grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
|
@@ -117,8 +117,6 @@ IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
|
|
|
117
117
|
|
|
118
118
|
/* Special, OCTET STRING with indefinite length constructed support */
|
|
119
119
|
|
|
120
|
-
IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
|
|
121
|
-
|
|
122
120
|
ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) =
|
|
123
121
|
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
|
|
124
122
|
ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
|
|
@@ -66,6 +66,7 @@
|
|
|
66
66
|
#include <openssl/thread.h>
|
|
67
67
|
|
|
68
68
|
#include "../internal.h"
|
|
69
|
+
#include "asn1_locl.h"
|
|
69
70
|
|
|
70
71
|
|
|
71
72
|
/* Utility functions for manipulating fields and offsets */
|
|
@@ -91,8 +92,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
|
|
|
91
92
|
|
|
92
93
|
static CRYPTO_refcount_t *asn1_get_references(ASN1_VALUE **pval,
|
|
93
94
|
const ASN1_ITEM *it) {
|
|
94
|
-
if (it->itype != ASN1_ITYPE_SEQUENCE
|
|
95
|
-
it->itype != ASN1_ITYPE_NDEF_SEQUENCE) {
|
|
95
|
+
if (it->itype != ASN1_ITYPE_SEQUENCE) {
|
|
96
96
|
return NULL;
|
|
97
97
|
}
|
|
98
98
|
const ASN1_AUX *aux = it->funcs;
|
|
@@ -55,7 +55,11 @@ int bio_ip_and_port_to_socket_and_addr(int *out_sock,
|
|
|
55
55
|
ret = getaddrinfo(hostname, port_str, &hint, &result);
|
|
56
56
|
if (ret != 0) {
|
|
57
57
|
OPENSSL_PUT_ERROR(SYS, 0);
|
|
58
|
+
#if defined(OPENSSL_WINDOWS)
|
|
59
|
+
ERR_add_error_data(1, gai_strerrorA(ret));
|
|
60
|
+
#else
|
|
58
61
|
ERR_add_error_data(1, gai_strerror(ret));
|
|
62
|
+
#endif
|
|
59
63
|
return 0;
|
|
60
64
|
}
|
|
61
65
|
|
|
@@ -0,0 +1,158 @@
|
|
|
1
|
+
/* Copyright (c) 2021, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#include <openssl/blake2.h>
|
|
16
|
+
|
|
17
|
+
#include <openssl/type_check.h>
|
|
18
|
+
|
|
19
|
+
#include "../internal.h"
|
|
20
|
+
|
|
21
|
+
// https://tools.ietf.org/html/rfc7693#section-2.6
|
|
22
|
+
static const uint64_t kIV[8] = {
|
|
23
|
+
UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b),
|
|
24
|
+
UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1),
|
|
25
|
+
UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f),
|
|
26
|
+
UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179),
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
// https://tools.ietf.org/html/rfc7693#section-2.7
|
|
30
|
+
static const uint8_t kSigma[10 * 16] = {
|
|
31
|
+
// clang-format off
|
|
32
|
+
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
|
|
33
|
+
14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
|
|
34
|
+
11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
|
|
35
|
+
7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
|
|
36
|
+
9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
|
|
37
|
+
2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
|
|
38
|
+
12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
|
|
39
|
+
13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
|
|
40
|
+
6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
|
|
41
|
+
10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
|
|
42
|
+
// clang-format on
|
|
43
|
+
};
|
|
44
|
+
|
|
45
|
+
#define RIGHT_ROTATE(v, n) (((v) >> (n)) | ((v) << (64 - (n))))
|
|
46
|
+
|
|
47
|
+
// https://tools.ietf.org/html/rfc7693#section-3.1
|
|
48
|
+
static void blake2b_mix(uint64_t v[16], int a, int b, int c, int d, uint64_t x,
|
|
49
|
+
uint64_t y) {
|
|
50
|
+
v[a] = v[a] + v[b] + x;
|
|
51
|
+
v[d] = RIGHT_ROTATE(v[d] ^ v[a], 32);
|
|
52
|
+
v[c] = v[c] + v[d];
|
|
53
|
+
v[b] = RIGHT_ROTATE(v[b] ^ v[c], 24);
|
|
54
|
+
v[a] = v[a] + v[b] + y;
|
|
55
|
+
v[d] = RIGHT_ROTATE(v[d] ^ v[a], 16);
|
|
56
|
+
v[c] = v[c] + v[d];
|
|
57
|
+
v[b] = RIGHT_ROTATE(v[b] ^ v[c], 63);
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
static void blake2b_transform(
|
|
61
|
+
BLAKE2B_CTX *b2b,
|
|
62
|
+
const uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)],
|
|
63
|
+
size_t num_bytes, int is_final_block) {
|
|
64
|
+
// https://tools.ietf.org/html/rfc7693#section-3.2
|
|
65
|
+
uint64_t v[16];
|
|
66
|
+
OPENSSL_STATIC_ASSERT(sizeof(v) == sizeof(b2b->h) + sizeof(kIV), "");
|
|
67
|
+
OPENSSL_memcpy(v, b2b->h, sizeof(b2b->h));
|
|
68
|
+
OPENSSL_memcpy(&v[8], kIV, sizeof(kIV));
|
|
69
|
+
|
|
70
|
+
b2b->t_low += num_bytes;
|
|
71
|
+
if (b2b->t_low < num_bytes) {
|
|
72
|
+
b2b->t_high++;
|
|
73
|
+
}
|
|
74
|
+
v[12] ^= b2b->t_low;
|
|
75
|
+
v[13] ^= b2b->t_high;
|
|
76
|
+
|
|
77
|
+
if (is_final_block) {
|
|
78
|
+
v[14] = ~v[14];
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
for (int round = 0; round < 12; round++) {
|
|
82
|
+
const uint8_t *const s = &kSigma[16 * (round % 10)];
|
|
83
|
+
blake2b_mix(v, 0, 4, 8, 12, block_words[s[0]], block_words[s[1]]);
|
|
84
|
+
blake2b_mix(v, 1, 5, 9, 13, block_words[s[2]], block_words[s[3]]);
|
|
85
|
+
blake2b_mix(v, 2, 6, 10, 14, block_words[s[4]], block_words[s[5]]);
|
|
86
|
+
blake2b_mix(v, 3, 7, 11, 15, block_words[s[6]], block_words[s[7]]);
|
|
87
|
+
blake2b_mix(v, 0, 5, 10, 15, block_words[s[8]], block_words[s[9]]);
|
|
88
|
+
blake2b_mix(v, 1, 6, 11, 12, block_words[s[10]], block_words[s[11]]);
|
|
89
|
+
blake2b_mix(v, 2, 7, 8, 13, block_words[s[12]], block_words[s[13]]);
|
|
90
|
+
blake2b_mix(v, 3, 4, 9, 14, block_words[s[14]], block_words[s[15]]);
|
|
91
|
+
}
|
|
92
|
+
|
|
93
|
+
for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(b2b->h); i++) {
|
|
94
|
+
b2b->h[i] ^= v[i];
|
|
95
|
+
b2b->h[i] ^= v[i + 8];
|
|
96
|
+
}
|
|
97
|
+
}
|
|
98
|
+
|
|
99
|
+
void BLAKE2B256_Init(BLAKE2B_CTX *b2b) {
|
|
100
|
+
OPENSSL_memset(b2b, 0, sizeof(BLAKE2B_CTX));
|
|
101
|
+
|
|
102
|
+
OPENSSL_STATIC_ASSERT(sizeof(kIV) == sizeof(b2b->h), "");
|
|
103
|
+
OPENSSL_memcpy(&b2b->h, kIV, sizeof(kIV));
|
|
104
|
+
|
|
105
|
+
// https://tools.ietf.org/html/rfc7693#section-2.5
|
|
106
|
+
b2b->h[0] ^= 0x01010000 | BLAKE2B256_DIGEST_LENGTH;
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
void BLAKE2B256_Update(BLAKE2B_CTX *b2b, const void *in_data, size_t len) {
|
|
110
|
+
const uint8_t *data = (const uint8_t *)in_data;
|
|
111
|
+
|
|
112
|
+
size_t todo = sizeof(b2b->block.bytes) - b2b->block_used;
|
|
113
|
+
if (todo > len) {
|
|
114
|
+
todo = len;
|
|
115
|
+
}
|
|
116
|
+
OPENSSL_memcpy(&b2b->block.bytes[b2b->block_used], data, todo);
|
|
117
|
+
b2b->block_used += todo;
|
|
118
|
+
data += todo;
|
|
119
|
+
len -= todo;
|
|
120
|
+
|
|
121
|
+
if (!len) {
|
|
122
|
+
return;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
// More input remains therefore we must have filled |b2b->block|.
|
|
126
|
+
assert(b2b->block_used == BLAKE2B_CBLOCK);
|
|
127
|
+
blake2b_transform(b2b, b2b->block.words, BLAKE2B_CBLOCK,
|
|
128
|
+
/*is_final_block=*/0);
|
|
129
|
+
b2b->block_used = 0;
|
|
130
|
+
|
|
131
|
+
while (len > BLAKE2B_CBLOCK) {
|
|
132
|
+
uint64_t block_words[BLAKE2B_CBLOCK / sizeof(uint64_t)];
|
|
133
|
+
OPENSSL_memcpy(block_words, data, sizeof(block_words));
|
|
134
|
+
blake2b_transform(b2b, block_words, BLAKE2B_CBLOCK, /*is_final_block=*/0);
|
|
135
|
+
data += BLAKE2B_CBLOCK;
|
|
136
|
+
len -= BLAKE2B_CBLOCK;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
OPENSSL_memcpy(b2b->block.bytes, data, len);
|
|
140
|
+
b2b->block_used = len;
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
void BLAKE2B256_Final(uint8_t out[BLAKE2B256_DIGEST_LENGTH], BLAKE2B_CTX *b2b) {
|
|
144
|
+
OPENSSL_memset(&b2b->block.bytes[b2b->block_used], 0,
|
|
145
|
+
sizeof(b2b->block.bytes) - b2b->block_used);
|
|
146
|
+
blake2b_transform(b2b, b2b->block.words, b2b->block_used,
|
|
147
|
+
/*is_final_block=*/1);
|
|
148
|
+
OPENSSL_STATIC_ASSERT(BLAKE2B256_DIGEST_LENGTH <= sizeof(b2b->h), "");
|
|
149
|
+
memcpy(out, b2b->h, BLAKE2B256_DIGEST_LENGTH);
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
void BLAKE2B256(const uint8_t *data, size_t len,
|
|
153
|
+
uint8_t out[BLAKE2B256_DIGEST_LENGTH]) {
|
|
154
|
+
BLAKE2B_CTX ctx;
|
|
155
|
+
BLAKE2B256_Init(&ctx);
|
|
156
|
+
BLAKE2B256_Update(&ctx, data, len);
|
|
157
|
+
BLAKE2B256_Final(out, &ctx);
|
|
158
|
+
}
|
|
@@ -20,25 +20,18 @@
|
|
|
20
20
|
|
|
21
21
|
int BN_parse_asn1_unsigned(CBS *cbs, BIGNUM *ret) {
|
|
22
22
|
CBS child;
|
|
23
|
+
int is_negative;
|
|
23
24
|
if (!CBS_get_asn1(cbs, &child, CBS_ASN1_INTEGER) ||
|
|
24
|
-
|
|
25
|
+
!CBS_is_valid_asn1_integer(&child, &is_negative)) {
|
|
25
26
|
OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING);
|
|
26
27
|
return 0;
|
|
27
28
|
}
|
|
28
29
|
|
|
29
|
-
if (
|
|
30
|
+
if (is_negative) {
|
|
30
31
|
OPENSSL_PUT_ERROR(BN, BN_R_NEGATIVE_NUMBER);
|
|
31
32
|
return 0;
|
|
32
33
|
}
|
|
33
34
|
|
|
34
|
-
// INTEGERs must be minimal.
|
|
35
|
-
if (CBS_data(&child)[0] == 0x00 &&
|
|
36
|
-
CBS_len(&child) > 1 &&
|
|
37
|
-
!(CBS_data(&child)[1] & 0x80)) {
|
|
38
|
-
OPENSSL_PUT_ERROR(BN, BN_R_BAD_ENCODING);
|
|
39
|
-
return 0;
|
|
40
|
-
}
|
|
41
|
-
|
|
42
35
|
return BN_bin2bn(CBS_data(&child), CBS_len(&child), ret) != NULL;
|
|
43
36
|
}
|
|
44
37
|
|
|
@@ -53,7 +53,7 @@ static int is_string_type(unsigned tag) {
|
|
|
53
53
|
// depending on whether an indefinite length element or constructed string was
|
|
54
54
|
// found. The value of |orig_in| is not changed. It returns one on success (i.e.
|
|
55
55
|
// |*ber_found| was set) and zero on error.
|
|
56
|
-
static int cbs_find_ber(const CBS *orig_in,
|
|
56
|
+
static int cbs_find_ber(const CBS *orig_in, int *ber_found, unsigned depth) {
|
|
57
57
|
CBS in;
|
|
58
58
|
|
|
59
59
|
if (depth > kMaxDepth) {
|
|
@@ -68,14 +68,11 @@ static int cbs_find_ber(const CBS *orig_in, char *ber_found, unsigned depth) {
|
|
|
68
68
|
unsigned tag;
|
|
69
69
|
size_t header_len;
|
|
70
70
|
|
|
71
|
-
if (!CBS_get_any_ber_asn1_element(&in, &contents, &tag, &header_len
|
|
71
|
+
if (!CBS_get_any_ber_asn1_element(&in, &contents, &tag, &header_len,
|
|
72
|
+
ber_found)) {
|
|
72
73
|
return 0;
|
|
73
74
|
}
|
|
74
|
-
if (
|
|
75
|
-
header_len > 0 &&
|
|
76
|
-
CBS_data(&contents)[header_len-1] == 0x80) {
|
|
77
|
-
// Found an indefinite-length element.
|
|
78
|
-
*ber_found = 1;
|
|
75
|
+
if (*ber_found) {
|
|
79
76
|
return 1;
|
|
80
77
|
}
|
|
81
78
|
if (tag & CBS_ASN1_CONSTRUCTED) {
|
|
@@ -120,9 +117,11 @@ static int cbs_convert_ber(CBS *in, CBB *out, unsigned string_tag,
|
|
|
120
117
|
CBS contents;
|
|
121
118
|
unsigned tag, child_string_tag = string_tag;
|
|
122
119
|
size_t header_len;
|
|
120
|
+
int ber_found;
|
|
123
121
|
CBB *out_contents, out_contents_storage;
|
|
124
122
|
|
|
125
|
-
if (!CBS_get_any_ber_asn1_element(in, &contents, &tag, &header_len
|
|
123
|
+
if (!CBS_get_any_ber_asn1_element(in, &contents, &tag, &header_len,
|
|
124
|
+
&ber_found)) {
|
|
126
125
|
return 0;
|
|
127
126
|
}
|
|
128
127
|
|
|
@@ -194,7 +193,7 @@ int CBS_asn1_ber_to_der(CBS *in, CBS *out, uint8_t **out_storage) {
|
|
|
194
193
|
|
|
195
194
|
// First, do a quick walk to find any indefinite-length elements. Most of the
|
|
196
195
|
// time we hope that there aren't any and thus we can quickly return.
|
|
197
|
-
|
|
196
|
+
int conversion_needed;
|
|
198
197
|
if (!cbs_find_ber(in, &conversion_needed, 0)) {
|
|
199
198
|
return 0;
|
|
200
199
|
}
|
|
@@ -254,8 +254,7 @@ static int parse_asn1_tag(CBS *cbs, unsigned *out) {
|
|
|
254
254
|
//
|
|
255
255
|
// If the number portion is 31 (0x1f, the largest value that fits in the
|
|
256
256
|
// allotted bits), then the tag is more than one byte long and the
|
|
257
|
-
// continuation bytes contain the tag number.
|
|
258
|
-
// numbers less than 31 (and thus single-byte tags).
|
|
257
|
+
// continuation bytes contain the tag number.
|
|
259
258
|
unsigned tag = ((unsigned)tag_byte & 0xe0) << CBS_ASN1_TAG_SHIFT;
|
|
260
259
|
unsigned tag_number = tag_byte & 0x1f;
|
|
261
260
|
if (tag_number == 0x1f) {
|
|
@@ -263,7 +262,7 @@ static int parse_asn1_tag(CBS *cbs, unsigned *out) {
|
|
|
263
262
|
if (!parse_base128_integer(cbs, &v) ||
|
|
264
263
|
// Check the tag number is within our supported bounds.
|
|
265
264
|
v > CBS_ASN1_TAG_NUMBER_MASK ||
|
|
266
|
-
// Small tag numbers should have used low tag number form.
|
|
265
|
+
// Small tag numbers should have used low tag number form, even in BER.
|
|
267
266
|
v < 0x1f) {
|
|
268
267
|
return 0;
|
|
269
268
|
}
|
|
@@ -277,13 +276,17 @@ static int parse_asn1_tag(CBS *cbs, unsigned *out) {
|
|
|
277
276
|
}
|
|
278
277
|
|
|
279
278
|
static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
280
|
-
size_t *out_header_len, int
|
|
279
|
+
size_t *out_header_len, int *out_ber_found,
|
|
280
|
+
int ber_ok) {
|
|
281
281
|
CBS header = *cbs;
|
|
282
282
|
CBS throwaway;
|
|
283
283
|
|
|
284
284
|
if (out == NULL) {
|
|
285
285
|
out = &throwaway;
|
|
286
286
|
}
|
|
287
|
+
if (ber_ok) {
|
|
288
|
+
*out_ber_found = 0;
|
|
289
|
+
}
|
|
287
290
|
|
|
288
291
|
unsigned tag;
|
|
289
292
|
if (!parse_asn1_tag(&header, &tag)) {
|
|
@@ -321,27 +324,38 @@ static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
|
321
324
|
if (out_header_len != NULL) {
|
|
322
325
|
*out_header_len = header_len;
|
|
323
326
|
}
|
|
327
|
+
*out_ber_found = 1;
|
|
324
328
|
return CBS_get_bytes(cbs, out, header_len);
|
|
325
329
|
}
|
|
326
330
|
|
|
327
331
|
// ITU-T X.690 clause 8.1.3.5.c specifies that the value 0xff shall not be
|
|
328
332
|
// used as the first byte of the length. If this parser encounters that
|
|
329
|
-
// value, num_bytes will be parsed as 127, which will fail
|
|
333
|
+
// value, num_bytes will be parsed as 127, which will fail this check.
|
|
330
334
|
if (num_bytes == 0 || num_bytes > 4) {
|
|
331
335
|
return 0;
|
|
332
336
|
}
|
|
333
337
|
if (!cbs_get_u(&header, &len64, num_bytes)) {
|
|
334
338
|
return 0;
|
|
335
339
|
}
|
|
336
|
-
// ITU-T X.690 section 10.1 (DER length forms) requires encoding the
|
|
337
|
-
// with the minimum number of octets.
|
|
340
|
+
// ITU-T X.690 section 10.1 (DER length forms) requires encoding the
|
|
341
|
+
// length with the minimum number of octets. BER could, technically, have
|
|
342
|
+
// 125 superfluous zero bytes. We do not attempt to handle that and still
|
|
343
|
+
// require that the length fit in a |uint32_t| for BER.
|
|
338
344
|
if (len64 < 128) {
|
|
339
345
|
// Length should have used short-form encoding.
|
|
340
|
-
|
|
346
|
+
if (ber_ok) {
|
|
347
|
+
*out_ber_found = 1;
|
|
348
|
+
} else {
|
|
349
|
+
return 0;
|
|
350
|
+
}
|
|
341
351
|
}
|
|
342
|
-
if ((len64 >> ((num_bytes-1)*8)) == 0) {
|
|
352
|
+
if ((len64 >> ((num_bytes - 1) * 8)) == 0) {
|
|
343
353
|
// Length should have been at least one byte shorter.
|
|
344
|
-
|
|
354
|
+
if (ber_ok) {
|
|
355
|
+
*out_ber_found = 1;
|
|
356
|
+
} else {
|
|
357
|
+
return 0;
|
|
358
|
+
}
|
|
345
359
|
}
|
|
346
360
|
len = len64;
|
|
347
361
|
if (len + header_len + num_bytes < len) {
|
|
@@ -374,13 +388,15 @@ int CBS_get_any_asn1(CBS *cbs, CBS *out, unsigned *out_tag) {
|
|
|
374
388
|
int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
375
389
|
size_t *out_header_len) {
|
|
376
390
|
return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len,
|
|
377
|
-
0 /* DER only */);
|
|
391
|
+
NULL, 0 /* DER only */);
|
|
378
392
|
}
|
|
379
393
|
|
|
380
394
|
int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, unsigned *out_tag,
|
|
381
|
-
size_t *out_header_len) {
|
|
382
|
-
|
|
383
|
-
|
|
395
|
+
size_t *out_header_len, int *out_ber_found) {
|
|
396
|
+
int ber_found_temp;
|
|
397
|
+
return cbs_get_any_asn1_element(
|
|
398
|
+
cbs, out, out_tag, out_header_len,
|
|
399
|
+
out_ber_found ? out_ber_found : &ber_found_temp, 1 /* BER allowed */);
|
|
384
400
|
}
|
|
385
401
|
|
|
386
402
|
static int cbs_get_asn1(CBS *cbs, CBS *out, unsigned tag_value,
|
|
@@ -426,29 +442,14 @@ int CBS_peek_asn1_tag(const CBS *cbs, unsigned tag_value) {
|
|
|
426
442
|
|
|
427
443
|
int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
|
|
428
444
|
CBS bytes;
|
|
429
|
-
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)
|
|
445
|
+
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
|
|
446
|
+
!CBS_is_unsigned_asn1_integer(&bytes)) {
|
|
430
447
|
return 0;
|
|
431
448
|
}
|
|
432
449
|
|
|
433
450
|
*out = 0;
|
|
434
451
|
const uint8_t *data = CBS_data(&bytes);
|
|
435
452
|
size_t len = CBS_len(&bytes);
|
|
436
|
-
|
|
437
|
-
if (len == 0) {
|
|
438
|
-
// An INTEGER is encoded with at least one octet.
|
|
439
|
-
return 0;
|
|
440
|
-
}
|
|
441
|
-
|
|
442
|
-
if ((data[0] & 0x80) != 0) {
|
|
443
|
-
// Negative number.
|
|
444
|
-
return 0;
|
|
445
|
-
}
|
|
446
|
-
|
|
447
|
-
if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) {
|
|
448
|
-
// Extra leading zeros.
|
|
449
|
-
return 0;
|
|
450
|
-
}
|
|
451
|
-
|
|
452
453
|
for (size_t i = 0; i < len; i++) {
|
|
453
454
|
if ((*out >> 56) != 0) {
|
|
454
455
|
// Too large to represent as a uint64_t.
|
|
@@ -462,31 +463,21 @@ int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
|
|
|
462
463
|
}
|
|
463
464
|
|
|
464
465
|
int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
|
|
466
|
+
int is_negative;
|
|
465
467
|
CBS bytes;
|
|
466
|
-
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)
|
|
468
|
+
if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
|
|
469
|
+
!CBS_is_valid_asn1_integer(&bytes, &is_negative)) {
|
|
467
470
|
return 0;
|
|
468
471
|
}
|
|
469
472
|
const uint8_t *data = CBS_data(&bytes);
|
|
470
473
|
const size_t len = CBS_len(&bytes);
|
|
471
|
-
|
|
472
|
-
if (len == 0 || len > sizeof(int64_t)) {
|
|
473
|
-
// An INTEGER is encoded with at least one octet.
|
|
474
|
+
if (len > sizeof(int64_t)) {
|
|
474
475
|
return 0;
|
|
475
476
|
}
|
|
476
|
-
if (len > 1) {
|
|
477
|
-
if (data[0] == 0 && (data[1] & 0x80) == 0) {
|
|
478
|
-
return 0; // Extra leading zeros.
|
|
479
|
-
}
|
|
480
|
-
if (data[0] == 0xff && (data[1] & 0x80) != 0) {
|
|
481
|
-
return 0; // Extra leading 0xff.
|
|
482
|
-
}
|
|
483
|
-
}
|
|
484
|
-
|
|
485
477
|
union {
|
|
486
478
|
int64_t i;
|
|
487
479
|
uint8_t bytes[sizeof(int64_t)];
|
|
488
480
|
} u;
|
|
489
|
-
const int is_negative = (data[0] & 0x80);
|
|
490
481
|
memset(u.bytes, is_negative ? 0xff : 0, sizeof(u.bytes)); // Sign-extend.
|
|
491
482
|
for (size_t i = 0; i < len; i++) {
|
|
492
483
|
u.bytes[i] = data[len - i - 1];
|
|
@@ -635,6 +626,30 @@ int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit) {
|
|
|
635
626
|
(CBS_data(cbs)[byte_num] & (1 << bit_num)) != 0;
|
|
636
627
|
}
|
|
637
628
|
|
|
629
|
+
int CBS_is_valid_asn1_integer(const CBS *cbs, int *out_is_negative) {
|
|
630
|
+
CBS copy = *cbs;
|
|
631
|
+
uint8_t first_byte, second_byte;
|
|
632
|
+
if (!CBS_get_u8(©, &first_byte)) {
|
|
633
|
+
return 0; // INTEGERs may not be empty.
|
|
634
|
+
}
|
|
635
|
+
if (out_is_negative != NULL) {
|
|
636
|
+
*out_is_negative = (first_byte & 0x80) != 0;
|
|
637
|
+
}
|
|
638
|
+
if (!CBS_get_u8(©, &second_byte)) {
|
|
639
|
+
return 1; // One byte INTEGERs are always minimal.
|
|
640
|
+
}
|
|
641
|
+
if ((first_byte == 0x00 && (second_byte & 0x80) == 0) ||
|
|
642
|
+
(first_byte == 0xff && (second_byte & 0x80) != 0)) {
|
|
643
|
+
return 0; // The value is minimal iff the first 9 bits are not all equal.
|
|
644
|
+
}
|
|
645
|
+
return 1;
|
|
646
|
+
}
|
|
647
|
+
|
|
648
|
+
int CBS_is_unsigned_asn1_integer(const CBS *cbs) {
|
|
649
|
+
int is_negative;
|
|
650
|
+
return CBS_is_valid_asn1_integer(cbs, &is_negative) && !is_negative;
|
|
651
|
+
}
|
|
652
|
+
|
|
638
653
|
static int add_decimal(CBB *out, uint64_t v) {
|
|
639
654
|
char buf[DECIMAL_SIZE(uint64_t) + 1];
|
|
640
655
|
BIO_snprintf(buf, sizeof(buf), "%" PRIu64, v);
|