grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
@@ -77,7 +77,7 @@ int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
|
|
77
77
|
|
78
78
|
ai = a->cert_info;
|
79
79
|
bi = b->cert_info;
|
80
|
-
i =
|
80
|
+
i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
|
81
81
|
if (i)
|
82
82
|
return (i);
|
83
83
|
return (X509_NAME_cmp(ai->issuer, bi->issuer));
|
@@ -93,9 +93,10 @@ X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
|
|
93
93
|
return (X509v3_delete_ext(x->crl->extensions, loc));
|
94
94
|
}
|
95
95
|
|
96
|
-
void *X509_CRL_get_ext_d2i(const X509_CRL *
|
96
|
+
void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *out_critical,
|
97
|
+
int *out_idx)
|
97
98
|
{
|
98
|
-
return X509V3_get_d2i(
|
99
|
+
return X509V3_get_d2i(crl->crl->extensions, nid, out_critical, out_idx);
|
99
100
|
}
|
100
101
|
|
101
102
|
int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
|
@@ -145,9 +146,11 @@ int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
|
|
145
146
|
return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
|
146
147
|
}
|
147
148
|
|
148
|
-
void *X509_get_ext_d2i(const X509 *
|
149
|
+
void *X509_get_ext_d2i(const X509 *x509, int nid, int *out_critical,
|
150
|
+
int *out_idx)
|
149
151
|
{
|
150
|
-
return X509V3_get_d2i(
|
152
|
+
return X509V3_get_d2i(x509->cert_info->extensions, nid, out_critical,
|
153
|
+
out_idx);
|
151
154
|
}
|
152
155
|
|
153
156
|
int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
|
@@ -194,10 +197,10 @@ int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
|
|
194
197
|
return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
|
195
198
|
}
|
196
199
|
|
197
|
-
void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *
|
198
|
-
int *
|
200
|
+
void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *revoked, int nid,
|
201
|
+
int *out_critical, int *out_idx)
|
199
202
|
{
|
200
|
-
return X509V3_get_d2i(
|
203
|
+
return X509V3_get_d2i(revoked->extensions, nid, out_critical, out_idx);
|
201
204
|
}
|
202
205
|
|
203
206
|
int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
|
@@ -79,7 +79,7 @@ X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
|
|
79
79
|
xi = ret->cert_info;
|
80
80
|
|
81
81
|
if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
|
82
|
-
if ((xi->version =
|
82
|
+
if ((xi->version = ASN1_INTEGER_new()) == NULL)
|
83
83
|
goto err;
|
84
84
|
if (!ASN1_INTEGER_set(xi->version, 2))
|
85
85
|
goto err;
|
@@ -75,12 +75,12 @@ int X509_set_version(X509 *x, long version)
|
|
75
75
|
if (x == NULL)
|
76
76
|
return (0);
|
77
77
|
if (version == 0) {
|
78
|
-
|
78
|
+
ASN1_INTEGER_free(x->cert_info->version);
|
79
79
|
x->cert_info->version = NULL;
|
80
80
|
return (1);
|
81
81
|
}
|
82
82
|
if (x->cert_info->version == NULL) {
|
83
|
-
if ((x->cert_info->version =
|
83
|
+
if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL)
|
84
84
|
return (0);
|
85
85
|
}
|
86
86
|
return (ASN1_INTEGER_set(x->cert_info->version, version));
|
@@ -94,9 +94,9 @@ int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
|
|
94
94
|
return (0);
|
95
95
|
in = x->cert_info->serialNumber;
|
96
96
|
if (in != serial) {
|
97
|
-
in =
|
97
|
+
in = ASN1_INTEGER_dup(serial);
|
98
98
|
if (in != NULL) {
|
99
|
-
|
99
|
+
ASN1_INTEGER_free(x->cert_info->serialNumber);
|
100
100
|
x->cert_info->serialNumber = in;
|
101
101
|
}
|
102
102
|
}
|
@@ -125,9 +125,9 @@ int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
|
|
125
125
|
return (0);
|
126
126
|
in = x->cert_info->validity->notBefore;
|
127
127
|
if (in != tm) {
|
128
|
-
in =
|
128
|
+
in = ASN1_STRING_dup(tm);
|
129
129
|
if (in != NULL) {
|
130
|
-
|
130
|
+
ASN1_TIME_free(x->cert_info->validity->notBefore);
|
131
131
|
x->cert_info->validity->notBefore = in;
|
132
132
|
}
|
133
133
|
}
|
@@ -168,9 +168,9 @@ int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
|
|
168
168
|
return (0);
|
169
169
|
in = x->cert_info->validity->notAfter;
|
170
170
|
if (in != tm) {
|
171
|
-
in =
|
171
|
+
in = ASN1_STRING_dup(tm);
|
172
172
|
if (in != NULL) {
|
173
|
-
|
173
|
+
ASN1_TIME_free(x->cert_info->validity->notAfter);
|
174
174
|
x->cert_info->validity->notAfter = in;
|
175
175
|
}
|
176
176
|
}
|
@@ -248,7 +248,7 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, const ASN1_OCTET_STRING *data)
|
|
248
248
|
|
249
249
|
if (ex == NULL)
|
250
250
|
return (0);
|
251
|
-
i =
|
251
|
+
i = ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
|
252
252
|
if (!i)
|
253
253
|
return (0);
|
254
254
|
return (1);
|
@@ -66,7 +66,7 @@ int X509_CRL_set_version(X509_CRL *x, long version)
|
|
66
66
|
if (x == NULL)
|
67
67
|
return (0);
|
68
68
|
if (x->crl->version == NULL) {
|
69
|
-
if ((x->crl->version =
|
69
|
+
if ((x->crl->version = ASN1_INTEGER_new()) == NULL)
|
70
70
|
return (0);
|
71
71
|
}
|
72
72
|
return (ASN1_INTEGER_set(x->crl->version, version));
|
@@ -87,9 +87,9 @@ int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
|
|
87
87
|
return (0);
|
88
88
|
in = x->crl->lastUpdate;
|
89
89
|
if (in != tm) {
|
90
|
-
in =
|
90
|
+
in = ASN1_STRING_dup(tm);
|
91
91
|
if (in != NULL) {
|
92
|
-
|
92
|
+
ASN1_TIME_free(x->crl->lastUpdate);
|
93
93
|
x->crl->lastUpdate = in;
|
94
94
|
}
|
95
95
|
}
|
@@ -104,9 +104,9 @@ int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
|
|
104
104
|
return (0);
|
105
105
|
in = x->crl->nextUpdate;
|
106
106
|
if (in != tm) {
|
107
|
-
in =
|
107
|
+
in = ASN1_STRING_dup(tm);
|
108
108
|
if (in != NULL) {
|
109
|
-
|
109
|
+
ASN1_TIME_free(x->crl->nextUpdate);
|
110
110
|
x->crl->nextUpdate = in;
|
111
111
|
}
|
112
112
|
}
|
@@ -189,45 +189,46 @@ int X509_CRL_get_signature_nid(const X509_CRL *crl)
|
|
189
189
|
return OBJ_obj2nid(crl->sig_alg->algorithm);
|
190
190
|
}
|
191
191
|
|
192
|
-
const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *
|
192
|
+
const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *revoked)
|
193
193
|
{
|
194
|
-
return
|
194
|
+
return revoked->revocationDate;
|
195
195
|
}
|
196
196
|
|
197
|
-
int X509_REVOKED_set_revocationDate(X509_REVOKED *
|
197
|
+
int X509_REVOKED_set_revocationDate(X509_REVOKED *revoked, const ASN1_TIME *tm)
|
198
198
|
{
|
199
199
|
ASN1_TIME *in;
|
200
200
|
|
201
|
-
if (
|
201
|
+
if (revoked == NULL)
|
202
202
|
return (0);
|
203
|
-
in =
|
203
|
+
in = revoked->revocationDate;
|
204
204
|
if (in != tm) {
|
205
|
-
in =
|
205
|
+
in = ASN1_STRING_dup(tm);
|
206
206
|
if (in != NULL) {
|
207
|
-
|
208
|
-
|
207
|
+
ASN1_TIME_free(revoked->revocationDate);
|
208
|
+
revoked->revocationDate = in;
|
209
209
|
}
|
210
210
|
}
|
211
211
|
return (in != NULL);
|
212
212
|
}
|
213
213
|
|
214
|
-
const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *
|
214
|
+
const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *revoked)
|
215
215
|
{
|
216
|
-
return
|
216
|
+
return revoked->serialNumber;
|
217
217
|
}
|
218
218
|
|
219
|
-
int X509_REVOKED_set_serialNumber(X509_REVOKED *
|
219
|
+
int X509_REVOKED_set_serialNumber(X509_REVOKED *revoked,
|
220
|
+
const ASN1_INTEGER *serial)
|
220
221
|
{
|
221
222
|
ASN1_INTEGER *in;
|
222
223
|
|
223
|
-
if (
|
224
|
+
if (revoked == NULL)
|
224
225
|
return (0);
|
225
|
-
in =
|
226
|
+
in = revoked->serialNumber;
|
226
227
|
if (in != serial) {
|
227
|
-
in =
|
228
|
+
in = ASN1_INTEGER_dup(serial);
|
228
229
|
if (in != NULL) {
|
229
|
-
|
230
|
-
|
230
|
+
ASN1_INTEGER_free(revoked->serialNumber);
|
231
|
+
revoked->serialNumber = in;
|
231
232
|
}
|
232
233
|
}
|
233
234
|
return (in != NULL);
|
@@ -239,8 +240,13 @@ const STACK_OF(X509_EXTENSION) *
|
|
239
240
|
return r->extensions;
|
240
241
|
}
|
241
242
|
|
242
|
-
int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **
|
243
|
+
int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
|
243
244
|
{
|
244
245
|
crl->crl->enc.modified = 1;
|
245
|
-
return i2d_X509_CRL_INFO(crl->crl,
|
246
|
+
return i2d_X509_CRL_INFO(crl->crl, outp);
|
247
|
+
}
|
248
|
+
|
249
|
+
int i2d_X509_CRL_tbs(X509_CRL *crl, unsigned char **outp)
|
250
|
+
{
|
251
|
+
return i2d_X509_CRL_INFO(crl->crl, outp);
|
246
252
|
}
|
@@ -393,8 +393,7 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
|
|
393
393
|
|
394
394
|
static int X509_REVOKED_cmp(const X509_REVOKED **a, const X509_REVOKED **b)
|
395
395
|
{
|
396
|
-
return
|
397
|
-
(ASN1_STRING *)(*b)->serialNumber));
|
396
|
+
return ASN1_STRING_cmp((*a)->serialNumber, (*b)->serialNumber);
|
398
397
|
}
|
399
398
|
|
400
399
|
int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
|
@@ -78,7 +78,7 @@ X509_PKEY *X509_PKEY_new(void)
|
|
78
78
|
ret->enc_algor = X509_ALGOR_new();
|
79
79
|
if (ret->enc_algor == NULL)
|
80
80
|
goto err;
|
81
|
-
ret->enc_pkey =
|
81
|
+
ret->enc_pkey = ASN1_OCTET_STRING_new();
|
82
82
|
if (ret->enc_pkey == NULL)
|
83
83
|
goto err;
|
84
84
|
return ret;
|
@@ -97,7 +97,7 @@ void X509_PKEY_free(X509_PKEY *x)
|
|
97
97
|
if (x->enc_algor != NULL)
|
98
98
|
X509_ALGOR_free(x->enc_algor);
|
99
99
|
if (x->enc_pkey != NULL)
|
100
|
-
|
100
|
+
ASN1_OCTET_STRING_free(x->enc_pkey);
|
101
101
|
if (x->dec_pkey != NULL)
|
102
102
|
EVP_PKEY_free(x->dec_pkey);
|
103
103
|
if ((x->key_data != NULL) && (x->key_free))
|
@@ -136,12 +136,10 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
|
|
136
136
|
}
|
137
137
|
|
138
138
|
/* Per RFC5280, section 4.1.2.9, extensions require v3. */
|
139
|
-
/* Check disabled. TODO re-enable in Jan 2021.
|
140
|
-
https://crbug.com/boringssl/375
|
141
139
|
if (version != 2 && ret->cert_info->extensions != NULL) {
|
142
140
|
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
|
143
141
|
return 0;
|
144
|
-
}
|
142
|
+
}
|
145
143
|
|
146
144
|
break;
|
147
145
|
}
|
@@ -337,10 +335,45 @@ int i2d_X509_AUX(X509 *a, unsigned char **pp)
|
|
337
335
|
return length;
|
338
336
|
}
|
339
337
|
|
340
|
-
int i2d_re_X509_tbs(X509 *
|
338
|
+
int i2d_re_X509_tbs(X509 *x509, unsigned char **outp)
|
339
|
+
{
|
340
|
+
x509->cert_info->enc.modified = 1;
|
341
|
+
return i2d_X509_CINF(x509->cert_info, outp);
|
342
|
+
}
|
343
|
+
|
344
|
+
int i2d_X509_tbs(X509 *x509, unsigned char **outp)
|
341
345
|
{
|
342
|
-
|
343
|
-
|
346
|
+
return i2d_X509_CINF(x509->cert_info, outp);
|
347
|
+
}
|
348
|
+
|
349
|
+
int X509_set1_signature_algo(X509 *x509, const X509_ALGOR *algo)
|
350
|
+
{
|
351
|
+
/* TODO(davidben): Const-correct generated ASN.1 dup functions.
|
352
|
+
* Alternatively, when the types are hidden and we can embed required fields
|
353
|
+
* directly in structs, import |X509_ALGOR_copy| from upstream. */
|
354
|
+
X509_ALGOR *copy1 = X509_ALGOR_dup((X509_ALGOR *)algo);
|
355
|
+
X509_ALGOR *copy2 = X509_ALGOR_dup((X509_ALGOR *)algo);
|
356
|
+
if (copy1 == NULL || copy2 == NULL) {
|
357
|
+
X509_ALGOR_free(copy1);
|
358
|
+
X509_ALGOR_free(copy2);
|
359
|
+
return 0;
|
360
|
+
}
|
361
|
+
|
362
|
+
X509_ALGOR_free(x509->sig_alg);
|
363
|
+
x509->sig_alg = copy1;
|
364
|
+
X509_ALGOR_free(x509->cert_info->signature);
|
365
|
+
x509->cert_info->signature = copy2;
|
366
|
+
return 1;
|
367
|
+
}
|
368
|
+
|
369
|
+
int X509_set1_signature_value(X509 *x509, const uint8_t *sig, size_t sig_len)
|
370
|
+
{
|
371
|
+
if (!ASN1_STRING_set(x509->signature, sig, sig_len)) {
|
372
|
+
return 0;
|
373
|
+
}
|
374
|
+
x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
|
375
|
+
x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
|
376
|
+
return 1;
|
344
377
|
}
|
345
378
|
|
346
379
|
void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
|
@@ -89,7 +89,7 @@ static X509_CERT_AUX *aux_get(X509 *x)
|
|
89
89
|
return x->aux;
|
90
90
|
}
|
91
91
|
|
92
|
-
int X509_alias_set1(X509 *x, unsigned char *name, int len)
|
92
|
+
int X509_alias_set1(X509 *x, const unsigned char *name, int len)
|
93
93
|
{
|
94
94
|
X509_CERT_AUX *aux;
|
95
95
|
if (!name) {
|
@@ -106,7 +106,7 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
|
|
106
106
|
return ASN1_STRING_set(aux->alias, name, len);
|
107
107
|
}
|
108
108
|
|
109
|
-
int X509_keyid_set1(X509 *x, unsigned char *id, int len)
|
109
|
+
int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
|
110
110
|
{
|
111
111
|
X509_CERT_AUX *aux;
|
112
112
|
if (!id) {
|
@@ -172,7 +172,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
|
|
172
172
|
|
173
173
|
if ((issuer && !ikeyid) || (issuer == 2)) {
|
174
174
|
isname = X509_NAME_dup(X509_get_issuer_name(cert));
|
175
|
-
serial =
|
175
|
+
serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
|
176
176
|
if (!isname || !serial) {
|
177
177
|
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
|
178
178
|
goto err;
|
@@ -201,7 +201,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
|
|
201
201
|
|
202
202
|
err:
|
203
203
|
X509_NAME_free(isname);
|
204
|
-
|
205
|
-
|
204
|
+
ASN1_INTEGER_free(serial);
|
205
|
+
ASN1_OCTET_STRING_free(ikeyid);
|
206
206
|
return NULL;
|
207
207
|
}
|
@@ -75,8 +75,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
|
|
75
75
|
STACK_OF(CONF_VALUE) *nval);
|
76
76
|
static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
|
77
77
|
static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
|
78
|
-
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
|
79
|
-
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
|
78
|
+
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
|
79
|
+
static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
|
80
80
|
|
81
81
|
const X509V3_EXT_METHOD v3_alt[] = {
|
82
82
|
{NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
|
@@ -386,7 +386,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
|
|
386
386
|
while ((i = X509_NAME_get_index_by_NID(nm,
|
387
387
|
NID_pkcs9_emailAddress, i)) >= 0) {
|
388
388
|
ne = X509_NAME_get_entry(nm, i);
|
389
|
-
email =
|
389
|
+
email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
|
390
390
|
if (move_p) {
|
391
391
|
X509_NAME_delete_entry(nm, i);
|
392
392
|
X509_NAME_ENTRY_free(ne);
|
@@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
|
|
410
410
|
|
411
411
|
err:
|
412
412
|
GENERAL_NAME_free(gen);
|
413
|
-
|
413
|
+
ASN1_IA5STRING_free(email);
|
414
414
|
return 0;
|
415
415
|
|
416
416
|
}
|
@@ -446,8 +446,8 @@ GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
|
|
446
446
|
|
447
447
|
GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
|
448
448
|
const X509V3_EXT_METHOD *method,
|
449
|
-
X509V3_CTX *ctx, int gen_type,
|
450
|
-
int is_nc)
|
449
|
+
X509V3_CTX *ctx, int gen_type,
|
450
|
+
const char *value, int is_nc)
|
451
451
|
{
|
452
452
|
char is_string = 0;
|
453
453
|
GENERAL_NAME *gen = NULL;
|
@@ -517,7 +517,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
|
|
517
517
|
}
|
518
518
|
|
519
519
|
if (is_string) {
|
520
|
-
if (!(gen->d.ia5 =
|
520
|
+
if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
|
521
521
|
!ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
|
522
522
|
strlen(value))) {
|
523
523
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
@@ -575,9 +575,10 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
|
|
575
575
|
|
576
576
|
}
|
577
577
|
|
578
|
-
static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
578
|
+
static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
|
579
579
|
{
|
580
|
-
char *objtmp = NULL
|
580
|
+
char *objtmp = NULL;
|
581
|
+
const char *p;
|
581
582
|
int objlen;
|
582
583
|
if (!(p = strchr(value, ';')))
|
583
584
|
return 0;
|
@@ -602,7 +603,7 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
|
602
603
|
return 1;
|
603
604
|
}
|
604
605
|
|
605
|
-
static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
|
606
|
+
static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
|
606
607
|
{
|
607
608
|
int ret = 0;
|
608
609
|
STACK_OF(CONF_VALUE) *sk = NULL;
|
@@ -113,7 +113,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|
113
113
|
ASN1_BIT_STRING *bs;
|
114
114
|
size_t i;
|
115
115
|
const BIT_STRING_BITNAME *bnam;
|
116
|
-
if (!(bs =
|
116
|
+
if (!(bs = ASN1_BIT_STRING_new())) {
|
117
117
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
118
118
|
return NULL;
|
119
119
|
}
|
@@ -124,7 +124,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|
124
124
|
!strcmp(bnam->lname, val->name)) {
|
125
125
|
if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
|
126
126
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
127
|
-
|
127
|
+
ASN1_BIT_STRING_free(bs);
|
128
128
|
return NULL;
|
129
129
|
}
|
130
130
|
break;
|
@@ -133,7 +133,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
|
|
133
133
|
if (!bnam->lname) {
|
134
134
|
OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
|
135
135
|
X509V3_conf_err(val);
|
136
|
-
|
136
|
+
ASN1_BIT_STRING_free(bs);
|
137
137
|
return NULL;
|
138
138
|
}
|
139
139
|
}
|