grpc 1.30.2 → 1.31.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +560 -619
- data/include/grpc/grpc_security_constants.h +3 -0
- data/include/grpc/impl/codegen/grpc_types.h +7 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -32
- data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
- data/src/core/ext/filters/client_channel/client_channel.cc +406 -265
- data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
- data/src/core/ext/filters/client_channel/config_selector.h +93 -0
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +6 -5
- data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
- data/src/core/ext/filters/client_channel/lb_policy.h +2 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +39 -23
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +376 -68
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +33 -48
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +21 -18
- data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +33 -28
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +1 -1
- data/src/core/ext/filters/client_channel/xds/xds_api.cc +327 -123
- data/src/core/ext/filters/client_channel/xds/xds_api.h +72 -7
- data/src/core/ext/filters/client_channel/xds/xds_bootstrap.cc +12 -23
- data/src/core/ext/filters/client_channel/xds/xds_client.cc +112 -33
- data/src/core/ext/filters/client_channel/xds/xds_client_stats.h +10 -10
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
- data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
- data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
- data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +383 -347
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +6 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +1 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +7 -13
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +7 -8
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +19 -4
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +22 -27
- data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +6 -7
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
- data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
- data/src/core/ext/transport/chttp2/transport/internal.h +13 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +33 -43
- data/src/core/ext/transport/chttp2/transport/writing.cc +9 -14
- data/src/core/ext/transport/inproc/inproc_transport.cc +35 -15
- data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
- data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +80 -69
- data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +24 -23
- data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +66 -56
- data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +317 -311
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +42 -34
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +79 -61
- data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +55 -49
- data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +9 -8
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +163 -169
- data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +51 -45
- data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +4 -5
- data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +107 -100
- data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +137 -117
- data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +105 -87
- data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +12 -13
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +95 -101
- data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +49 -65
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +49 -42
- data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +70 -62
- data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +81 -65
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +91 -80
- data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +9 -10
- data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +36 -31
- data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +648 -696
- data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +16 -15
- data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +1 -1
- data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +95 -88
- data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +234 -199
- data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +5 -5
- data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +13 -13
- data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +1 -2
- data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +20 -18
- data/src/core/ext/upb-generated/envoy/type/http.upb.h +0 -1
- data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +18 -17
- data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +14 -14
- data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +23 -23
- data/src/core/ext/upb-generated/envoy/type/percent.upb.h +8 -9
- data/src/core/ext/upb-generated/envoy/type/range.upb.h +15 -16
- data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +7 -8
- data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +36 -35
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
- data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
- data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +3 -3
- data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
- data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
- data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +33 -54
- data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
- data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
- data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
- data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
- data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
- data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
- data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
- data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
- data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
- data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
- data/src/core/ext/upb-generated/validate/validate.upb.h +536 -535
- data/src/core/lib/channel/channel_trace.cc +2 -6
- data/src/core/lib/channel/channelz.cc +5 -15
- data/src/core/lib/gpr/log_linux.cc +6 -8
- data/src/core/lib/gpr/log_posix.cc +6 -8
- data/src/core/lib/gpr/string.cc +10 -9
- data/src/core/lib/gpr/string.h +4 -2
- data/src/core/lib/gprpp/global_config_env.cc +8 -6
- data/src/core/lib/http/httpcli.cc +13 -10
- data/src/core/lib/http/httpcli_security_connector.cc +5 -5
- data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
- data/src/core/lib/iomgr/error_cfstream.cc +9 -8
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
- data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
- data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
- data/src/core/lib/iomgr/ev_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr.cc +10 -0
- data/src/core/lib/iomgr/iomgr.h +10 -0
- data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
- data/src/core/lib/iomgr/port.h +1 -21
- data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
- data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
- data/src/core/lib/iomgr/resource_quota.cc +34 -31
- data/src/core/lib/iomgr/sockaddr_utils.cc +7 -5
- data/src/core/lib/iomgr/sockaddr_utils.h +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
- data/src/core/lib/iomgr/socket_windows.cc +4 -5
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
- data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
- data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
- data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
- data/src/core/lib/iomgr/tcp_custom.cc +1 -1
- data/src/core/lib/iomgr/tcp_custom.h +1 -1
- data/src/core/lib/iomgr/tcp_server.cc +3 -4
- data/src/core/lib/iomgr/tcp_server.h +7 -5
- data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
- data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
- data/src/core/lib/iomgr/timer_generic.cc +13 -12
- data/src/core/lib/iomgr/udp_server.cc +24 -23
- data/src/core/lib/iomgr/udp_server.h +5 -2
- data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
- data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
- data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
- data/src/core/lib/json/json_reader.cc +20 -21
- data/src/core/lib/security/credentials/credentials.h +5 -3
- data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +12 -9
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +10 -10
- data/src/core/lib/security/security_connector/security_connector.cc +2 -0
- data/src/core/lib/security/security_connector/security_connector.h +1 -1
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
- data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
- data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
- data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
- data/src/core/lib/security/util/json_util.cc +12 -13
- data/src/core/lib/slice/slice.cc +38 -1
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +40 -41
- data/src/core/lib/surface/completion_queue.cc +271 -14
- data/src/core/lib/surface/completion_queue.h +8 -0
- data/src/core/lib/surface/init.cc +2 -0
- data/src/core/lib/surface/server.cc +565 -632
- data/src/core/lib/surface/server.h +34 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/transport.h +6 -0
- data/src/core/lib/uri/uri_parser.cc +8 -15
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +2 -0
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
- data/src/core/tsi/ssl_transport_security.cc +102 -11
- data/src/core/tsi/ssl_transport_security.h +14 -2
- data/src/core/tsi/transport_security_interface.h +5 -0
- data/src/ruby/ext/grpc/extconf.rb +5 -2
- data/src/ruby/ext/grpc/rb_call.c +3 -2
- data/src/ruby/ext/grpc/rb_call.h +4 -0
- data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
- data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +89 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +143 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
- data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +33 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +789 -715
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +17 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +28 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +12 -9
- data/third_party/upb/upb/decode.c +467 -504
- data/third_party/upb/upb/encode.c +163 -121
- data/third_party/upb/upb/msg.c +130 -64
- data/third_party/upb/upb/msg.h +418 -14
- data/third_party/upb/upb/port_def.inc +35 -6
- data/third_party/upb/upb/port_undef.inc +8 -1
- data/third_party/upb/upb/table.c +53 -75
- data/third_party/upb/upb/table.int.h +11 -43
- data/third_party/upb/upb/upb.c +148 -124
- data/third_party/upb/upb/upb.h +65 -147
- data/third_party/upb/upb/upb.hpp +86 -0
- metadata +40 -37
- data/third_party/upb/upb/generated_util.h +0 -105
|
@@ -27,21 +27,6 @@
|
|
|
27
27
|
// protocol for issuing and redeeming tokens built on top of the PMBTokens
|
|
28
28
|
// construction.
|
|
29
29
|
|
|
30
|
-
const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v0(void) {
|
|
31
|
-
static const TRUST_TOKEN_METHOD kMethod = {
|
|
32
|
-
pmbtoken_exp0_generate_key,
|
|
33
|
-
pmbtoken_exp0_client_key_from_bytes,
|
|
34
|
-
pmbtoken_exp0_issuer_key_from_bytes,
|
|
35
|
-
pmbtoken_exp0_blind,
|
|
36
|
-
pmbtoken_exp0_sign,
|
|
37
|
-
pmbtoken_exp0_unblind,
|
|
38
|
-
pmbtoken_exp0_read,
|
|
39
|
-
0 /* don't use token hash */,
|
|
40
|
-
0 /* don't use batched proof */,
|
|
41
|
-
};
|
|
42
|
-
return &kMethod;
|
|
43
|
-
}
|
|
44
|
-
|
|
45
30
|
const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
|
|
46
31
|
static const TRUST_TOKEN_METHOD kMethod = {
|
|
47
32
|
pmbtoken_exp1_generate_key,
|
|
@@ -51,8 +36,6 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
|
|
|
51
36
|
pmbtoken_exp1_sign,
|
|
52
37
|
pmbtoken_exp1_unblind,
|
|
53
38
|
pmbtoken_exp1_read,
|
|
54
|
-
1 /* use token hash */,
|
|
55
|
-
1 /* use batched proof */,
|
|
56
39
|
};
|
|
57
40
|
return &kMethod;
|
|
58
41
|
}
|
|
@@ -597,16 +580,8 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
|
|
|
597
580
|
SHA256_Update(&sha_ctx, CBS_data(&token_copy), CBS_len(&token_copy));
|
|
598
581
|
SHA256_Final(token_hash, &sha_ctx);
|
|
599
582
|
|
|
600
|
-
uint8_t metadata_obfuscator
|
|
601
|
-
|
|
602
|
-
metadata_obfuscator =
|
|
603
|
-
get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len,
|
|
604
|
-
token_hash, sizeof(token_hash));
|
|
605
|
-
} else {
|
|
606
|
-
metadata_obfuscator =
|
|
607
|
-
get_metadata_obfuscator(ctx->metadata_key, ctx->metadata_key_len,
|
|
608
|
-
CBS_data(&client_data), CBS_len(&client_data));
|
|
609
|
-
}
|
|
583
|
+
uint8_t metadata_obfuscator = get_metadata_obfuscator(
|
|
584
|
+
ctx->metadata_key, ctx->metadata_key_len, token_hash, sizeof(token_hash));
|
|
610
585
|
|
|
611
586
|
// The SRR is constructed as per the format described in
|
|
612
587
|
// https://docs.google.com/document/d/1TNnya6B8pyomDK2F1R9CL3dY10OAmqWlnCxsWyOBDVQ/edit#heading=h.7mkzvhpqb8l5
|
|
@@ -625,10 +600,7 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
|
|
|
625
600
|
assert(strlen(kClientDataLabel) < strlen(kExpiryTimestampLabel));
|
|
626
601
|
assert(strlen(kPublicLabel) < strlen(kPrivateLabel));
|
|
627
602
|
|
|
628
|
-
size_t map_entries =
|
|
629
|
-
if (ctx->method->use_token_hash) {
|
|
630
|
-
map_entries = 4;
|
|
631
|
-
}
|
|
603
|
+
size_t map_entries = 4;
|
|
632
604
|
|
|
633
605
|
if (!CBB_init(&srr, 0) ||
|
|
634
606
|
!add_cbor_map(&srr, map_entries) || // SRR map
|
|
@@ -637,20 +609,10 @@ int TRUST_TOKEN_ISSUER_redeem(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
|
|
|
637
609
|
!add_cbor_text(&srr, kPublicLabel, strlen(kPublicLabel)) ||
|
|
638
610
|
!add_cbor_int(&srr, public_metadata) ||
|
|
639
611
|
!add_cbor_text(&srr, kPrivateLabel, strlen(kPrivateLabel)) ||
|
|
640
|
-
!add_cbor_int(&srr, private_metadata ^ metadata_obfuscator)
|
|
641
|
-
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
645
|
-
if (ctx->method->use_token_hash) {
|
|
646
|
-
if (!add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) ||
|
|
647
|
-
!add_cbor_bytes(&srr, token_hash, sizeof(token_hash))) {
|
|
648
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, ERR_R_MALLOC_FAILURE);
|
|
649
|
-
goto err;
|
|
650
|
-
}
|
|
651
|
-
}
|
|
652
|
-
|
|
653
|
-
if (!add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) ||
|
|
612
|
+
!add_cbor_int(&srr, private_metadata ^ metadata_obfuscator) ||
|
|
613
|
+
!add_cbor_text(&srr, kTokenHashLabel, strlen(kTokenHashLabel)) ||
|
|
614
|
+
!add_cbor_bytes(&srr, token_hash, sizeof(token_hash)) ||
|
|
615
|
+
!add_cbor_text(&srr, kClientDataLabel, strlen(kClientDataLabel)) ||
|
|
654
616
|
!CBB_add_bytes(&srr, CBS_data(&client_data), CBS_len(&client_data)) ||
|
|
655
617
|
!add_cbor_text(&srr, kExpiryTimestampLabel,
|
|
656
618
|
strlen(kExpiryTimestampLabel)) ||
|
|
@@ -296,7 +296,7 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
|
|
|
296
296
|
*/
|
|
297
297
|
|
|
298
298
|
static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
|
|
299
|
-
ASN1_STRING *str)
|
|
299
|
+
const ASN1_STRING *str)
|
|
300
300
|
{
|
|
301
301
|
/*
|
|
302
302
|
* Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
|
|
@@ -354,7 +354,7 @@ static const signed char tag2nbyte[] = {
|
|
|
354
354
|
*/
|
|
355
355
|
|
|
356
356
|
static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
|
|
357
|
-
ASN1_STRING *str)
|
|
357
|
+
const ASN1_STRING *str)
|
|
358
358
|
{
|
|
359
359
|
int outlen, len;
|
|
360
360
|
int type;
|
|
@@ -610,13 +610,13 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
|
|
|
610
610
|
}
|
|
611
611
|
#endif
|
|
612
612
|
|
|
613
|
-
int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
|
|
613
|
+
int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
|
|
614
614
|
{
|
|
615
615
|
return do_print_ex(send_bio_chars, out, flags, str);
|
|
616
616
|
}
|
|
617
617
|
|
|
618
618
|
#ifndef OPENSSL_NO_FP_API
|
|
619
|
-
int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
|
|
619
|
+
int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
|
|
620
620
|
{
|
|
621
621
|
return do_print_ex(send_fp_chars, fp, flags, str);
|
|
622
622
|
}
|
|
@@ -142,6 +142,14 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
|
|
|
142
142
|
return 0;
|
|
143
143
|
}
|
|
144
144
|
|
|
145
|
+
/* RSA signature algorithms include an explicit NULL parameter but we also
|
|
146
|
+
* accept omitted values for compatibility. Other algorithms must omit it. */
|
|
147
|
+
if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA ||
|
|
148
|
+
sigalg->parameter->type != V_ASN1_NULL)) {
|
|
149
|
+
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
|
|
150
|
+
return 0;
|
|
151
|
+
}
|
|
152
|
+
|
|
145
153
|
/* Otherwise, initialize with the digest from the OID. */
|
|
146
154
|
const EVP_MD *digest = EVP_get_digestbynid(digest_nid);
|
|
147
155
|
if (digest == NULL) {
|
|
@@ -123,7 +123,7 @@ typedef struct {
|
|
|
123
123
|
int exp_count;
|
|
124
124
|
} tag_exp_arg;
|
|
125
125
|
|
|
126
|
-
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
|
126
|
+
static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
|
|
127
127
|
int *perr);
|
|
128
128
|
static int bitstr_cb(const char *elem, int len, void *bitstr);
|
|
129
129
|
static int asn1_cb(const char *elem, int len, void *bitstr);
|
|
@@ -136,7 +136,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
|
|
|
136
136
|
static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
|
|
137
137
|
static int asn1_str2tag(const char *tagstr, int len);
|
|
138
138
|
|
|
139
|
-
ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
|
|
139
|
+
ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
|
|
140
140
|
{
|
|
141
141
|
X509V3_CTX cnf;
|
|
142
142
|
|
|
@@ -147,7 +147,7 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
|
|
|
147
147
|
return ASN1_generate_v3(str, &cnf);
|
|
148
148
|
}
|
|
149
149
|
|
|
150
|
-
ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
|
150
|
+
ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
|
|
151
151
|
{
|
|
152
152
|
int err = 0;
|
|
153
153
|
ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
|
|
@@ -156,7 +156,7 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
|
|
|
156
156
|
return ret;
|
|
157
157
|
}
|
|
158
158
|
|
|
159
|
-
static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
|
|
159
|
+
static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
|
|
160
160
|
int *perr)
|
|
161
161
|
{
|
|
162
162
|
ASN1_TYPE *ret;
|
|
@@ -65,73 +65,6 @@
|
|
|
65
65
|
* it to avoid downstream churn. */
|
|
66
66
|
OPENSSL_DECLARE_ERROR_REASON(X509, UNSUPPORTED_ALGORITHM)
|
|
67
67
|
|
|
68
|
-
int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
|
|
69
|
-
int ptype, void *pval, uint8_t *penc, int penclen) {
|
|
70
|
-
uint8_t **ppenc = NULL;
|
|
71
|
-
if (version >= 0) {
|
|
72
|
-
if (!ASN1_INTEGER_set(priv->version, version)) {
|
|
73
|
-
return 0;
|
|
74
|
-
}
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
if (penc) {
|
|
78
|
-
int pmtype;
|
|
79
|
-
ASN1_OCTET_STRING *oct;
|
|
80
|
-
|
|
81
|
-
oct = ASN1_OCTET_STRING_new();
|
|
82
|
-
if (!oct) {
|
|
83
|
-
return 0;
|
|
84
|
-
}
|
|
85
|
-
oct->data = penc;
|
|
86
|
-
ppenc = &oct->data;
|
|
87
|
-
oct->length = penclen;
|
|
88
|
-
if (priv->broken == PKCS8_NO_OCTET) {
|
|
89
|
-
pmtype = V_ASN1_SEQUENCE;
|
|
90
|
-
} else {
|
|
91
|
-
pmtype = V_ASN1_OCTET_STRING;
|
|
92
|
-
}
|
|
93
|
-
ASN1_TYPE_set(priv->pkey, pmtype, oct);
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) {
|
|
97
|
-
/* If call fails do not swallow 'enc' */
|
|
98
|
-
if (ppenc) {
|
|
99
|
-
*ppenc = NULL;
|
|
100
|
-
}
|
|
101
|
-
return 0;
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
return 1;
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const uint8_t **pk, int *ppklen,
|
|
108
|
-
X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8) {
|
|
109
|
-
if (ppkalg) {
|
|
110
|
-
*ppkalg = p8->pkeyalg->algorithm;
|
|
111
|
-
}
|
|
112
|
-
|
|
113
|
-
if (p8->pkey->type == V_ASN1_OCTET_STRING) {
|
|
114
|
-
p8->broken = PKCS8_OK;
|
|
115
|
-
if (pk) {
|
|
116
|
-
*pk = p8->pkey->value.octet_string->data;
|
|
117
|
-
*ppklen = p8->pkey->value.octet_string->length;
|
|
118
|
-
}
|
|
119
|
-
} else if (p8->pkey->type == V_ASN1_SEQUENCE) {
|
|
120
|
-
p8->broken = PKCS8_NO_OCTET;
|
|
121
|
-
if (pk) {
|
|
122
|
-
*pk = p8->pkey->value.sequence->data;
|
|
123
|
-
*ppklen = p8->pkey->value.sequence->length;
|
|
124
|
-
}
|
|
125
|
-
} else {
|
|
126
|
-
return 0;
|
|
127
|
-
}
|
|
128
|
-
|
|
129
|
-
if (pa) {
|
|
130
|
-
*pa = p8->pkeyalg;
|
|
131
|
-
}
|
|
132
|
-
return 1;
|
|
133
|
-
}
|
|
134
|
-
|
|
135
68
|
int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) {
|
|
136
69
|
const uint8_t *s;
|
|
137
70
|
int i, n;
|
|
@@ -67,6 +67,7 @@
|
|
|
67
67
|
#include <openssl/x509v3.h>
|
|
68
68
|
|
|
69
69
|
#include "../internal.h"
|
|
70
|
+
#include "../x509v3/internal.h"
|
|
70
71
|
|
|
71
72
|
|
|
72
73
|
int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
|
|
@@ -175,12 +176,18 @@ unsigned long X509_subject_name_hash_old(X509 *x)
|
|
|
175
176
|
*/
|
|
176
177
|
int X509_cmp(const X509 *a, const X509 *b)
|
|
177
178
|
{
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
179
|
+
/* Fill in the |sha1_hash| fields.
|
|
180
|
+
*
|
|
181
|
+
* TODO(davidben): This may fail, in which case the the hash will be all
|
|
182
|
+
* zeros. This produces a consistent comparison (failures are sticky), but
|
|
183
|
+
* not a good one. OpenSSL now returns -2, but this is not a consistent
|
|
184
|
+
* comparison and may cause misbehaving sorts by transitivity. For now, we
|
|
185
|
+
* retain the old OpenSSL behavior, which was to ignore the error. See
|
|
186
|
+
* https://crbug.com/boringssl/355. */
|
|
187
|
+
x509v3_cache_extensions((X509 *)a);
|
|
188
|
+
x509v3_cache_extensions((X509 *)b);
|
|
189
|
+
|
|
190
|
+
int rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
|
|
184
191
|
if (rv)
|
|
185
192
|
return rv;
|
|
186
193
|
/* Check for match against stored encoding too */
|
|
@@ -107,6 +107,16 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
|
|
|
107
107
|
return (NULL);
|
|
108
108
|
}
|
|
109
109
|
|
|
110
|
+
long X509_REQ_get_version(const X509_REQ *req)
|
|
111
|
+
{
|
|
112
|
+
return ASN1_INTEGER_get(req->req_info->version);
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
|
|
116
|
+
{
|
|
117
|
+
return req->req_info->subject;
|
|
118
|
+
}
|
|
119
|
+
|
|
110
120
|
EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
|
|
111
121
|
{
|
|
112
122
|
if ((req == NULL) || (req->req_info == NULL))
|
|
@@ -60,6 +60,16 @@
|
|
|
60
60
|
#include <openssl/obj.h>
|
|
61
61
|
#include <openssl/x509.h>
|
|
62
62
|
|
|
63
|
+
long X509_get_version(const X509 *x509)
|
|
64
|
+
{
|
|
65
|
+
return ASN1_INTEGER_get(x509->cert_info->version);
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
X509_CINF *X509_get_cert_info(const X509 *x509)
|
|
69
|
+
{
|
|
70
|
+
return x509->cert_info;
|
|
71
|
+
}
|
|
72
|
+
|
|
63
73
|
int X509_set_version(X509 *x, long version)
|
|
64
74
|
{
|
|
65
75
|
if (x == NULL)
|
|
@@ -137,6 +147,14 @@ ASN1_TIME *X509_getm_notBefore(X509 *x)
|
|
|
137
147
|
return x->cert_info->validity->notBefore;
|
|
138
148
|
}
|
|
139
149
|
|
|
150
|
+
ASN1_TIME *X509_get_notBefore(const X509 *x509)
|
|
151
|
+
{
|
|
152
|
+
// In OpenSSL, this function is an alias for |X509_getm_notBefore|, but our
|
|
153
|
+
// |X509_getm_notBefore| is const-correct. |X509_get_notBefore| was
|
|
154
|
+
// originally a macro, so it needs to capture both get0 and getm use cases.
|
|
155
|
+
return x509->cert_info->validity->notBefore;
|
|
156
|
+
}
|
|
157
|
+
|
|
140
158
|
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
|
|
141
159
|
{
|
|
142
160
|
ASN1_TIME *in;
|
|
@@ -167,6 +185,14 @@ ASN1_TIME *X509_getm_notAfter(X509 *x)
|
|
|
167
185
|
return x->cert_info->validity->notAfter;
|
|
168
186
|
}
|
|
169
187
|
|
|
188
|
+
ASN1_TIME *X509_get_notAfter(const X509 *x509)
|
|
189
|
+
{
|
|
190
|
+
// In OpenSSL, this function is an alias for |X509_getm_notAfter|, but our
|
|
191
|
+
// |X509_getm_notAfter| is const-correct. |X509_get_notAfter| was
|
|
192
|
+
// originally a macro, so it needs to capture both get0 and getm use cases.
|
|
193
|
+
return x509->cert_info->validity->notAfter;
|
|
194
|
+
}
|
|
195
|
+
|
|
170
196
|
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
|
|
171
197
|
{
|
|
172
198
|
if ((x == NULL) || (x->cert_info == NULL))
|
|
@@ -183,3 +209,18 @@ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
|
|
183
209
|
{
|
|
184
210
|
return x->cert_info->signature;
|
|
185
211
|
}
|
|
212
|
+
|
|
213
|
+
void X509_CINF_set_modified(X509_CINF *cinf)
|
|
214
|
+
{
|
|
215
|
+
cinf->enc.modified = 1;
|
|
216
|
+
}
|
|
217
|
+
|
|
218
|
+
const X509_ALGOR *X509_CINF_get_signature(const X509_CINF *cinf)
|
|
219
|
+
{
|
|
220
|
+
return cinf->signature;
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x509)
|
|
224
|
+
{
|
|
225
|
+
return x509->cert_info->key;
|
|
226
|
+
}
|
|
@@ -59,6 +59,8 @@
|
|
|
59
59
|
#include <openssl/obj.h>
|
|
60
60
|
#include <openssl/x509v3.h>
|
|
61
61
|
|
|
62
|
+
#include "../x509v3/internal.h"
|
|
63
|
+
|
|
62
64
|
static int tr_cmp(const X509_TRUST **a, const X509_TRUST **b);
|
|
63
65
|
static void trtable_free(X509_TRUST *p);
|
|
64
66
|
|
|
@@ -293,7 +295,8 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
|
|
|
293
295
|
|
|
294
296
|
static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
|
|
295
297
|
{
|
|
296
|
-
|
|
298
|
+
if (!x509v3_cache_extensions(x))
|
|
299
|
+
return X509_TRUST_UNTRUSTED;
|
|
297
300
|
if (x->ex_flags & EXFLAG_SS)
|
|
298
301
|
return X509_TRUST_TRUSTED;
|
|
299
302
|
else
|
|
@@ -146,14 +146,16 @@ static int null_callback(int ok, X509_STORE_CTX *e)
|
|
|
146
146
|
return ok;
|
|
147
147
|
}
|
|
148
148
|
|
|
149
|
-
/*
|
|
150
|
-
|
|
149
|
+
/* cert_self_signed checks if |x| is self-signed. If |x| is valid, it returns
|
|
150
|
+
* one and sets |*out_is_self_signed| to the result. If |x| is invalid, it
|
|
151
|
+
* returns zero. */
|
|
152
|
+
static int cert_self_signed(X509 *x, int *out_is_self_signed)
|
|
151
153
|
{
|
|
152
|
-
|
|
153
|
-
if (x->ex_flags & EXFLAG_SS)
|
|
154
|
-
return 1;
|
|
155
|
-
else
|
|
154
|
+
if (!x509v3_cache_extensions(x)) {
|
|
156
155
|
return 0;
|
|
156
|
+
}
|
|
157
|
+
*out_is_self_signed = (x->ex_flags & EXFLAG_SS) != 0;
|
|
158
|
+
return 1;
|
|
157
159
|
}
|
|
158
160
|
|
|
159
161
|
/* Given a certificate try and find an exact match in the store */
|
|
@@ -263,8 +265,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
|
|
263
265
|
* X509_V_ERR_CERT_CHAIN_TOO_LONG error code
|
|
264
266
|
* later. */
|
|
265
267
|
|
|
268
|
+
int is_self_signed;
|
|
269
|
+
if (!cert_self_signed(x, &is_self_signed)) {
|
|
270
|
+
ctx->error = X509_V_ERR_INVALID_EXTENSION;
|
|
271
|
+
goto end;
|
|
272
|
+
}
|
|
273
|
+
|
|
266
274
|
/* If we are self signed, we break */
|
|
267
|
-
if (
|
|
275
|
+
if (is_self_signed)
|
|
268
276
|
break;
|
|
269
277
|
/*
|
|
270
278
|
* If asked see if we can find issuer in trusted store first
|
|
@@ -323,7 +331,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
|
|
323
331
|
*/
|
|
324
332
|
i = sk_X509_num(ctx->chain);
|
|
325
333
|
x = sk_X509_value(ctx->chain, i - 1);
|
|
326
|
-
|
|
334
|
+
|
|
335
|
+
int is_self_signed;
|
|
336
|
+
if (!cert_self_signed(x, &is_self_signed)) {
|
|
337
|
+
ctx->error = X509_V_ERR_INVALID_EXTENSION;
|
|
338
|
+
goto end;
|
|
339
|
+
}
|
|
340
|
+
|
|
341
|
+
if (is_self_signed) {
|
|
327
342
|
/* we have a self signed certificate */
|
|
328
343
|
if (sk_X509_num(ctx->chain) == 1) {
|
|
329
344
|
/*
|
|
@@ -368,8 +383,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
|
|
|
368
383
|
/* If we have enough, we break */
|
|
369
384
|
if (depth < num)
|
|
370
385
|
break;
|
|
386
|
+
if (!cert_self_signed(x, &is_self_signed)) {
|
|
387
|
+
ctx->error = X509_V_ERR_INVALID_EXTENSION;
|
|
388
|
+
goto end;
|
|
389
|
+
}
|
|
371
390
|
/* If we are self signed, we break */
|
|
372
|
-
if (
|
|
391
|
+
if (is_self_signed)
|
|
373
392
|
break;
|
|
374
393
|
ok = ctx->get_issuer(&xtmp, ctx, x);
|
|
375
394
|
|
|
@@ -135,6 +135,11 @@ int X509_CRL_up_ref(X509_CRL *crl)
|
|
|
135
135
|
return 1;
|
|
136
136
|
}
|
|
137
137
|
|
|
138
|
+
long X509_CRL_get_version(const X509_CRL *crl)
|
|
139
|
+
{
|
|
140
|
+
return ASN1_INTEGER_get(crl->crl->version);
|
|
141
|
+
}
|
|
142
|
+
|
|
138
143
|
const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
|
|
139
144
|
{
|
|
140
145
|
return crl->crl->lastUpdate;
|
|
@@ -145,6 +150,26 @@ const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
|
|
|
145
150
|
return crl->crl->nextUpdate;
|
|
146
151
|
}
|
|
147
152
|
|
|
153
|
+
ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
|
|
154
|
+
{
|
|
155
|
+
return crl->crl->lastUpdate;
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
|
|
159
|
+
{
|
|
160
|
+
return crl->crl->nextUpdate;
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
|
|
164
|
+
{
|
|
165
|
+
return crl->crl->issuer;
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
|
|
169
|
+
{
|
|
170
|
+
return crl->crl->revoked;
|
|
171
|
+
}
|
|
172
|
+
|
|
148
173
|
void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
|
|
149
174
|
const X509_ALGOR **palg)
|
|
150
175
|
{
|