNUM *x,
|
178
|
+
const BIGNUM *y);
|
179
|
+
|
180
|
+
// EC_KEY_key2buf encodes the public key in |key| to an allocated octet string
|
181
|
+
// and sets |*out_buf| to point to it. It returns the length of the encoded
|
182
|
+
// octet string or zero if an error occurred.
|
183
|
+
OPENSSL_EXPORT size_t EC_KEY_key2buf(EC_KEY *key, point_conversion_form_t form,
|
184
|
+
unsigned char **out_buf, BN_CTX *ctx);
|
172
185
|
|
173
186
|
|
174
187
|
// Key generation.
|
@@ -182,6 +195,20 @@ OPENSSL_EXPORT int EC_KEY_generate_key(EC_KEY *key);
|
|
182
195
|
// additional checks for FIPS compliance.
|
183
196
|
OPENSSL_EXPORT int EC_KEY_generate_key_fips(EC_KEY *key);
|
184
197
|
|
198
|
+
// EC_KEY_derive_from_secret deterministically derives a private key for |group|
|
199
|
+
// from an input secret using HKDF-SHA256. It returns a newly-allocated |EC_KEY|
|
200
|
+
// on success or NULL on error. |secret| must not be used in any other
|
201
|
+
// algorithm. If using a base secret for multiple operations, derive separate
|
202
|
+
// values with a KDF such as HKDF first.
|
203
|
+
//
|
204
|
+
// Note this function implements an arbitrary derivation scheme, rather than any
|
205
|
+
// particular standard one. New protocols are recommended to use X25519 and
|
206
|
+
// Ed25519, which have standard byte import functions. See
|
207
|
+
// |X25519_public_from_private| and |ED25519_keypair_from_seed|.
|
208
|
+
OPENSSL_EXPORT EC_KEY *EC_KEY_derive_from_secret(const EC_GROUP *group,
|
209
|
+
const uint8_t *secret,
|
210
|
+
size_t secret_len);
|
211
|
+
|
185
212
|
|
186
213
|
// Serialisation.
|
187
214
|
|
@@ -329,11 +356,12 @@ OPENSSL_EXPORT int i2o_ECPublicKey(const EC_KEY *key, unsigned char **outp);
|
|
329
356
|
|
330
357
|
extern "C++" {
|
331
358
|
|
332
|
-
|
359
|
+
BSSL_NAMESPACE_BEGIN
|
333
360
|
|
334
361
|
BORINGSSL_MAKE_DELETER(EC_KEY, EC_KEY_free)
|
362
|
+
BORINGSSL_MAKE_UP_REF(EC_KEY, EC_KEY_up_ref)
|
335
363
|
|
336
|
-
|
364
|
+
BSSL_NAMESPACE_END
|
337
365
|
|
338
366
|
} // extern C++
|
339
367
|
|
@@ -89,6 +89,22 @@ OPENSSL_EXPORT int ECDH_compute_key(
|
|
89
89
|
void *out, size_t outlen, const EC_POINT *pub_key, const EC_KEY *priv_key,
|
90
90
|
void *(*kdf)(const void *in, size_t inlen, void *out, size_t *outlen));
|
91
91
|
|
92
|
+
// ECDH_compute_key_fips calculates the shared key between |pub_key| and
|
93
|
+
// |priv_key| and hashes it with the appropriate SHA function for |out_len|. The
|
94
|
+
// only value values for |out_len| are thus 24 (SHA-224), 32 (SHA-256), 48
|
95
|
+
// (SHA-384), and 64 (SHA-512). It returns one on success and zero on error.
|
96
|
+
//
|
97
|
+
// Note that the return value is different to |ECDH_compute_key|: it returns an
|
98
|
+
// error flag (as is common for BoringSSL) rather than the number of bytes
|
99
|
+
// written.
|
100
|
+
//
|
101
|
+
// This function allows the FIPS module to compute an ECDH and KDF within the
|
102
|
+
// module boundary without taking an arbitrary function pointer for the KDF,
|
103
|
+
// which isn't very FIPSy.
|
104
|
+
OPENSSL_EXPORT int ECDH_compute_key_fips(uint8_t *out, size_t out_len,
|
105
|
+
const EC_POINT *pub_key,
|
106
|
+
const EC_KEY *priv_key);
|
107
|
+
|
92
108
|
|
93
109
|
#if defined(__cplusplus)
|
94
110
|
} // extern C
|
@@ -97,5 +113,6 @@ OPENSSL_EXPORT int ECDH_compute_key(
|
|
97
113
|
#define ECDH_R_KDF_FAILED 100
|
98
114
|
#define ECDH_R_NO_PRIVATE_VALUE 101
|
99
115
|
#define ECDH_R_POINT_ARITHMETIC_FAILURE 102
|
116
|
+
#define ECDH_R_UNKNOWN_DIGEST_LENGTH 103
|
100
117
|
|
101
118
|
#endif // OPENSSL_HEADER_ECDH_H
|
@@ -86,7 +86,7 @@ OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest,
|
|
86
86
|
size_t sig_len, const EC_KEY *key);
|
87
87
|
|
88
88
|
// ECDSA_size returns the maximum size of an ECDSA signature using |key|. It
|
89
|
-
// returns zero
|
89
|
+
// returns zero if |key| is NULL or if it doesn't have a group set.
|
90
90
|
OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key);
|
91
91
|
|
92
92
|
|
@@ -179,11 +179,11 @@ OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp);
|
|
179
179
|
|
180
180
|
extern "C++" {
|
181
181
|
|
182
|
-
|
182
|
+
BSSL_NAMESPACE_BEGIN
|
183
183
|
|
184
184
|
BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free)
|
185
185
|
|
186
|
-
|
186
|
+
BSSL_NAMESPACE_END
|
187
187
|
|
188
188
|
} // extern C++
|
189
189
|
|
@@ -40,8 +40,8 @@ extern "C" {
|
|
40
40
|
OPENSSL_EXPORT ENGINE *ENGINE_new(void);
|
41
41
|
|
42
42
|
// ENGINE_free decrements the reference counts for all methods linked from
|
43
|
-
// |engine| and frees |engine| itself.
|
44
|
-
OPENSSL_EXPORT
|
43
|
+
// |engine| and frees |engine| itself. It returns one.
|
44
|
+
OPENSSL_EXPORT int ENGINE_free(ENGINE *engine);
|
45
45
|
|
46
46
|
|
47
47
|
// Method accessors.
|
@@ -94,11 +94,11 @@ struct openssl_method_common_st {
|
|
94
94
|
|
95
95
|
extern "C++" {
|
96
96
|
|
97
|
-
|
97
|
+
BSSL_NAMESPACE_BEGIN
|
98
98
|
|
99
99
|
BORINGSSL_MAKE_DELETER(ENGINE, ENGINE_free)
|
100
100
|
|
101
|
-
|
101
|
+
BSSL_NAMESPACE_END
|
102
102
|
|
103
103
|
} // extern C++
|
104
104
|
|
@@ -152,6 +152,9 @@ OPENSSL_EXPORT void ERR_load_ERR_strings(void);
|
|
152
152
|
// ERR_load_crypto_strings does nothing.
|
153
153
|
OPENSSL_EXPORT void ERR_load_crypto_strings(void);
|
154
154
|
|
155
|
+
// ERR_load_RAND_strings does nothing.
|
156
|
+
OPENSSL_EXPORT void ERR_load_RAND_strings(void);
|
157
|
+
|
155
158
|
// ERR_free_strings does nothing.
|
156
159
|
OPENSSL_EXPORT void ERR_free_strings(void);
|
157
160
|
|
@@ -80,6 +80,12 @@ extern "C" {
|
|
80
80
|
|
81
81
|
|
82
82
|
// Public key objects.
|
83
|
+
//
|
84
|
+
// An |EVP_PKEY| object represents a public or private key. A given object may
|
85
|
+
// be used concurrently on multiple threads by non-mutating functions, provided
|
86
|
+
// no other thread is concurrently calling a mutating function. Unless otherwise
|
87
|
+
// documented, functions which take a |const| pointer are non-mutating and
|
88
|
+
// functions which take a non-|const| pointer are mutating.
|
83
89
|
|
84
90
|
// EVP_PKEY_new creates a new, empty public-key object and returns it or NULL
|
85
91
|
// on allocation failure.
|
@@ -89,7 +95,9 @@ OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new(void);
|
|
89
95
|
// itself.
|
90
96
|
OPENSSL_EXPORT void EVP_PKEY_free(EVP_PKEY *pkey);
|
91
97
|
|
92
|
-
// EVP_PKEY_up_ref increments the reference count of |pkey| and returns one.
|
98
|
+
// EVP_PKEY_up_ref increments the reference count of |pkey| and returns one. It
|
99
|
+
// does not mutate |pkey| for thread-safety purposes and may be used
|
100
|
+
// concurrently.
|
93
101
|
OPENSSL_EXPORT int EVP_PKEY_up_ref(EVP_PKEY *pkey);
|
94
102
|
|
95
103
|
// EVP_PKEY_is_opaque returns one if |pkey| is opaque. Opaque keys are backed by
|
@@ -121,7 +129,7 @@ OPENSSL_EXPORT int EVP_PKEY_size(const EVP_PKEY *pkey);
|
|
121
129
|
// EVP_PKEY_bits returns the "size", in bits, of |pkey|. For an RSA key, this
|
122
130
|
// returns the bit length of the modulus. For an EC key, this returns the bit
|
123
131
|
// length of the group order.
|
124
|
-
OPENSSL_EXPORT int EVP_PKEY_bits(EVP_PKEY *pkey);
|
132
|
+
OPENSSL_EXPORT int EVP_PKEY_bits(const EVP_PKEY *pkey);
|
125
133
|
|
126
134
|
// EVP_PKEY_id returns the type of |pkey|, which is one of the |EVP_PKEY_*|
|
127
135
|
// values.
|
@@ -136,51 +144,48 @@ OPENSSL_EXPORT int EVP_PKEY_type(int nid);
|
|
136
144
|
//
|
137
145
|
// The following functions get and set the underlying public key in an
|
138
146
|
// |EVP_PKEY| object. The |set1| functions take an additional reference to the
|
139
|
-
// underlying key and return one on success or zero
|
140
|
-
// functions adopt the caller's reference
|
141
|
-
//
|
142
|
-
//
|
143
|
-
// pointer.
|
147
|
+
// underlying key and return one on success or zero if |key| is NULL. The
|
148
|
+
// |assign| functions adopt the caller's reference and return one on success or
|
149
|
+
// zero if |key| is NULL. The |get1| functions return a fresh reference to the
|
150
|
+
// underlying object or NULL if |pkey| is not of the correct type. The |get0|
|
151
|
+
// functions behave the same but return a non-owning pointer.
|
152
|
+
//
|
153
|
+
// The |get0| and |get1| functions take |const| pointers and are thus
|
154
|
+
// non-mutating for thread-safety purposes, but mutating functions on the
|
155
|
+
// returned lower-level objects are considered to also mutate the |EVP_PKEY| and
|
156
|
+
// may not be called concurrently with other operations on the |EVP_PKEY|.
|
144
157
|
|
145
158
|
OPENSSL_EXPORT int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
|
146
159
|
OPENSSL_EXPORT int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
|
147
|
-
OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
|
148
|
-
OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
|
160
|
+
OPENSSL_EXPORT RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
|
161
|
+
OPENSSL_EXPORT RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey);
|
149
162
|
|
150
163
|
OPENSSL_EXPORT int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
|
151
164
|
OPENSSL_EXPORT int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
|
152
|
-
OPENSSL_EXPORT DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
|
153
|
-
OPENSSL_EXPORT DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
|
165
|
+
OPENSSL_EXPORT DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
|
166
|
+
OPENSSL_EXPORT DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey);
|
154
167
|
|
155
168
|
OPENSSL_EXPORT int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
|
156
169
|
OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
|
157
|
-
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
|
158
|
-
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
|
159
|
-
|
160
|
-
// EVP_PKEY_new_ed25519_public returns a newly allocated |EVP_PKEY| wrapping an
|
161
|
-
// Ed25519 public key, or NULL on allocation error.
|
162
|
-
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_public(
|
163
|
-
const uint8_t public_key[32]);
|
164
|
-
|
165
|
-
// EVP_PKEY_new_ed25519_private returns a newly allocated |EVP_PKEY| wrapping an
|
166
|
-
// Ed25519 private key, or NULL on allocation error.
|
167
|
-
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_private(
|
168
|
-
const uint8_t private_key[64]);
|
170
|
+
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
|
171
|
+
OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
|
169
172
|
|
170
173
|
#define EVP_PKEY_NONE NID_undef
|
171
174
|
#define EVP_PKEY_RSA NID_rsaEncryption
|
175
|
+
#define EVP_PKEY_RSA_PSS NID_rsassaPss
|
172
176
|
#define EVP_PKEY_DSA NID_dsa
|
173
177
|
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
|
174
178
|
#define EVP_PKEY_ED25519 NID_ED25519
|
179
|
+
#define EVP_PKEY_X25519 NID_X25519
|
175
180
|
|
176
181
|
// EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of
|
177
|
-
// the given type.
|
178
|
-
// values.
|
182
|
+
// the given type. It returns one if successful or zero if the |type| argument
|
183
|
+
// is not one of the |EVP_PKEY_*| values or if |key| is NULL.
|
179
184
|
OPENSSL_EXPORT int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
|
180
185
|
|
181
|
-
// EVP_PKEY_set_type sets the type of |pkey| to |type
|
182
|
-
// the |
|
183
|
-
// |pkey| is NULL, it simply reports whether the type is known.
|
186
|
+
// EVP_PKEY_set_type sets the type of |pkey| to |type|. It returns one if
|
187
|
+
// successful or zero if the |type| argument is not one of the |EVP_PKEY_*|
|
188
|
+
// values. If |pkey| is NULL, it simply reports whether the type is known.
|
184
189
|
OPENSSL_EXPORT int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
|
185
190
|
|
186
191
|
// EVP_PKEY_cmp_parameters compares the parameters of |a| and |b|. It returns
|
@@ -195,7 +200,8 @@ OPENSSL_EXPORT int EVP_PKEY_cmp_parameters(const EVP_PKEY *a,
|
|
195
200
|
|
196
201
|
// EVP_parse_public_key decodes a DER-encoded SubjectPublicKeyInfo structure
|
197
202
|
// (RFC 5280) from |cbs| and advances |cbs|. It returns a newly-allocated
|
198
|
-
// |EVP_PKEY| or NULL on error.
|
203
|
+
// |EVP_PKEY| or NULL on error. If the key is an EC key, the curve is guaranteed
|
204
|
+
// to be set.
|
199
205
|
//
|
200
206
|
// The caller must check the type of the parsed public key to ensure it is
|
201
207
|
// suitable and validate other desired key properties such as RSA modulus size
|
@@ -226,6 +232,48 @@ OPENSSL_EXPORT EVP_PKEY *EVP_parse_private_key(CBS *cbs);
|
|
226
232
|
OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key);
|
227
233
|
|
228
234
|
|
235
|
+
// Raw keys
|
236
|
+
//
|
237
|
+
// Some keys types support a "raw" serialization. Currently the only supported
|
238
|
+
// raw format is Ed25519, where the public key and private key formats are those
|
239
|
+
// specified in RFC 8032. Note the RFC 8032 private key format is the 32-byte
|
240
|
+
// prefix of |ED25519_sign|'s 64-byte private key.
|
241
|
+
|
242
|
+
// EVP_PKEY_new_raw_private_key returns a newly allocated |EVP_PKEY| wrapping a
|
243
|
+
// private key of the specified type. It returns one on success and zero on
|
244
|
+
// error.
|
245
|
+
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused,
|
246
|
+
const uint8_t *in,
|
247
|
+
size_t len);
|
248
|
+
|
249
|
+
// EVP_PKEY_new_raw_public_key returns a newly allocated |EVP_PKEY| wrapping a
|
250
|
+
// public key of the specified type. It returns one on success and zero on
|
251
|
+
// error.
|
252
|
+
OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused,
|
253
|
+
const uint8_t *in,
|
254
|
+
size_t len);
|
255
|
+
|
256
|
+
// EVP_PKEY_get_raw_private_key outputs the private key for |pkey| in raw form.
|
257
|
+
// If |out| is NULL, it sets |*out_len| to the size of the raw private key.
|
258
|
+
// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to
|
259
|
+
// the number of bytes written.
|
260
|
+
//
|
261
|
+
// It returns one on success and zero if |pkey| has no private key, the key
|
262
|
+
// type does not support a raw format, or the buffer is too small.
|
263
|
+
OPENSSL_EXPORT int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey,
|
264
|
+
uint8_t *out, size_t *out_len);
|
265
|
+
|
266
|
+
// EVP_PKEY_get_raw_public_key outputs the public key for |pkey| in raw form.
|
267
|
+
// If |out| is NULL, it sets |*out_len| to the size of the raw public key.
|
268
|
+
// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to
|
269
|
+
// the number of bytes written.
|
270
|
+
//
|
271
|
+
// It returns one on success and zero if |pkey| has no public key, the key
|
272
|
+
// type does not support a raw format, or the buffer is too small.
|
273
|
+
OPENSSL_EXPORT int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey,
|
274
|
+
uint8_t *out, size_t *out_len);
|
275
|
+
|
276
|
+
|
229
277
|
// Signing
|
230
278
|
|
231
279
|
// EVP_DigestSignInit sets up |ctx| for a signing operation with |type| and
|
@@ -238,6 +286,9 @@ OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key);
|
|
238
286
|
// Ed25519, |type| should be NULL. The |EVP_MD_CTX| itself is unused but is
|
239
287
|
// present so the API is uniform. See |EVP_DigestSign|.
|
240
288
|
//
|
289
|
+
// This function does not mutate |pkey| for thread-safety purposes and may be
|
290
|
+
// used concurrently with other non-mutating functions on |pkey|.
|
291
|
+
//
|
241
292
|
// It returns one on success, or zero on error.
|
242
293
|
OPENSSL_EXPORT int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
243
294
|
const EVP_MD *type, ENGINE *e,
|
@@ -291,6 +342,9 @@ OPENSSL_EXPORT int EVP_DigestSign(EVP_MD_CTX *ctx, uint8_t *out_sig,
|
|
291
342
|
// Ed25519, |type| should be NULL. The |EVP_MD_CTX| itself is unused but is
|
292
343
|
// present so the API is uniform. See |EVP_DigestVerify|.
|
293
344
|
//
|
345
|
+
// This function does not mutate |pkey| for thread-safety purposes and may be
|
346
|
+
// used concurrently with other non-mutating functions on |pkey|.
|
347
|
+
//
|
294
348
|
// It returns one on success, or zero on error.
|
295
349
|
OPENSSL_EXPORT int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
296
350
|
const EVP_MD *type, ENGINE *e,
|
@@ -351,7 +405,9 @@ OPENSSL_EXPORT int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *data,
|
|
351
405
|
// It returns one on success and zero otherwise.
|
352
406
|
//
|
353
407
|
// It does not modify |ctx|, thus it's possible to continue to use |ctx| in
|
354
|
-
// order to sign a longer message.
|
408
|
+
// order to sign a longer message. It also does not mutate |pkey| for
|
409
|
+
// thread-safety purposes and may be used concurrently with other non-mutating
|
410
|
+
// functions on |pkey|.
|
355
411
|
OPENSSL_EXPORT int EVP_SignFinal(const EVP_MD_CTX *ctx, uint8_t *sig,
|
356
412
|
unsigned int *out_sig_len, EVP_PKEY *pkey);
|
357
413
|
|
@@ -384,7 +440,9 @@ OPENSSL_EXPORT int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *data,
|
|
384
440
|
// It returns one on success and zero otherwise.
|
385
441
|
//
|
386
442
|
// It does not modify |ctx|, thus it's possible to continue to use |ctx| in
|
387
|
-
// order to
|
443
|
+
// order to verify a longer message. It also does not mutate |pkey| for
|
444
|
+
// thread-safety purposes and may be used concurrently with other non-mutating
|
445
|
+
// functions on |pkey|.
|
388
446
|
OPENSSL_EXPORT int EVP_VerifyFinal(EVP_MD_CTX *ctx, const uint8_t *sig,
|
389
447
|
size_t sig_len, EVP_PKEY *pkey);
|
390
448
|
|
@@ -415,7 +473,7 @@ OPENSSL_EXPORT int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
|
|
415
473
|
|
416
474
|
// PKCS5_PBKDF2_HMAC computes |iterations| iterations of PBKDF2 of |password|
|
417
475
|
// and |salt|, using |digest|, and outputs |key_len| bytes to |out_key|. It
|
418
|
-
// returns one on success and zero on
|
476
|
+
// returns one on success and zero on allocation failure or if iterations is 0.
|
419
477
|
OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
|
420
478
|
const uint8_t *salt, size_t salt_len,
|
421
479
|
unsigned iterations, const EVP_MD *digest,
|
@@ -431,12 +489,20 @@ OPENSSL_EXPORT int PKCS5_PBKDF2_HMAC_SHA1(const char *password,
|
|
431
489
|
|
432
490
|
// EVP_PBE_scrypt expands |password| into a secret key of length |key_len| using
|
433
491
|
// scrypt, as described in RFC 7914, and writes the result to |out_key|. It
|
434
|
-
// returns one on success and zero on
|
492
|
+
// returns one on success and zero on allocation failure, if the memory required
|
493
|
+
// for the operation exceeds |max_mem|, or if any of the parameters are invalid
|
494
|
+
// as described below.
|
435
495
|
//
|
436
496
|
// |N|, |r|, and |p| are as described in RFC 7914 section 6. They determine the
|
437
|
-
// cost of the operation. If
|
438
|
-
//
|
439
|
-
//
|
497
|
+
// cost of the operation. If |max_mem| is zero, a defult limit of 32MiB will be
|
498
|
+
// used.
|
499
|
+
//
|
500
|
+
// The parameters are considered invalid under any of the following conditions:
|
501
|
+
// - |r| or |p| are zero
|
502
|
+
// - |p| > (2^30 - 1) / |r|
|
503
|
+
// - |N| is not a power of two
|
504
|
+
// - |N| > 2^32
|
505
|
+
// - |N| > 2^(128 * |r| / 8)
|
440
506
|
OPENSSL_EXPORT int EVP_PBE_scrypt(const char *password, size_t password_len,
|
441
507
|
const uint8_t *salt, size_t salt_len,
|
442
508
|
uint64_t N, uint64_t r, uint64_t p,
|
@@ -613,9 +679,23 @@ OPENSSL_EXPORT int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, uint8_t *key,
|
|
613
679
|
OPENSSL_EXPORT int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
614
680
|
|
615
681
|
// EVP_PKEY_keygen performs a key generation operation using the values from
|
616
|
-
// |ctx
|
682
|
+
// |ctx|. If |*out_pkey| is non-NULL, it overwrites |*out_pkey| with the
|
683
|
+
// resulting key. Otherwise, it sets |*out_pkey| to a newly-allocated |EVP_PKEY|
|
684
|
+
// containing the result. It returns one on success or zero on error.
|
685
|
+
OPENSSL_EXPORT int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey);
|
686
|
+
|
687
|
+
// EVP_PKEY_paramgen_init initialises an |EVP_PKEY_CTX| for a parameter
|
688
|
+
// generation operation. It should be called before |EVP_PKEY_paramgen|.
|
689
|
+
//
|
617
690
|
// It returns one on success or zero on error.
|
618
|
-
OPENSSL_EXPORT int
|
691
|
+
OPENSSL_EXPORT int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
|
692
|
+
|
693
|
+
// EVP_PKEY_paramgen performs a parameter generation using the values from
|
694
|
+
// |ctx|. If |*out_pkey| is non-NULL, it overwrites |*out_pkey| with the
|
695
|
+
// resulting parameters, but no key. Otherwise, it sets |*out_pkey| to a
|
696
|
+
// newly-allocated |EVP_PKEY| containing the result. It returns one on success
|
697
|
+
// or zero on error.
|
698
|
+
OPENSSL_EXPORT int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **out_pkey);
|
619
699
|
|
620
700
|
|
621
701
|
// Generic control functions.
|
@@ -713,6 +793,15 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx,
|
|
713
793
|
const uint8_t **out_label);
|
714
794
|
|
715
795
|
|
796
|
+
// EC specific control functions.
|
797
|
+
|
798
|
+
// EVP_PKEY_CTX_set_ec_paramgen_curve_nid sets the curve used for
|
799
|
+
// |EVP_PKEY_keygen| or |EVP_PKEY_paramgen| operations to |nid|. It returns one
|
800
|
+
// on success and zero on error.
|
801
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx,
|
802
|
+
int nid);
|
803
|
+
|
804
|
+
|
716
805
|
// Deprecated functions.
|
717
806
|
|
718
807
|
// EVP_PKEY_DH is defined for compatibility, but it is impossible to create an
|
@@ -769,7 +858,7 @@ OPENSSL_EXPORT int i2d_PrivateKey(const EVP_PKEY *key, uint8_t **outp);
|
|
769
858
|
// EC keys are serialized as an EC point per SEC 1.
|
770
859
|
//
|
771
860
|
// Use |RSA_marshal_public_key| or |EC_POINT_point2cbb| instead.
|
772
|
-
OPENSSL_EXPORT int i2d_PublicKey(EVP_PKEY *key, uint8_t **outp);
|
861
|
+
OPENSSL_EXPORT int i2d_PublicKey(const EVP_PKEY *key, uint8_t **outp);
|
773
862
|
|
774
863
|
// d2i_PrivateKey parses an ASN.1, DER-encoded, private key from |len| bytes at
|
775
864
|
// |*inp|. If |out| is not NULL then, on exit, a pointer to the result is in
|
@@ -793,8 +882,73 @@ OPENSSL_EXPORT EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **out,
|
|
793
882
|
OPENSSL_EXPORT EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **out, const uint8_t **inp,
|
794
883
|
long len);
|
795
884
|
|
885
|
+
// d2i_PublicKey parse a public key from |len| bytes at |*inp| in a type-
|
886
|
+
// specific format specified by |type|. If |out| is not NULL then, on exit, a
|
887
|
+
// pointer to the result is in |*out|. Note that, even if |*out| is already non-
|
888
|
+
// NULL on entry, it will not be written to. Rather, a fresh |EVP_PKEY| is
|
889
|
+
// allocated and the previous one is freed. On successful exit, |*inp| is
|
890
|
+
// advanced past the decoded key. It returns the result or NULL on error.
|
891
|
+
//
|
892
|
+
// RSA keys are parsed as a DER-encoded RSAPublicKey (RFC 3447) structure.
|
893
|
+
// Parsing EC keys is not supported by this function.
|
894
|
+
//
|
895
|
+
// Use |RSA_parse_public_key| instead.
|
896
|
+
OPENSSL_EXPORT EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **out,
|
897
|
+
const uint8_t **inp, long len);
|
898
|
+
|
796
899
|
// EVP_PKEY_get0_DH returns NULL.
|
797
|
-
OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
|
900
|
+
OPENSSL_EXPORT DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
|
901
|
+
|
902
|
+
// EVP_PKEY_get1_DH returns NULL.
|
903
|
+
OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey);
|
904
|
+
|
905
|
+
// EVP_PKEY_CTX_set_ec_param_enc returns one if |encoding| is
|
906
|
+
// |OPENSSL_EC_NAMED_CURVE| or zero with an error otherwise.
|
907
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx,
|
908
|
+
int encoding);
|
909
|
+
|
910
|
+
// EVP_PKEY_set1_tls_encodedpoint replaces |pkey| with a public key encoded by
|
911
|
+
// |in|. It returns one on success and zero on error.
|
912
|
+
//
|
913
|
+
// This function only works on X25519 keys.
|
914
|
+
OPENSSL_EXPORT int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
|
915
|
+
const uint8_t *in,
|
916
|
+
size_t len);
|
917
|
+
|
918
|
+
// EVP_PKEY_get1_tls_encodedpoint sets |*out_ptr| to a newly-allocated buffer
|
919
|
+
// containing the raw encoded public key for |pkey|. The caller must call
|
920
|
+
// |OPENSSL_free| to release this buffer. The function returns the length of the
|
921
|
+
// buffer on success and zero on error.
|
922
|
+
//
|
923
|
+
// This function only works on X25519 keys.
|
924
|
+
OPENSSL_EXPORT size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey,
|
925
|
+
uint8_t **out_ptr);
|
926
|
+
|
927
|
+
// EVP_PKEY_base_id calls |EVP_PKEY_id|.
|
928
|
+
OPENSSL_EXPORT int EVP_PKEY_base_id(const EVP_PKEY *pkey);
|
929
|
+
|
930
|
+
|
931
|
+
// Preprocessor compatibility section (hidden).
|
932
|
+
//
|
933
|
+
// Historically, a number of APIs were implemented in OpenSSL as macros and
|
934
|
+
// constants to 'ctrl' functions. To avoid breaking #ifdefs in consumers, this
|
935
|
+
// section defines a number of legacy macros.
|
936
|
+
|
937
|
+
// |BORINGSSL_PREFIX| already makes each of these symbols into macros, so there
|
938
|
+
// is no need to define conflicting macros.
|
939
|
+
#if !defined(BORINGSSL_PREFIX)
|
940
|
+
#define EVP_PKEY_CTX_set_rsa_oaep_md EVP_PKEY_CTX_set_rsa_oaep_md
|
941
|
+
#define EVP_PKEY_CTX_set0_rsa_oaep_label EVP_PKEY_CTX_set0_rsa_oaep_label
|
942
|
+
#endif
|
943
|
+
|
944
|
+
|
945
|
+
// Nodejs compatibility section (hidden).
|
946
|
+
//
|
947
|
+
// These defines exist for node.js, with the hope that we can eliminate the
|
948
|
+
// need for them over time.
|
949
|
+
|
950
|
+
#define EVPerr(function, reason) \
|
951
|
+
ERR_put_error(ERR_LIB_EVP, 0, reason, __FILE__, __LINE__)
|
798
952
|
|
799
953
|
|
800
954
|
// Private structures.
|
@@ -824,12 +978,13 @@ struct evp_pkey_st {
|
|
824
978
|
} // extern C
|
825
979
|
|
826
980
|
extern "C++" {
|
827
|
-
|
981
|
+
BSSL_NAMESPACE_BEGIN
|
828
982
|
|
829
983
|
BORINGSSL_MAKE_DELETER(EVP_PKEY, EVP_PKEY_free)
|
984
|
+
BORINGSSL_MAKE_UP_REF(EVP_PKEY, EVP_PKEY_up_ref)
|
830
985
|
BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free)
|
831
986
|
|
832
|
-
|
987
|
+
BSSL_NAMESPACE_END
|
833
988
|
|
834
989
|
} // extern C++
|
835
990
|
|
@@ -869,5 +1024,7 @@ BORINGSSL_MAKE_DELETER(EVP_PKEY_CTX, EVP_PKEY_CTX_free)
|
|
869
1024
|
#define EVP_R_INVALID_SIGNATURE 131
|
870
1025
|
#define EVP_R_MEMORY_LIMIT_EXCEEDED 132
|
871
1026
|
#define EVP_R_INVALID_PARAMETERS 133
|
1027
|
+
#define EVP_R_INVALID_PEER_KEY 134
|
1028
|
+
#define EVP_R_NOT_XOF_OR_INVALID_LENGTH 135
|
872
1029
|
|
873
1030
|
#endif // OPENSSL_HEADER_EVP_H
|