grpc 1.35.0 → 1.36.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (335) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +60 -57
  3. data/include/grpc/grpc_security.h +16 -11
  4. data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
  5. data/src/core/ext/filters/client_channel/client_channel.h +0 -2
  6. data/src/core/ext/filters/client_channel/config_selector.h +1 -1
  7. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
  8. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
  9. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
  10. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
  11. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
  12. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
  13. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
  14. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
  15. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
  16. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
  17. data/src/core/ext/filters/client_channel/resolver.cc +2 -5
  18. data/src/core/ext/filters/client_channel/resolver.h +1 -12
  19. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
  20. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
  21. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
  22. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
  23. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
  24. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
  25. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
  26. data/src/core/ext/filters/client_channel/server_address.cc +6 -0
  27. data/src/core/ext/filters/client_channel/server_address.h +31 -0
  28. data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
  29. data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
  30. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
  31. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
  32. data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
  33. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
  34. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
  35. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
  36. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
  37. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
  38. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
  39. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
  40. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
  41. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
  42. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
  43. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
  44. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
  45. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
  46. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
  47. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
  48. data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
  49. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
  50. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
  51. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
  52. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
  53. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
  54. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
  55. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
  56. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
  57. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
  58. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
  59. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
  60. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
  61. data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
  62. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
  63. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
  64. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
  65. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
  66. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
  67. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
  68. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
  69. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
  70. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
  71. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
  72. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
  73. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
  74. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
  75. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
  76. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
  77. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
  78. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
  79. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
  80. data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
  81. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
  82. data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
  83. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
  84. data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
  85. data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
  86. data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
  87. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
  88. data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
  89. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
  90. data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
  91. data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
  92. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
  93. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
  94. data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
  95. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
  96. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
  97. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
  98. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
  99. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
  100. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
  101. data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
  102. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
  103. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
  104. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
  105. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
  106. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
  107. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
  108. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
  109. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
  110. data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
  111. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
  112. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
  113. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
  114. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
  115. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
  116. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
  117. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
  118. data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
  119. data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
  120. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
  121. data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
  122. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
  123. data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
  124. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
  125. data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
  126. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
  127. data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
  128. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
  129. data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
  130. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
  131. data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
  132. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
  133. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
  134. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
  135. data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
  136. data/src/core/ext/xds/xds_api.cc +738 -567
  137. data/src/core/ext/xds/xds_api.h +46 -84
  138. data/src/core/ext/xds/xds_bootstrap.cc +59 -40
  139. data/src/core/ext/xds/xds_bootstrap.h +12 -4
  140. data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
  141. data/src/core/ext/xds/xds_certificate_provider.h +83 -44
  142. data/src/core/ext/xds/xds_client.cc +13 -11
  143. data/src/core/ext/xds/xds_client.h +3 -0
  144. data/src/core/ext/xds/xds_client_stats.cc +2 -1
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
  146. data/src/core/lib/channel/handshaker.cc +2 -5
  147. data/src/core/lib/channel/handshaker.h +1 -1
  148. data/src/core/lib/gpr/log.cc +6 -1
  149. data/src/core/lib/gprpp/mpscq.cc +2 -2
  150. data/src/core/lib/gprpp/ref_counted.h +1 -1
  151. data/src/core/lib/gprpp/sync.h +129 -40
  152. data/src/core/lib/gprpp/time_util.cc +77 -0
  153. data/src/core/lib/gprpp/time_util.h +42 -0
  154. data/src/core/lib/http/httpcli_security_connector.cc +2 -2
  155. data/src/core/lib/iomgr/ev_apple.cc +10 -7
  156. data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
  157. data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
  158. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
  159. data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
  160. data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
  161. data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
  162. data/src/core/lib/iomgr/tcp_posix.cc +4 -4
  163. data/src/core/lib/security/authorization/matchers.cc +339 -0
  164. data/src/core/lib/security/authorization/matchers.h +158 -0
  165. data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
  166. data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
  167. data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
  168. data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
  169. data/src/core/lib/security/credentials/credentials.h +2 -1
  170. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
  171. data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
  172. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
  173. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
  174. data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
  175. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
  176. data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
  177. data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
  178. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
  179. data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
  180. data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
  181. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
  182. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
  183. data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
  184. data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
  185. data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
  186. data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
  187. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
  188. data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
  189. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
  190. data/src/core/lib/security/transport/security_handshaker.cc +1 -3
  191. data/src/core/lib/slice/slice_intern.cc +1 -1
  192. data/src/core/lib/surface/init.cc +13 -15
  193. data/src/core/lib/surface/server.cc +3 -3
  194. data/src/core/lib/surface/server.h +3 -0
  195. data/src/core/lib/surface/version.cc +2 -2
  196. data/src/core/lib/transport/metadata.cc +6 -2
  197. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
  198. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
  199. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
  200. data/src/core/tsi/fake_transport_security.cc +1 -1
  201. data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
  202. data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
  203. data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
  204. data/src/core/tsi/ssl_transport_security.cc +0 -3
  205. data/src/core/tsi/ssl_transport_security.h +0 -3
  206. data/src/ruby/lib/grpc/version.rb +1 -1
  207. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
  208. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
  209. data/third_party/boringssl-with-bazel/err_data.c +725 -723
  210. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  211. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
  212. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
  213. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
  214. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
  215. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
  216. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
  217. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
  218. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
  219. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
  220. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
  221. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
  222. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
  225. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
  226. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
  227. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
  228. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
  229. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
  230. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
  231. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
  232. data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
  233. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
  234. data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
  236. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
  237. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
  238. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
  239. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
  240. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
  241. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
  243. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
  244. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
  250. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
  251. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
  252. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
  253. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
  255. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
  256. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
  257. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
  258. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
  259. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
  260. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
  261. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
  262. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
  263. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
  264. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
  265. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
  266. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
  267. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
  268. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  269. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
  270. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
  271. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
  272. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
  273. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
  274. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
  275. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
  276. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
  277. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
  278. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
  279. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
  280. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
  281. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
  282. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
  283. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
  284. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
  285. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
  286. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
  287. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
  288. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
  289. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
  290. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
  291. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
  292. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
  293. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
  294. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
  295. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
  296. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
  297. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
  298. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
  299. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
  300. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
  301. data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
  302. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
  303. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
  304. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
  305. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
  306. data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
  307. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
  308. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
  309. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
  310. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
  311. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
  312. metadata +77 -65
  313. data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
  314. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
  315. data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
  316. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
  317. data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
  318. data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
  319. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
  320. data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
  321. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
  322. data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
  323. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
  324. data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
  325. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
  326. data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
  327. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
  328. data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
  329. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
  330. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
  331. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
  332. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
  333. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
  334. data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
  335. data/src/core/lib/iomgr/iomgr_posix.h +0 -26
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c CHANGED
@@ -77,7 +77,7 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
77
77
 
78
78
  ai = a->cert_info;
79
79
  bi = b->cert_info;
80
- i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
80
+ i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
81
81
  if (i)
82
82
  return (i);
83
83
  return (X509_NAME_cmp(ai->issuer, bi->issuer));
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c CHANGED
@@ -93,9 +93,10 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
93
93
  return (X509v3_delete_ext(x->crl->extensions, loc));
94
94
  }
95
95
 
96
- void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
96
+ void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *out_critical,
97
+ int *out_idx)
97
98
  {
98
- return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
99
+ return X509V3_get_d2i(crl->crl->extensions, nid, out_critical, out_idx);
99
100
  }
100
101
 
101
102
  int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
@@ -145,9 +146,11 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
145
146
  return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
146
147
  }
147
148
 
148
- void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
149
+ void *X509_get_ext_d2i(const X509 *x509, int nid, int *out_critical,
150
+ int *out_idx)
149
151
  {
150
- return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
152
+ return X509V3_get_d2i(x509->cert_info->extensions, nid, out_critical,
153
+ out_idx);
151
154
  }
152
155
 
153
156
  int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
@@ -194,10 +197,10 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
194
197
  return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
195
198
  }
196
199
 
197
- void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
198
- int *idx)
200
+ void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked, int nid,
201
+ int *out_critical, int *out_idx)
199
202
  {
200
- return X509V3_get_d2i(x->extensions, nid, crit, idx);
203
+ return X509V3_get_d2i(revoked->extensions, nid, out_critical, out_idx);
201
204
  }
202
205
 
203
206
  int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c CHANGED
@@ -79,7 +79,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
79
79
  xi = ret->cert_info;
80
80
 
81
81
  if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
82
- if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
82
+ if ((xi->version = ASN1_INTEGER_new()) == NULL)
83
83
  goto err;
84
84
  if (!ASN1_INTEGER_set(xi->version, 2))
85
85
  goto err;
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c CHANGED
@@ -75,12 +75,12 @@ int X509_set_version(X509 *x, long version)
75
75
  if (x == NULL)
76
76
  return (0);
77
77
  if (version == 0) {
78
- M_ASN1_INTEGER_free(x->cert_info->version);
78
+ ASN1_INTEGER_free(x->cert_info->version);
79
79
  x->cert_info->version = NULL;
80
80
  return (1);
81
81
  }
82
82
  if (x->cert_info->version == NULL) {
83
- if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
83
+ if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)
84
84
  return (0);
85
85
  }
86
86
  return (ASN1_INTEGER_set(x->cert_info->version, version));
@@ -94,9 +94,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
94
94
  return (0);
95
95
  in = x->cert_info->serialNumber;
96
96
  if (in != serial) {
97
- in = M_ASN1_INTEGER_dup(serial);
97
+ in = ASN1_INTEGER_dup(serial);
98
98
  if (in != NULL) {
99
- M_ASN1_INTEGER_free(x->cert_info->serialNumber);
99
+ ASN1_INTEGER_free(x->cert_info->serialNumber);
100
100
  x->cert_info->serialNumber = in;
101
101
  }
102
102
  }
@@ -125,9 +125,9 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
125
125
  return (0);
126
126
  in = x->cert_info->validity->notBefore;
127
127
  if (in != tm) {
128
- in = M_ASN1_TIME_dup(tm);
128
+ in = ASN1_STRING_dup(tm);
129
129
  if (in != NULL) {
130
- M_ASN1_TIME_free(x->cert_info->validity->notBefore);
130
+ ASN1_TIME_free(x->cert_info->validity->notBefore);
131
131
  x->cert_info->validity->notBefore = in;
132
132
  }
133
133
  }
@@ -168,9 +168,9 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
168
168
  return (0);
169
169
  in = x->cert_info->validity->notAfter;
170
170
  if (in != tm) {
171
- in = M_ASN1_TIME_dup(tm);
171
+ in = ASN1_STRING_dup(tm);
172
172
  if (in != NULL) {
173
- M_ASN1_TIME_free(x->cert_info->validity->notAfter);
173
+ ASN1_TIME_free(x->cert_info->validity->notAfter);
174
174
  x->cert_info->validity->notAfter = in;
175
175
  }
176
176
  }
data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c CHANGED
@@ -248,7 +248,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data)
248
248
 
249
249
  if (ex == NULL)
250
250
  return (0);
251
- i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
251
+ i = ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
252
252
  if (!i)
253
253
  return (0);
254
254
  return (1);
data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c CHANGED
@@ -66,7 +66,7 @@ int X509_CRL_set_version(X509_CRL *x, long version)
66
66
  if (x == NULL)
67
67
  return (0);
68
68
  if (x->crl->version == NULL) {
69
- if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
69
+ if ((x->crl->version = ASN1_INTEGER_new()) == NULL)
70
70
  return (0);
71
71
  }
72
72
  return (ASN1_INTEGER_set(x->crl->version, version));
@@ -87,9 +87,9 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
87
87
  return (0);
88
88
  in = x->crl->lastUpdate;
89
89
  if (in != tm) {
90
- in = M_ASN1_TIME_dup(tm);
90
+ in = ASN1_STRING_dup(tm);
91
91
  if (in != NULL) {
92
- M_ASN1_TIME_free(x->crl->lastUpdate);
92
+ ASN1_TIME_free(x->crl->lastUpdate);
93
93
  x->crl->lastUpdate = in;
94
94
  }
95
95
  }
@@ -104,9 +104,9 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
104
104
  return (0);
105
105
  in = x->crl->nextUpdate;
106
106
  if (in != tm) {
107
- in = M_ASN1_TIME_dup(tm);
107
+ in = ASN1_STRING_dup(tm);
108
108
  if (in != NULL) {
109
- M_ASN1_TIME_free(x->crl->nextUpdate);
109
+ ASN1_TIME_free(x->crl->nextUpdate);
110
110
  x->crl->nextUpdate = in;
111
111
  }
112
112
  }
@@ -189,45 +189,46 @@ int X509_CRL_get_signature_nid(const X509_CRL *crl)
189
189
  return OBJ_obj2nid(crl->sig_alg->algorithm);
190
190
  }
191
191
 
192
- const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
192
+ const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *revoked)
193
193
  {
194
- return x->revocationDate;
194
+ return revoked->revocationDate;
195
195
  }
196
196
 
197
- int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
197
+ int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked, const ASN1_TIME *tm)
198
198
  {
199
199
  ASN1_TIME *in;
200
200
 
201
- if (x == NULL)
201
+ if (revoked == NULL)
202
202
  return (0);
203
- in = x->revocationDate;
203
+ in = revoked->revocationDate;
204
204
  if (in != tm) {
205
- in = M_ASN1_TIME_dup(tm);
205
+ in = ASN1_STRING_dup(tm);
206
206
  if (in != NULL) {
207
- M_ASN1_TIME_free(x->revocationDate);
208
- x->revocationDate = in;
207
+ ASN1_TIME_free(revoked->revocationDate);
208
+ revoked->revocationDate = in;
209
209
  }
210
210
  }
211
211
  return (in != NULL);
212
212
  }
213
213
 
214
- const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
214
+ const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *revoked)
215
215
  {
216
- return x->serialNumber;
216
+ return revoked->serialNumber;
217
217
  }
218
218
 
219
- int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
219
+ int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
220
+ const ASN1_INTEGER *serial)
220
221
  {
221
222
  ASN1_INTEGER *in;
222
223
 
223
- if (x == NULL)
224
+ if (revoked == NULL)
224
225
  return (0);
225
- in = x->serialNumber;
226
+ in = revoked->serialNumber;
226
227
  if (in != serial) {
227
- in = M_ASN1_INTEGER_dup(serial);
228
+ in = ASN1_INTEGER_dup(serial);
228
229
  if (in != NULL) {
229
- M_ASN1_INTEGER_free(x->serialNumber);
230
- x->serialNumber = in;
230
+ ASN1_INTEGER_free(revoked->serialNumber);
231
+ revoked->serialNumber = in;
231
232
  }
232
233
  }
233
234
  return (in != NULL);
@@ -239,8 +240,13 @@ const STACK_OF(X509_EXTENSION) *
239
240
  return r->extensions;
240
241
  }
241
242
 
242
- int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
243
+ int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
243
244
  {
244
245
  crl->crl->enc.modified = 1;
245
- return i2d_X509_CRL_INFO(crl->crl, pp);
246
+ return i2d_X509_CRL_INFO(crl->crl, outp);
247
+ }
248
+
249
+ int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
250
+ {
251
+ return i2d_X509_CRL_INFO(crl->crl, outp);
246
252
  }
data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c CHANGED
@@ -393,8 +393,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
393
393
 
394
394
  static int X509_REVOKED_cmp(const X509_REVOKED **a, const X509_REVOKED **b)
395
395
  {
396
- return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber,
397
- (ASN1_STRING *)(*b)->serialNumber));
396
+ return ASN1_STRING_cmp((*a)->serialNumber, (*b)->serialNumber);
398
397
  }
399
398
 
400
399
  int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c CHANGED
@@ -78,7 +78,7 @@ X509_PKEY *X509_PKEY_new(void)
78
78
  ret->enc_algor = X509_ALGOR_new();
79
79
  if (ret->enc_algor == NULL)
80
80
  goto err;
81
- ret->enc_pkey = M_ASN1_OCTET_STRING_new();
81
+ ret->enc_pkey = ASN1_OCTET_STRING_new();
82
82
  if (ret->enc_pkey == NULL)
83
83
  goto err;
84
84
  return ret;
@@ -97,7 +97,7 @@ void X509_PKEY_free(X509_PKEY *x)
97
97
  if (x->enc_algor != NULL)
98
98
  X509_ALGOR_free(x->enc_algor);
99
99
  if (x->enc_pkey != NULL)
100
- M_ASN1_OCTET_STRING_free(x->enc_pkey);
100
+ ASN1_OCTET_STRING_free(x->enc_pkey);
101
101
  if (x->dec_pkey != NULL)
102
102
  EVP_PKEY_free(x->dec_pkey);
103
103
  if ((x->key_data != NULL) && (x->key_free))
data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c CHANGED
@@ -136,12 +136,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
136
136
  }
137
137
 
138
138
  /* Per RFC5280, section 4.1.2.9, extensions require v3. */
139
- /* Check disabled. TODO re-enable in Jan 2021.
140
- https://crbug.com/boringssl/375
141
139
  if (version != 2 && ret->cert_info->extensions != NULL) {
142
140
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
143
141
  return 0;
144
- }*/
142
+ }
145
143
 
146
144
  break;
147
145
  }
@@ -337,10 +335,45 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
337
335
  return length;
338
336
  }
339
337
 
340
- int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
338
+ int i2d_re_X509_tbs(X509 *x509, unsigned char **outp)
339
+ {
340
+ x509->cert_info->enc.modified = 1;
341
+ return i2d_X509_CINF(x509->cert_info, outp);
342
+ }
343
+
344
+ int i2d_X509_tbs(X509 *x509, unsigned char **outp)
341
345
  {
342
- x->cert_info->enc.modified = 1;
343
- return i2d_X509_CINF(x->cert_info, pp);
346
+ return i2d_X509_CINF(x509->cert_info, outp);
347
+ }
348
+
349
+ int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo)
350
+ {
351
+ /* TODO(davidben): Const-correct generated ASN.1 dup functions.
352
+ * Alternatively, when the types are hidden and we can embed required fields
353
+ * directly in structs, import |X509_ALGOR_copy| from upstream. */
354
+ X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo);
355
+ X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo);
356
+ if (copy1 == NULL || copy2 == NULL) {
357
+ X509_ALGOR_free(copy1);
358
+ X509_ALGOR_free(copy2);
359
+ return 0;
360
+ }
361
+
362
+ X509_ALGOR_free(x509->sig_alg);
363
+ x509->sig_alg = copy1;
364
+ X509_ALGOR_free(x509->cert_info->signature);
365
+ x509->cert_info->signature = copy2;
366
+ return 1;
367
+ }
368
+
369
+ int X509_set1_signature_value(X509 *x509, const uint8_t *sig, size_t sig_len)
370
+ {
371
+ if (!ASN1_STRING_set(x509->signature, sig, sig_len)) {
372
+ return 0;
373
+ }
374
+ x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
375
+ x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
376
+ return 1;
344
377
  }
345
378
 
346
379
  void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c CHANGED
@@ -89,7 +89,7 @@ static X509_CERT_AUX *aux_get(X509 *x)
89
89
  return x->aux;
90
90
  }
91
91
 
92
- int X509_alias_set1(X509 *x, unsigned char *name, int len)
92
+ int X509_alias_set1(X509 *x, const unsigned char *name, int len)
93
93
  {
94
94
  X509_CERT_AUX *aux;
95
95
  if (!name) {
@@ -106,7 +106,7 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
106
106
  return ASN1_STRING_set(aux->alias, name, len);
107
107
  }
108
108
 
109
- int X509_keyid_set1(X509 *x, unsigned char *id, int len)
109
+ int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
110
110
  {
111
111
  X509_CERT_AUX *aux;
112
112
  if (!id) {
data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c CHANGED
@@ -172,7 +172,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
172
172
 
173
173
  if ((issuer && !ikeyid) || (issuer == 2)) {
174
174
  isname = X509_NAME_dup(X509_get_issuer_name(cert));
175
- serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
175
+ serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
176
176
  if (!isname || !serial) {
177
177
  OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
178
178
  goto err;
@@ -201,7 +201,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
201
201
 
202
202
  err:
203
203
  X509_NAME_free(isname);
204
- M_ASN1_INTEGER_free(serial);
205
- M_ASN1_OCTET_STRING_free(ikeyid);
204
+ ASN1_INTEGER_free(serial);
205
+ ASN1_OCTET_STRING_free(ikeyid);
206
206
  return NULL;
207
207
  }
data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c CHANGED
@@ -75,8 +75,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
75
75
  STACK_OF(CONF_VALUE) *nval);
76
76
  static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
77
77
  static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
78
- static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
79
- static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
78
+ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
79
+ static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
80
80
 
81
81
  const X509V3_EXT_METHOD v3_alt[] = {
82
82
  {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
@@ -386,7 +386,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
386
386
  while ((i = X509_NAME_get_index_by_NID(nm,
387
387
  NID_pkcs9_emailAddress, i)) >= 0) {
388
388
  ne = X509_NAME_get_entry(nm, i);
389
- email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
389
+ email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
390
390
  if (move_p) {
391
391
  X509_NAME_delete_entry(nm, i);
392
392
  X509_NAME_ENTRY_free(ne);
@@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
410
410
 
411
411
  err:
412
412
  GENERAL_NAME_free(gen);
413
- M_ASN1_IA5STRING_free(email);
413
+ ASN1_IA5STRING_free(email);
414
414
  return 0;
415
415
 
416
416
  }
@@ -446,8 +446,8 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
446
446
 
447
447
  GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
448
448
  const X509V3_EXT_METHOD *method,
449
- X509V3_CTX *ctx, int gen_type, char *value,
450
- int is_nc)
449
+ X509V3_CTX *ctx, int gen_type,
450
+ const char *value, int is_nc)
451
451
  {
452
452
  char is_string = 0;
453
453
  GENERAL_NAME *gen = NULL;
@@ -517,7 +517,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
517
517
  }
518
518
 
519
519
  if (is_string) {
520
- if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
520
+ if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
521
521
  !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
522
522
  strlen(value))) {
523
523
  OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
@@ -575,9 +575,10 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
575
575
 
576
576
  }
577
577
 
578
- static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
578
+ static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
579
579
  {
580
- char *objtmp = NULL, *p;
580
+ char *objtmp = NULL;
581
+ const char *p;
581
582
  int objlen;
582
583
  if (!(p = strchr(value, ';')))
583
584
  return 0;
@@ -602,7 +603,7 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
602
603
  return 1;
603
604
  }
604
605
 
605
- static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
606
+ static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
606
607
  {
607
608
  int ret = 0;
608
609
  STACK_OF(CONF_VALUE) *sk = NULL;
data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c CHANGED
@@ -113,7 +113,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
113
113
  ASN1_BIT_STRING *bs;
114
114
  size_t i;
115
115
  const BIT_STRING_BITNAME *bnam;
116
- if (!(bs = M_ASN1_BIT_STRING_new())) {
116
+ if (!(bs = ASN1_BIT_STRING_new())) {
117
117
  OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
118
118
  return NULL;
119
119
  }
@@ -124,7 +124,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
124
124
  !strcmp(bnam->lname, val->name)) {
125
125
  if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
126
126
  OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
127
- M_ASN1_BIT_STRING_free(bs);
127
+ ASN1_BIT_STRING_free(bs);
128
128
  return NULL;
129
129
  }
130
130
  break;
@@ -133,7 +133,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
133
133
  if (!bnam->lname) {
134
134
  OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
135
135
  X509V3_conf_err(val);
136
- M_ASN1_BIT_STRING_free(bs);
136
+ ASN1_BIT_STRING_free(bs);
137
137
  return NULL;
138
138
  }
139
139
  }