grpc 1.32.0 → 1.33.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +175 -376
- data/include/grpc/grpc.h +0 -5
- data/include/grpc/grpc_security.h +16 -0
- data/include/grpc/impl/codegen/grpc_types.h +0 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +204 -170
- data/src/core/ext/filters/client_channel/config_selector.cc +0 -4
- data/src/core/ext/filters/client_channel/config_selector.h +34 -5
- data/src/core/ext/filters/client_channel/lb_policy.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +48 -35
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.h +7 -5
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +3 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +106 -106
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +9 -32
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +198 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +439 -249
- data/src/core/ext/filters/client_channel/lb_policy/xds/eds_drop.cc +571 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +727 -0
- data/src/core/ext/filters/client_channel/lb_policy_registry.cc +8 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -1
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +553 -358
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +28 -0
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +8 -39
- data/src/core/ext/filters/client_channel/resolver_result_parsing.h +4 -2
- data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +44 -43
- data/src/core/ext/filters/client_channel/resolving_lb_policy.h +5 -9
- data/src/core/ext/filters/client_channel/server_address.cc +80 -0
- data/src/core/ext/filters/client_channel/server_address.h +25 -36
- data/src/core/ext/filters/client_channel/service_config.cc +16 -13
- data/src/core/ext/filters/client_channel/service_config.h +7 -4
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/service_config_parser.cc +8 -6
- data/src/core/ext/filters/client_channel/service_config_parser.h +8 -5
- data/src/core/ext/filters/client_channel/subchannel_interface.h +44 -0
- data/src/core/ext/filters/message_size/message_size_filter.cc +2 -1
- data/src/core/ext/filters/message_size/message_size_filter.h +2 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +17 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +10 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +10 -0
- data/src/core/ext/transport/chttp2/transport/internal.h +5 -0
- data/src/core/ext/transport/chttp2/transport/parsing.cc +16 -2
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +29 -9
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +66 -0
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +123 -45
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +310 -53
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +17 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +45 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +16 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +38 -15
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.c +53 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/extension.upb.h +133 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +54 -8
- data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +123 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +40 -16
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +114 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +85 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +36 -16
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +86 -20
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +23 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +54 -5
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +10 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +28 -11
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +184 -57
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +504 -69
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +78 -26
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +236 -25
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +8 -9
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +19 -33
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +7 -3
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +16 -0
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +65 -23
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +229 -47
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +20 -10
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +67 -4
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +6 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.c +242 -0
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/checked.upb.h +753 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.c +31 -0
- data/src/core/ext/upb-generated/udpa/annotations/security.upb.h +57 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.c +28 -0
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +53 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +129 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +77 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +85 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +160 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +84 -0
- data/src/core/ext/xds/certificate_provider_factory.h +59 -0
- data/src/core/ext/xds/certificate_provider_registry.cc +103 -0
- data/src/core/ext/xds/certificate_provider_registry.h +57 -0
- data/src/core/ext/xds/certificate_provider_store.h +50 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.cc +377 -0
- data/src/core/ext/xds/google_mesh_ca_certificate_provider_factory.h +102 -0
- data/src/core/ext/xds/xds_api.cc +301 -93
- data/src/core/ext/xds/xds_api.h +129 -92
- data/src/core/ext/xds/xds_channel_args.h +6 -3
- data/src/core/ext/xds/xds_client.cc +498 -410
- data/src/core/ext/xds/xds_client.h +105 -51
- data/src/core/ext/xds/xds_client_stats.cc +18 -12
- data/src/core/ext/xds/xds_client_stats.h +33 -5
- data/src/core/lib/channel/channel_args.h +0 -1
- data/src/core/lib/channel/channelz.cc +10 -45
- data/src/core/lib/channel/channelz.h +11 -19
- data/src/core/lib/channel/channelz_registry.cc +12 -11
- data/src/core/lib/channel/channelz_registry.h +3 -0
- data/src/core/lib/gpr/time_precise.cc +2 -0
- data/src/core/lib/gpr/time_precise.h +6 -2
- data/src/core/lib/gprpp/dual_ref_counted.h +336 -0
- data/src/core/lib/gprpp/ref_counted.h +51 -22
- data/src/core/lib/gprpp/ref_counted_ptr.h +153 -0
- data/src/core/lib/iomgr/endpoint_cfstream.cc +9 -5
- data/src/core/lib/iomgr/exec_ctx.h +10 -8
- data/src/core/lib/json/json_util.cc +58 -0
- data/src/core/lib/json/json_util.h +37 -0
- data/src/core/lib/security/certificate_provider.h +60 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +321 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +214 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +45 -0
- data/src/core/lib/security/credentials/xds/xds_credentials.h +51 -0
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +6 -10
- data/src/core/lib/security/security_connector/ssl_utils.h +5 -0
- data/src/core/lib/surface/channel.cc +9 -31
- data/src/core/lib/surface/channel.h +6 -1
- data/src/core/lib/surface/init.cc +26 -9
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/bdp_estimator.h +2 -1
- data/src/core/lib/transport/connectivity_state.h +2 -2
- data/src/core/lib/transport/metadata.cc +11 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +35 -20
- data/src/core/tsi/ssl_transport_security.cc +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +3 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +465 -463
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +0 -6
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +9 -43
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +55 -4
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +6 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +30 -10
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -15
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +98 -11
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +51 -6
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +44 -2
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +221 -49
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +64 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +0 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +7 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +21 -18
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +24 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +67 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +29 -35
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +13 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +10 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +28 -40
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +7 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +55 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +0 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +6 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +12 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +9 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +4 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +9 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +26 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +188 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +52 -43
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +18 -18
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +9 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +8 -9
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +1 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +4 -8
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +2 -2
- metadata +72 -42
- data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +0 -537
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +0 -1141
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.c +0 -17
- data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -29
- data/src/core/ext/xds/xds_channel.h +0 -46
- data/src/core/ext/xds/xds_channel_secure.cc +0 -103
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pku.c +0 -110
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_sxnet.c +0 -274
|
@@ -36,6 +36,41 @@ const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v1(void) {
|
|
|
36
36
|
pmbtoken_exp1_sign,
|
|
37
37
|
pmbtoken_exp1_unblind,
|
|
38
38
|
pmbtoken_exp1_read,
|
|
39
|
+
1, /* has_private_metadata */
|
|
40
|
+
3, /* max_keys */
|
|
41
|
+
1, /* has_srr */
|
|
42
|
+
};
|
|
43
|
+
return &kMethod;
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pp(void) {
|
|
47
|
+
static const TRUST_TOKEN_METHOD kMethod = {
|
|
48
|
+
pmbtoken_exp2_generate_key,
|
|
49
|
+
pmbtoken_exp2_client_key_from_bytes,
|
|
50
|
+
pmbtoken_exp2_issuer_key_from_bytes,
|
|
51
|
+
pmbtoken_exp2_blind,
|
|
52
|
+
pmbtoken_exp2_sign,
|
|
53
|
+
pmbtoken_exp2_unblind,
|
|
54
|
+
pmbtoken_exp2_read,
|
|
55
|
+
0, /* has_private_metadata */
|
|
56
|
+
6, /* max_keys */
|
|
57
|
+
0, /* has_srr */
|
|
58
|
+
};
|
|
59
|
+
return &kMethod;
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
const TRUST_TOKEN_METHOD *TRUST_TOKEN_experiment_v2_pmb(void) {
|
|
63
|
+
static const TRUST_TOKEN_METHOD kMethod = {
|
|
64
|
+
pmbtoken_exp2_generate_key,
|
|
65
|
+
pmbtoken_exp2_client_key_from_bytes,
|
|
66
|
+
pmbtoken_exp2_issuer_key_from_bytes,
|
|
67
|
+
pmbtoken_exp2_blind,
|
|
68
|
+
pmbtoken_exp2_sign,
|
|
69
|
+
pmbtoken_exp2_unblind,
|
|
70
|
+
pmbtoken_exp2_read,
|
|
71
|
+
1, /* has_private_metadata */
|
|
72
|
+
3, /* max_keys */
|
|
73
|
+
0, /* has_srr */
|
|
39
74
|
};
|
|
40
75
|
return &kMethod;
|
|
41
76
|
}
|
|
@@ -131,7 +166,8 @@ void TRUST_TOKEN_CLIENT_free(TRUST_TOKEN_CLIENT *ctx) {
|
|
|
131
166
|
|
|
132
167
|
int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index,
|
|
133
168
|
const uint8_t *key, size_t key_len) {
|
|
134
|
-
if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys)
|
|
169
|
+
if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) ||
|
|
170
|
+
ctx->num_keys >= ctx->method->max_keys) {
|
|
135
171
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS);
|
|
136
172
|
return 0;
|
|
137
173
|
}
|
|
@@ -153,6 +189,9 @@ int TRUST_TOKEN_CLIENT_add_key(TRUST_TOKEN_CLIENT *ctx, size_t *out_key_index,
|
|
|
153
189
|
}
|
|
154
190
|
|
|
155
191
|
int TRUST_TOKEN_CLIENT_set_srr_key(TRUST_TOKEN_CLIENT *ctx, EVP_PKEY *key) {
|
|
192
|
+
if (!ctx->method->has_srr) {
|
|
193
|
+
return 1;
|
|
194
|
+
}
|
|
156
195
|
EVP_PKEY_free(ctx->srr_key);
|
|
157
196
|
EVP_PKEY_up_ref(key);
|
|
158
197
|
ctx->srr_key = key;
|
|
@@ -270,15 +309,10 @@ int TRUST_TOKEN_CLIENT_begin_redemption(TRUST_TOKEN_CLIENT *ctx, uint8_t **out,
|
|
|
270
309
|
}
|
|
271
310
|
|
|
272
311
|
int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx,
|
|
273
|
-
uint8_t **
|
|
312
|
+
uint8_t **out_rr, size_t *out_rr_len,
|
|
274
313
|
uint8_t **out_sig, size_t *out_sig_len,
|
|
275
314
|
const uint8_t *response,
|
|
276
315
|
size_t response_len) {
|
|
277
|
-
if (ctx->srr_key == NULL) {
|
|
278
|
-
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED);
|
|
279
|
-
return 0;
|
|
280
|
-
}
|
|
281
|
-
|
|
282
316
|
CBS in, srr, sig;
|
|
283
317
|
CBS_init(&in, response, response_len);
|
|
284
318
|
if (!CBS_get_u16_length_prefixed(&in, &srr) ||
|
|
@@ -287,16 +321,24 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx,
|
|
|
287
321
|
return 0;
|
|
288
322
|
}
|
|
289
323
|
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
EVP_MD_CTX_cleanup(&md_ctx);
|
|
324
|
+
if (ctx->method->has_srr) {
|
|
325
|
+
if (ctx->srr_key == NULL) {
|
|
326
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_NO_SRR_KEY_CONFIGURED);
|
|
327
|
+
return 0;
|
|
328
|
+
}
|
|
296
329
|
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
330
|
+
EVP_MD_CTX md_ctx;
|
|
331
|
+
EVP_MD_CTX_init(&md_ctx);
|
|
332
|
+
int sig_ok =
|
|
333
|
+
EVP_DigestVerifyInit(&md_ctx, NULL, NULL, NULL, ctx->srr_key) &&
|
|
334
|
+
EVP_DigestVerify(&md_ctx, CBS_data(&sig), CBS_len(&sig), CBS_data(&srr),
|
|
335
|
+
CBS_len(&srr));
|
|
336
|
+
EVP_MD_CTX_cleanup(&md_ctx);
|
|
337
|
+
|
|
338
|
+
if (!sig_ok) {
|
|
339
|
+
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_SRR_SIGNATURE_ERROR);
|
|
340
|
+
return 0;
|
|
341
|
+
}
|
|
300
342
|
}
|
|
301
343
|
|
|
302
344
|
uint8_t *srr_buf = NULL, *sig_buf = NULL;
|
|
@@ -309,8 +351,8 @@ int TRUST_TOKEN_CLIENT_finish_redemption(TRUST_TOKEN_CLIENT *ctx,
|
|
|
309
351
|
return 0;
|
|
310
352
|
}
|
|
311
353
|
|
|
312
|
-
*
|
|
313
|
-
*
|
|
354
|
+
*out_rr = srr_buf;
|
|
355
|
+
*out_rr_len = srr_len;
|
|
314
356
|
*out_sig = sig_buf;
|
|
315
357
|
*out_sig_len = sig_len;
|
|
316
358
|
return 1;
|
|
@@ -346,7 +388,8 @@ void TRUST_TOKEN_ISSUER_free(TRUST_TOKEN_ISSUER *ctx) {
|
|
|
346
388
|
|
|
347
389
|
int TRUST_TOKEN_ISSUER_add_key(TRUST_TOKEN_ISSUER *ctx, const uint8_t *key,
|
|
348
390
|
size_t key_len) {
|
|
349
|
-
if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys)
|
|
391
|
+
if (ctx->num_keys == OPENSSL_ARRAY_SIZE(ctx->keys) ||
|
|
392
|
+
ctx->num_keys >= ctx->method->max_keys) {
|
|
350
393
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_TOO_MANY_KEYS);
|
|
351
394
|
return 0;
|
|
352
395
|
}
|
|
@@ -411,7 +454,8 @@ int TRUST_TOKEN_ISSUER_issue(const TRUST_TOKEN_ISSUER *ctx, uint8_t **out,
|
|
|
411
454
|
|
|
412
455
|
const struct trust_token_issuer_key_st *key =
|
|
413
456
|
trust_token_issuer_get_key(ctx, public_metadata);
|
|
414
|
-
if (key == NULL || private_metadata > 1
|
|
457
|
+
if (key == NULL || private_metadata > 1 ||
|
|
458
|
+
(!ctx->method->has_private_metadata && private_metadata != 0)) {
|
|
415
459
|
OPENSSL_PUT_ERROR(TRUST_TOKEN, TRUST_TOKEN_R_INVALID_METADATA);
|
|
416
460
|
return 0;
|
|
417
461
|
}
|
|
@@ -446,7 +446,7 @@ static int do_indent(char_io *io_ch, void *arg, int indent)
|
|
|
446
446
|
#define FN_WIDTH_LN 25
|
|
447
447
|
#define FN_WIDTH_SN 10
|
|
448
448
|
|
|
449
|
-
static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
|
449
|
+
static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
|
|
450
450
|
int indent, unsigned long flags)
|
|
451
451
|
{
|
|
452
452
|
int i, prev = -1, orflags, cnt;
|
|
@@ -584,7 +584,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
|
|
|
584
584
|
|
|
585
585
|
/* Wrappers round the main functions */
|
|
586
586
|
|
|
587
|
-
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
|
|
587
|
+
int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
|
|
588
588
|
unsigned long flags)
|
|
589
589
|
{
|
|
590
590
|
if (flags == XN_FLAG_COMPAT)
|
|
@@ -593,7 +593,7 @@ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
|
|
|
593
593
|
}
|
|
594
594
|
|
|
595
595
|
#ifndef OPENSSL_NO_FP_API
|
|
596
|
-
int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
|
|
596
|
+
int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
|
|
597
597
|
unsigned long flags)
|
|
598
598
|
{
|
|
599
599
|
if (flags == XN_FLAG_COMPAT) {
|
|
@@ -142,14 +142,6 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, X509_ALGOR *sigalg,
|
|
|
142
142
|
return 0;
|
|
143
143
|
}
|
|
144
144
|
|
|
145
|
-
/* RSA signature algorithms include an explicit NULL parameter but we also
|
|
146
|
-
* accept omitted values for compatibility. Other algorithms must omit it. */
|
|
147
|
-
if (sigalg->parameter != NULL && (pkey_nid != EVP_PKEY_RSA ||
|
|
148
|
-
sigalg->parameter->type != V_ASN1_NULL)) {
|
|
149
|
-
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PARAMETER);
|
|
150
|
-
return 0;
|
|
151
|
-
}
|
|
152
|
-
|
|
153
145
|
/* Otherwise, initialize with the digest from the OID. */
|
|
154
146
|
const EVP_MD *digest = EVP_get_digestbynid(digest_nid);
|
|
155
147
|
if (digest == NULL) {
|
|
@@ -91,10 +91,10 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
|
|
|
91
91
|
BIO_printf(out, "%8sIssuer: %s\n", "", p);
|
|
92
92
|
OPENSSL_free(p);
|
|
93
93
|
BIO_printf(out, "%8sLast Update: ", "");
|
|
94
|
-
ASN1_TIME_print(out,
|
|
94
|
+
ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
|
|
95
95
|
BIO_printf(out, "\n%8sNext Update: ", "");
|
|
96
|
-
if (
|
|
97
|
-
ASN1_TIME_print(out,
|
|
96
|
+
if (X509_CRL_get0_nextUpdate(x))
|
|
97
|
+
ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
|
|
98
98
|
else
|
|
99
99
|
BIO_printf(out, "NONE");
|
|
100
100
|
BIO_printf(out, "\n");
|
|
@@ -131,7 +131,7 @@ int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
|
|
|
131
131
|
return OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, 20);
|
|
132
132
|
}
|
|
133
133
|
|
|
134
|
-
X509_NAME *X509_get_issuer_name(X509 *a)
|
|
134
|
+
X509_NAME *X509_get_issuer_name(const X509 *a)
|
|
135
135
|
{
|
|
136
136
|
return (a->cert_info->issuer);
|
|
137
137
|
}
|
|
@@ -146,7 +146,7 @@ unsigned long X509_issuer_name_hash_old(X509 *x)
|
|
|
146
146
|
return (X509_NAME_hash_old(x->cert_info->issuer));
|
|
147
147
|
}
|
|
148
148
|
|
|
149
|
-
X509_NAME *X509_get_subject_name(X509 *a)
|
|
149
|
+
X509_NAME *X509_get_subject_name(const X509 *a)
|
|
150
150
|
{
|
|
151
151
|
return (a->cert_info->subject);
|
|
152
152
|
}
|
|
@@ -156,6 +156,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a)
|
|
|
156
156
|
return (a->cert_info->serialNumber);
|
|
157
157
|
}
|
|
158
158
|
|
|
159
|
+
const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x509)
|
|
160
|
+
{
|
|
161
|
+
return x509->cert_info->serialNumber;
|
|
162
|
+
}
|
|
163
|
+
|
|
159
164
|
unsigned long X509_subject_name_hash(X509 *x)
|
|
160
165
|
{
|
|
161
166
|
return (X509_NAME_hash(x->cert_info->subject));
|
|
@@ -62,27 +62,28 @@
|
|
|
62
62
|
#include <openssl/x509.h>
|
|
63
63
|
#include <openssl/x509v3.h>
|
|
64
64
|
|
|
65
|
-
int X509_CRL_get_ext_count(X509_CRL *x)
|
|
65
|
+
int X509_CRL_get_ext_count(const X509_CRL *x)
|
|
66
66
|
{
|
|
67
67
|
return (X509v3_get_ext_count(x->crl->extensions));
|
|
68
68
|
}
|
|
69
69
|
|
|
70
|
-
int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
|
|
70
|
+
int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
|
|
71
71
|
{
|
|
72
72
|
return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
|
|
73
73
|
}
|
|
74
74
|
|
|
75
|
-
int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj,
|
|
75
|
+
int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
|
|
76
|
+
int lastpos)
|
|
76
77
|
{
|
|
77
78
|
return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
|
|
78
79
|
}
|
|
79
80
|
|
|
80
|
-
int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
|
|
81
|
+
int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
|
|
81
82
|
{
|
|
82
83
|
return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
|
|
83
84
|
}
|
|
84
85
|
|
|
85
|
-
X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
|
|
86
|
+
X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
|
|
86
87
|
{
|
|
87
88
|
return (X509v3_get_ext(x->crl->extensions, loc));
|
|
88
89
|
}
|
|
@@ -92,7 +93,7 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
|
|
|
92
93
|
return (X509v3_delete_ext(x->crl->extensions, loc));
|
|
93
94
|
}
|
|
94
95
|
|
|
95
|
-
void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
|
|
96
|
+
void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
|
|
96
97
|
{
|
|
97
98
|
return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
|
|
98
99
|
}
|
|
@@ -108,28 +109,28 @@ int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
|
|
|
108
109
|
return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
|
|
109
110
|
}
|
|
110
111
|
|
|
111
|
-
int X509_get_ext_count(X509 *x)
|
|
112
|
+
int X509_get_ext_count(const X509 *x)
|
|
112
113
|
{
|
|
113
114
|
return (X509v3_get_ext_count(x->cert_info->extensions));
|
|
114
115
|
}
|
|
115
116
|
|
|
116
|
-
int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
|
|
117
|
+
int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
|
|
117
118
|
{
|
|
118
119
|
return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
|
|
119
120
|
}
|
|
120
121
|
|
|
121
|
-
int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
|
|
122
|
+
int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
|
|
122
123
|
{
|
|
123
124
|
return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
|
|
124
125
|
}
|
|
125
126
|
|
|
126
|
-
int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
|
|
127
|
+
int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
|
|
127
128
|
{
|
|
128
129
|
return (X509v3_get_ext_by_critical
|
|
129
130
|
(x->cert_info->extensions, crit, lastpos));
|
|
130
131
|
}
|
|
131
132
|
|
|
132
|
-
X509_EXTENSION *X509_get_ext(X509 *x, int loc)
|
|
133
|
+
X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
|
|
133
134
|
{
|
|
134
135
|
return (X509v3_get_ext(x->cert_info->extensions, loc));
|
|
135
136
|
}
|
|
@@ -144,7 +145,7 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
|
|
|
144
145
|
return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
|
|
145
146
|
}
|
|
146
147
|
|
|
147
|
-
void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
|
|
148
|
+
void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
|
|
148
149
|
{
|
|
149
150
|
return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
|
|
150
151
|
}
|
|
@@ -156,28 +157,29 @@ int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
|
|
|
156
157
|
flags);
|
|
157
158
|
}
|
|
158
159
|
|
|
159
|
-
int X509_REVOKED_get_ext_count(X509_REVOKED *x)
|
|
160
|
+
int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
|
|
160
161
|
{
|
|
161
162
|
return (X509v3_get_ext_count(x->extensions));
|
|
162
163
|
}
|
|
163
164
|
|
|
164
|
-
int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
|
|
165
|
+
int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
|
|
165
166
|
{
|
|
166
167
|
return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
|
|
167
168
|
}
|
|
168
169
|
|
|
169
|
-
int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
|
|
170
|
+
int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
|
|
170
171
|
int lastpos)
|
|
171
172
|
{
|
|
172
173
|
return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
|
|
173
174
|
}
|
|
174
175
|
|
|
175
|
-
int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit,
|
|
176
|
+
int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
|
|
177
|
+
int lastpos)
|
|
176
178
|
{
|
|
177
179
|
return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
|
|
178
180
|
}
|
|
179
181
|
|
|
180
|
-
X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
|
|
182
|
+
X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
|
|
181
183
|
{
|
|
182
184
|
return (X509v3_get_ext(x->extensions, loc));
|
|
183
185
|
}
|
|
@@ -192,7 +194,8 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
|
|
|
192
194
|
return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
|
|
193
195
|
}
|
|
194
196
|
|
|
195
|
-
void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit,
|
|
197
|
+
void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
|
|
198
|
+
int *idx)
|
|
196
199
|
{
|
|
197
200
|
return X509V3_get_d2i(x->extensions, nid, crit, idx);
|
|
198
201
|
}
|
|
@@ -117,7 +117,7 @@ int X509_set_subject_name(X509 *x, X509_NAME *name)
|
|
|
117
117
|
return (X509_NAME_set(&x->cert_info->subject, name));
|
|
118
118
|
}
|
|
119
119
|
|
|
120
|
-
int
|
|
120
|
+
int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
|
|
121
121
|
{
|
|
122
122
|
ASN1_TIME *in;
|
|
123
123
|
|
|
@@ -134,6 +134,11 @@ int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
|
|
|
134
134
|
return (in != NULL);
|
|
135
135
|
}
|
|
136
136
|
|
|
137
|
+
int X509_set_notBefore(X509 *x, const ASN1_TIME *tm)
|
|
138
|
+
{
|
|
139
|
+
return X509_set1_notBefore(x, tm);
|
|
140
|
+
}
|
|
141
|
+
|
|
137
142
|
const ASN1_TIME *X509_get0_notBefore(const X509 *x)
|
|
138
143
|
{
|
|
139
144
|
return x->cert_info->validity->notBefore;
|
|
@@ -155,7 +160,7 @@ ASN1_TIME *X509_get_notBefore(const X509 *x509)
|
|
|
155
160
|
return x509->cert_info->validity->notBefore;
|
|
156
161
|
}
|
|
157
162
|
|
|
158
|
-
int
|
|
163
|
+
int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
|
|
159
164
|
{
|
|
160
165
|
ASN1_TIME *in;
|
|
161
166
|
|
|
@@ -172,6 +177,11 @@ int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
|
|
|
172
177
|
return (in != NULL);
|
|
173
178
|
}
|
|
174
179
|
|
|
180
|
+
int X509_set_notAfter(X509 *x, const ASN1_TIME *tm)
|
|
181
|
+
{
|
|
182
|
+
return X509_set1_notAfter(x, tm);
|
|
183
|
+
}
|
|
184
|
+
|
|
175
185
|
const ASN1_TIME *X509_get0_notAfter(const X509 *x)
|
|
176
186
|
{
|
|
177
187
|
return x->cert_info->validity->notAfter;
|
|
@@ -193,6 +203,17 @@ ASN1_TIME *X509_get_notAfter(const X509 *x509)
|
|
|
193
203
|
return x509->cert_info->validity->notAfter;
|
|
194
204
|
}
|
|
195
205
|
|
|
206
|
+
void X509_get0_uids(const X509 *x509, const ASN1_BIT_STRING **out_issuer_uid,
|
|
207
|
+
const ASN1_BIT_STRING **out_subject_uid)
|
|
208
|
+
{
|
|
209
|
+
if (out_issuer_uid != NULL) {
|
|
210
|
+
*out_issuer_uid = x509->cert_info->issuerUID;
|
|
211
|
+
}
|
|
212
|
+
if (out_subject_uid != NULL) {
|
|
213
|
+
*out_subject_uid = x509->cert_info->subjectUID;
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
|
|
196
217
|
int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
|
|
197
218
|
{
|
|
198
219
|
if ((x == NULL) || (x->cert_info == NULL))
|
|
@@ -200,7 +221,7 @@ int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
|
|
|
200
221
|
return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
|
|
201
222
|
}
|
|
202
223
|
|
|
203
|
-
STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
|
|
224
|
+
const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
|
|
204
225
|
{
|
|
205
226
|
return x->cert_info->extensions;
|
|
206
227
|
}
|
|
@@ -260,17 +260,17 @@ void X509_TRUST_cleanup(void)
|
|
|
260
260
|
trtable = NULL;
|
|
261
261
|
}
|
|
262
262
|
|
|
263
|
-
int X509_TRUST_get_flags(X509_TRUST *xp)
|
|
263
|
+
int X509_TRUST_get_flags(const X509_TRUST *xp)
|
|
264
264
|
{
|
|
265
265
|
return xp->flags;
|
|
266
266
|
}
|
|
267
267
|
|
|
268
|
-
char *X509_TRUST_get0_name(X509_TRUST *xp)
|
|
268
|
+
char *X509_TRUST_get0_name(const X509_TRUST *xp)
|
|
269
269
|
{
|
|
270
270
|
return xp->name;
|
|
271
271
|
}
|
|
272
272
|
|
|
273
|
-
int X509_TRUST_get_trust(X509_TRUST *xp)
|
|
273
|
+
int X509_TRUST_get_trust(const X509_TRUST *xp)
|
|
274
274
|
{
|
|
275
275
|
return xp->trust;
|
|
276
276
|
}
|