grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -67,7 +67,7 @@
|
|
|
67
67
|
|
|
68
68
|
int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
|
|
69
69
|
{
|
|
70
|
-
return
|
|
70
|
+
return ASN1_STRING_set(x, d, len);
|
|
71
71
|
}
|
|
72
72
|
|
|
73
73
|
int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp)
|
|
@@ -146,7 +146,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
|
|
|
146
146
|
}
|
|
147
147
|
|
|
148
148
|
if ((a == NULL) || ((*a) == NULL)) {
|
|
149
|
-
if ((ret =
|
|
149
|
+
if ((ret = ASN1_BIT_STRING_new()) == NULL)
|
|
150
150
|
return (NULL);
|
|
151
151
|
} else
|
|
152
152
|
ret = (*a);
|
|
@@ -188,7 +188,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
|
|
|
188
188
|
return (ret);
|
|
189
189
|
err:
|
|
190
190
|
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
|
191
|
-
|
|
191
|
+
ASN1_BIT_STRING_free(ret);
|
|
192
192
|
return (NULL);
|
|
193
193
|
}
|
|
194
194
|
|
|
@@ -153,7 +153,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
|
|
|
153
153
|
int len, j;
|
|
154
154
|
|
|
155
155
|
if (ai == NULL)
|
|
156
|
-
ret =
|
|
156
|
+
ret = ASN1_ENUMERATED_new();
|
|
157
157
|
else
|
|
158
158
|
ret = ai;
|
|
159
159
|
if (ret == NULL) {
|
|
@@ -179,7 +179,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
|
|
|
179
179
|
return (ret);
|
|
180
180
|
err:
|
|
181
181
|
if (ret != ai)
|
|
182
|
-
|
|
182
|
+
ASN1_ENUMERATED_free(ret);
|
|
183
183
|
return (NULL);
|
|
184
184
|
}
|
|
185
185
|
|
|
@@ -67,7 +67,7 @@
|
|
|
67
67
|
|
|
68
68
|
ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
|
|
69
69
|
{
|
|
70
|
-
return
|
|
70
|
+
return ASN1_STRING_dup(x);
|
|
71
71
|
}
|
|
72
72
|
|
|
73
73
|
int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
|
|
@@ -206,7 +206,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
|
|
206
206
|
}
|
|
207
207
|
|
|
208
208
|
if ((a == NULL) || ((*a) == NULL)) {
|
|
209
|
-
if ((ret =
|
|
209
|
+
if ((ret = ASN1_INTEGER_new()) == NULL)
|
|
210
210
|
return (NULL);
|
|
211
211
|
ret->type = V_ASN1_INTEGER;
|
|
212
212
|
} else
|
|
@@ -282,7 +282,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
|
|
|
282
282
|
err:
|
|
283
283
|
OPENSSL_PUT_ERROR(ASN1, i);
|
|
284
284
|
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
|
|
285
|
-
|
|
285
|
+
ASN1_INTEGER_free(ret);
|
|
286
286
|
return (NULL);
|
|
287
287
|
}
|
|
288
288
|
|
|
@@ -374,7 +374,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
|
|
374
374
|
int len, j;
|
|
375
375
|
|
|
376
376
|
if (ai == NULL)
|
|
377
|
-
ret =
|
|
377
|
+
ret = ASN1_INTEGER_new();
|
|
378
378
|
else
|
|
379
379
|
ret = ai;
|
|
380
380
|
if (ret == NULL) {
|
|
@@ -404,7 +404,7 @@ ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
|
|
|
404
404
|
return (ret);
|
|
405
405
|
err:
|
|
406
406
|
if (ret != ai)
|
|
407
|
-
|
|
407
|
+
ASN1_INTEGER_free(ret);
|
|
408
408
|
return (NULL);
|
|
409
409
|
}
|
|
410
410
|
|
|
@@ -250,19 +250,12 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
|
|
|
250
250
|
if (a == NULL)
|
|
251
251
|
return;
|
|
252
252
|
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
* compile will cause memory leaks */
|
|
256
|
-
if (a->sn != NULL)
|
|
257
|
-
OPENSSL_free((void *)a->sn);
|
|
258
|
-
if (a->ln != NULL)
|
|
259
|
-
OPENSSL_free((void *)a->ln);
|
|
260
|
-
#endif
|
|
253
|
+
OPENSSL_free((void *)a->sn);
|
|
254
|
+
OPENSSL_free((void *)a->ln);
|
|
261
255
|
a->sn = a->ln = NULL;
|
|
262
256
|
}
|
|
263
257
|
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
|
|
264
|
-
|
|
265
|
-
OPENSSL_free((void *)a->data);
|
|
258
|
+
OPENSSL_free((void *)a->data);
|
|
266
259
|
a->data = NULL;
|
|
267
260
|
a->length = 0;
|
|
268
261
|
}
|
|
@@ -61,17 +61,17 @@
|
|
|
61
61
|
|
|
62
62
|
ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
|
|
63
63
|
{
|
|
64
|
-
return
|
|
64
|
+
return ASN1_STRING_dup(x);
|
|
65
65
|
}
|
|
66
66
|
|
|
67
67
|
int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
|
|
68
68
|
const ASN1_OCTET_STRING *b)
|
|
69
69
|
{
|
|
70
|
-
return
|
|
70
|
+
return ASN1_STRING_cmp(a, b);
|
|
71
71
|
}
|
|
72
72
|
|
|
73
73
|
int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
|
|
74
74
|
int len)
|
|
75
75
|
{
|
|
76
|
-
return
|
|
76
|
+
return ASN1_STRING_set(x, d, len);
|
|
77
77
|
}
|
|
@@ -61,6 +61,9 @@
|
|
|
61
61
|
#include <openssl/mem.h>
|
|
62
62
|
#include <openssl/obj.h>
|
|
63
63
|
|
|
64
|
+
#include "asn1_locl.h"
|
|
65
|
+
|
|
66
|
+
|
|
64
67
|
int ASN1_TYPE_get(const ASN1_TYPE *a)
|
|
65
68
|
{
|
|
66
69
|
if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
|
|
@@ -142,8 +145,7 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
|
|
|
142
145
|
case V_ASN1_UTF8STRING:
|
|
143
146
|
case V_ASN1_OTHER:
|
|
144
147
|
default:
|
|
145
|
-
result = ASN1_STRING_cmp(
|
|
146
|
-
(ASN1_STRING *)b->value.ptr);
|
|
148
|
+
result = ASN1_STRING_cmp(a->value.asn1_string, b->value.asn1_string);
|
|
147
149
|
break;
|
|
148
150
|
}
|
|
149
151
|
|
|
@@ -197,7 +197,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
|
|
|
197
197
|
|
|
198
198
|
if (s == NULL) {
|
|
199
199
|
free_s = 1;
|
|
200
|
-
s =
|
|
200
|
+
s = ASN1_UTCTIME_new();
|
|
201
201
|
}
|
|
202
202
|
if (s == NULL)
|
|
203
203
|
goto err;
|
|
@@ -234,7 +234,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
|
|
|
234
234
|
return (s);
|
|
235
235
|
err:
|
|
236
236
|
if (free_s && s)
|
|
237
|
-
|
|
237
|
+
ASN1_UTCTIME_free(s);
|
|
238
238
|
return NULL;
|
|
239
239
|
}
|
|
240
240
|
|
|
@@ -251,6 +251,8 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
|
|
|
251
251
|
|
|
252
252
|
int ASN1_put_eoc(unsigned char **pp)
|
|
253
253
|
{
|
|
254
|
+
/* This function is no longer used in the library, but some external code
|
|
255
|
+
* uses it. */
|
|
254
256
|
unsigned char *p = *pp;
|
|
255
257
|
*p++ = 0;
|
|
256
258
|
*p++ = 0;
|
|
@@ -311,9 +313,9 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
|
|
|
311
313
|
{
|
|
312
314
|
if (str == NULL)
|
|
313
315
|
return 0;
|
|
314
|
-
dst->type = str->type;
|
|
315
316
|
if (!ASN1_STRING_set(dst, str->data, str->length))
|
|
316
317
|
return 0;
|
|
318
|
+
dst->type = str->type;
|
|
317
319
|
dst->flags = str->flags;
|
|
318
320
|
return 1;
|
|
319
321
|
}
|
|
@@ -395,13 +397,12 @@ ASN1_STRING *ASN1_STRING_type_new(int type)
|
|
|
395
397
|
return (ret);
|
|
396
398
|
}
|
|
397
399
|
|
|
398
|
-
void ASN1_STRING_free(ASN1_STRING *
|
|
400
|
+
void ASN1_STRING_free(ASN1_STRING *str)
|
|
399
401
|
{
|
|
400
|
-
if (
|
|
402
|
+
if (str == NULL)
|
|
401
403
|
return;
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
OPENSSL_free(a);
|
|
404
|
+
OPENSSL_free(str->data);
|
|
405
|
+
OPENSSL_free(str);
|
|
405
406
|
}
|
|
406
407
|
|
|
407
408
|
int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
|
|
@@ -419,22 +420,22 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
|
|
|
419
420
|
return (i);
|
|
420
421
|
}
|
|
421
422
|
|
|
422
|
-
int ASN1_STRING_length(const ASN1_STRING *
|
|
423
|
+
int ASN1_STRING_length(const ASN1_STRING *str)
|
|
423
424
|
{
|
|
424
|
-
return
|
|
425
|
+
return str->length;
|
|
425
426
|
}
|
|
426
427
|
|
|
427
|
-
int ASN1_STRING_type(const ASN1_STRING *
|
|
428
|
+
int ASN1_STRING_type(const ASN1_STRING *str)
|
|
428
429
|
{
|
|
429
|
-
return
|
|
430
|
+
return str->type;
|
|
430
431
|
}
|
|
431
432
|
|
|
432
|
-
unsigned char *ASN1_STRING_data(ASN1_STRING *
|
|
433
|
+
unsigned char *ASN1_STRING_data(ASN1_STRING *str)
|
|
433
434
|
{
|
|
434
|
-
return
|
|
435
|
+
return str->data;
|
|
435
436
|
}
|
|
436
437
|
|
|
437
|
-
const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *
|
|
438
|
+
const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *str)
|
|
438
439
|
{
|
|
439
|
-
return
|
|
440
|
+
return str->data;
|
|
440
441
|
}
|
|
@@ -96,6 +96,36 @@ void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
|
96
96
|
int UTF8_getc(const unsigned char *str, int len, uint32_t *val);
|
|
97
97
|
int UTF8_putc(unsigned char *str, int len, uint32_t value);
|
|
98
98
|
|
|
99
|
+
int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
100
|
+
void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
101
|
+
|
|
102
|
+
void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
|
|
103
|
+
int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
|
|
104
|
+
const ASN1_ITEM *it, int tag, int aclass, char opt,
|
|
105
|
+
ASN1_TLC *ctx);
|
|
106
|
+
|
|
107
|
+
int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
|
|
108
|
+
const ASN1_ITEM *it, int tag, int aclass);
|
|
109
|
+
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
110
|
+
|
|
111
|
+
int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
112
|
+
int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
|
|
113
|
+
|
|
114
|
+
ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
|
|
115
|
+
|
|
116
|
+
const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
|
|
117
|
+
int nullerr);
|
|
118
|
+
|
|
119
|
+
void asn1_refcount_set_one(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
120
|
+
int asn1_refcount_dec_and_test_zero(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
121
|
+
|
|
122
|
+
void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
123
|
+
void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
|
|
124
|
+
int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
|
|
125
|
+
const ASN1_ITEM *it);
|
|
126
|
+
int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
|
|
127
|
+
const ASN1_ITEM *it);
|
|
128
|
+
|
|
99
129
|
|
|
100
130
|
#if defined(__cplusplus)
|
|
101
131
|
} /* extern C */
|
|
@@ -65,6 +65,7 @@
|
|
|
65
65
|
#include <openssl/mem.h>
|
|
66
66
|
|
|
67
67
|
#include "../internal.h"
|
|
68
|
+
#include "asn1_locl.h"
|
|
68
69
|
|
|
69
70
|
/*
|
|
70
71
|
* Constructed types with a recursive definition (such as can be found in PKCS7)
|
|
@@ -95,6 +96,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
|
|
95
96
|
const unsigned char **in, long len,
|
|
96
97
|
const ASN1_TEMPLATE *tt, char opt,
|
|
97
98
|
ASN1_TLC *ctx, int depth);
|
|
99
|
+
static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
|
100
|
+
int utype, char *free_cont, const ASN1_ITEM *it);
|
|
98
101
|
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
|
99
102
|
const unsigned char **in, long len,
|
|
100
103
|
const ASN1_ITEM *it,
|
|
@@ -166,19 +169,16 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
|
|
166
169
|
char opt, ASN1_TLC *ctx, int depth)
|
|
167
170
|
{
|
|
168
171
|
const ASN1_TEMPLATE *tt, *errtt = NULL;
|
|
169
|
-
const ASN1_COMPAT_FUNCS *cf;
|
|
170
172
|
const ASN1_EXTERN_FUNCS *ef;
|
|
171
173
|
const ASN1_AUX *aux = it->funcs;
|
|
172
174
|
ASN1_aux_cb *asn1_cb;
|
|
173
175
|
const unsigned char *p = NULL, *q;
|
|
174
|
-
unsigned char
|
|
175
|
-
unsigned char imphack = 0, oclass;
|
|
176
|
+
unsigned char oclass;
|
|
176
177
|
char seq_eoc, seq_nolen, cst, isopt;
|
|
177
|
-
long tmplen;
|
|
178
178
|
int i;
|
|
179
179
|
int otag;
|
|
180
180
|
int ret = 0;
|
|
181
|
-
ASN1_VALUE **pchptr
|
|
181
|
+
ASN1_VALUE **pchptr;
|
|
182
182
|
int combine = aclass & ASN1_TFLG_COMBINE;
|
|
183
183
|
aclass &= ~ASN1_TFLG_COMBINE;
|
|
184
184
|
if (!pval)
|
|
@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
|
|
223
223
|
break;
|
|
224
224
|
|
|
225
225
|
case ASN1_ITYPE_MSTRING:
|
|
226
|
+
/*
|
|
227
|
+
* It never makes sense for multi-strings to have implicit tagging, so
|
|
228
|
+
* if tag != -1, then this looks like an error in the template.
|
|
229
|
+
*/
|
|
230
|
+
if (tag != -1) {
|
|
231
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
232
|
+
goto err;
|
|
233
|
+
}
|
|
234
|
+
|
|
226
235
|
p = *in;
|
|
227
236
|
/* Just read in tag and class */
|
|
228
237
|
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
|
|
@@ -255,67 +264,16 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
|
|
255
264
|
ef = it->funcs;
|
|
256
265
|
return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
|
|
257
266
|
|
|
258
|
-
case
|
|
259
|
-
/* we must resort to old style evil hackery */
|
|
260
|
-
cf = it->funcs;
|
|
261
|
-
|
|
262
|
-
/* If OPTIONAL see if it is there */
|
|
263
|
-
if (opt) {
|
|
264
|
-
int exptag;
|
|
265
|
-
p = *in;
|
|
266
|
-
if (tag == -1)
|
|
267
|
-
exptag = it->utype;
|
|
268
|
-
else
|
|
269
|
-
exptag = tag;
|
|
270
|
-
/*
|
|
271
|
-
* Don't care about anything other than presence of expected tag
|
|
272
|
-
*/
|
|
273
|
-
|
|
274
|
-
ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
|
|
275
|
-
&p, len, exptag, aclass, 1, ctx);
|
|
276
|
-
if (!ret) {
|
|
277
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
|
278
|
-
goto err;
|
|
279
|
-
}
|
|
280
|
-
if (ret == -1)
|
|
281
|
-
return -1;
|
|
282
|
-
}
|
|
283
|
-
|
|
267
|
+
case ASN1_ITYPE_CHOICE:
|
|
284
268
|
/*
|
|
285
|
-
*
|
|
286
|
-
*
|
|
287
|
-
* present we change the buffer temporarily then change it back
|
|
288
|
-
* afterwards. This doesn't and never did work for tags > 30. Yes
|
|
289
|
-
* this is *horrible* but it is only needed for old style d2i which
|
|
290
|
-
* will hopefully not be around for much longer. FIXME: should copy
|
|
291
|
-
* the buffer then modify it so the input buffer can be const: we
|
|
292
|
-
* should *always* copy because the old style d2i might modify the
|
|
293
|
-
* buffer.
|
|
269
|
+
* It never makes sense for CHOICE types to have implicit tagging, so if
|
|
270
|
+
* tag != -1, then this looks like an error in the template.
|
|
294
271
|
*/
|
|
295
|
-
|
|
296
272
|
if (tag != -1) {
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
if (p == NULL) {
|
|
300
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
|
301
|
-
goto err;
|
|
302
|
-
}
|
|
303
|
-
*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
|
|
304
|
-
| it->utype);
|
|
273
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
274
|
+
goto err;
|
|
305
275
|
}
|
|
306
276
|
|
|
307
|
-
ptmpval = cf->asn1_d2i(pval, in, len);
|
|
308
|
-
|
|
309
|
-
if (tag != -1)
|
|
310
|
-
*wp = imphack;
|
|
311
|
-
|
|
312
|
-
if (ptmpval)
|
|
313
|
-
return 1;
|
|
314
|
-
|
|
315
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
|
|
316
|
-
goto err;
|
|
317
|
-
|
|
318
|
-
case ASN1_ITYPE_CHOICE:
|
|
319
277
|
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
|
|
320
278
|
goto auxerr;
|
|
321
279
|
|
|
@@ -370,10 +328,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
|
|
370
328
|
*in = p;
|
|
371
329
|
return 1;
|
|
372
330
|
|
|
373
|
-
case ASN1_ITYPE_NDEF_SEQUENCE:
|
|
374
331
|
case ASN1_ITYPE_SEQUENCE:
|
|
375
332
|
p = *in;
|
|
376
|
-
tmplen = len;
|
|
377
333
|
|
|
378
334
|
/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
|
|
379
335
|
if (tag == -1) {
|
|
@@ -388,13 +344,8 @@ static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
|
|
|
388
344
|
goto err;
|
|
389
345
|
} else if (ret == -1)
|
|
390
346
|
return -1;
|
|
391
|
-
if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
|
|
392
|
-
len = tmplen - (p - *in);
|
|
393
|
-
seq_nolen = 1;
|
|
394
|
-
}
|
|
395
347
|
/* If indefinite we don't do a length check */
|
|
396
|
-
|
|
397
|
-
seq_nolen = seq_eoc;
|
|
348
|
+
seq_nolen = seq_eoc;
|
|
398
349
|
if (!cst) {
|
|
399
350
|
OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
|
|
400
351
|
goto err;
|
|
@@ -649,7 +600,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
|
|
|
649
600
|
} else if (ret == -1)
|
|
650
601
|
return -1;
|
|
651
602
|
if (!*val)
|
|
652
|
-
*val = (ASN1_VALUE *)
|
|
603
|
+
*val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
|
|
653
604
|
else {
|
|
654
605
|
/*
|
|
655
606
|
* We've got a valid STACK: free up any items present
|
|
@@ -860,19 +811,19 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|
|
|
860
811
|
|
|
861
812
|
/* Translate ASN1 content octets into a structure */
|
|
862
813
|
|
|
863
|
-
int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
|
864
|
-
|
|
814
|
+
static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
|
|
815
|
+
int utype, char *free_cont, const ASN1_ITEM *it)
|
|
865
816
|
{
|
|
866
817
|
ASN1_VALUE **opval = NULL;
|
|
867
818
|
ASN1_STRING *stmp;
|
|
868
819
|
ASN1_TYPE *typ = NULL;
|
|
869
820
|
int ret = 0;
|
|
870
|
-
const ASN1_PRIMITIVE_FUNCS *pf;
|
|
871
821
|
ASN1_INTEGER **tint;
|
|
872
|
-
pf = it->funcs;
|
|
873
822
|
|
|
874
|
-
|
|
875
|
-
|
|
823
|
+
/* Historically, |it->funcs| for primitive types contained an
|
|
824
|
+
* |ASN1_PRIMITIVE_FUNCS| table of callbacks. */
|
|
825
|
+
assert(it->funcs == NULL);
|
|
826
|
+
|
|
876
827
|
/* If ANY type clear type and set pointer to internal value */
|
|
877
828
|
if (it->utype == V_ASN1_ANY) {
|
|
878
829
|
if (!*pval) {
|
|
@@ -1055,15 +1006,13 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
|
|
|
1055
1006
|
* constructed type and 'inf' should be set if it is indefinite length.
|
|
1056
1007
|
*/
|
|
1057
1008
|
|
|
1058
|
-
#ifndef ASN1_MAX_STRING_NEST
|
|
1059
1009
|
/*
|
|
1060
1010
|
* This determines how many levels of recursion are permitted in ASN1 string
|
|
1061
1011
|
* types. If it is not limited stack overflows can occur. If set to zero no
|
|
1062
1012
|
* recursion is allowed at all. Although zero should be adequate examples
|
|
1063
1013
|
* exist that require a value of 1. So 5 should be more than enough.
|
|
1064
1014
|
*/
|
|
1065
|
-
#
|
|
1066
|
-
#endif
|
|
1015
|
+
#define ASN1_MAX_STRING_NEST 5
|
|
1067
1016
|
|
|
1068
1017
|
static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
|
|
1069
1018
|
char inf, int tag, int aclass, int depth)
|