grpc 1.35.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +60 -57
- data/include/grpc/grpc_security.h +16 -11
- data/src/core/ext/filters/client_channel/client_channel.cc +32 -26
- data/src/core/ext/filters/client_channel/client_channel.h +0 -2
- data/src/core/ext/filters/client_channel/config_selector.h +1 -1
- data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel.h +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +8 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +289 -170
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_channel_args.h +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +231 -109
- data/src/core/ext/filters/client_channel/resolver.cc +2 -5
- data/src/core/ext/filters/client_channel/resolver.h +1 -12
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +36 -45
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +29 -41
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +16 -14
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +18 -15
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +362 -0
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +22 -74
- data/src/core/ext/filters/client_channel/server_address.cc +6 -0
- data/src/core/ext/filters/client_channel/server_address.h +31 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -2
- data/src/core/ext/filters/max_age/max_age_filter.cc +35 -32
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +47 -22
- data/src/core/ext/transport/chttp2/server/chttp2_server.h +11 -2
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +11 -1
- data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +62 -18
- data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +11 -16
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +42 -59
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +25 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +75 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +2 -2
- data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +9 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +7 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +28 -13
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +11 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.h +41 -7
- data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -21
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +122 -77
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +13 -9
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +37 -5
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +11 -9
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +44 -27
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +42 -16
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +106 -0
- data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c +29 -0
- data/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h +67 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +13 -16
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +51 -42
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +16 -13
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +50 -18
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +4 -7
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +0 -17
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +30 -23
- data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +85 -73
- data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.c +0 -3
- data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.c +0 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +0 -1
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +21 -4
- data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +29 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/authority.upb.c +5 -5
- data/src/core/ext/upb-generated/xds/core/v3/authority.upb.h +60 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.c +52 -0
- data/src/core/ext/upb-generated/xds/core/v3/collection_entry.upb.h +143 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.c +42 -0
- data/src/core/ext/upb-generated/xds/core/v3/context_params.upb.h +84 -0
- data/src/core/ext/upb-generated/{udpa/core/v1 → xds/core/v3}/resource.upb.c +9 -9
- data/src/core/ext/upb-generated/xds/core/v3/resource.upb.h +94 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.c +54 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_locator.upb.h +166 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.c +36 -0
- data/src/core/ext/upb-generated/xds/core/v3/resource_name.upb.h +85 -0
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +168 -171
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +405 -420
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.h +2 -2
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/outlier_detection.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +177 -171
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +88 -88
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/health_check.upbdefs.c +153 -153
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +33 -20
- data/src/core/ext/upbdefs-generated/envoy/config/endpoint/v3/endpoint.upbdefs.c +56 -59
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +116 -111
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +129 -121
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +21 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +17 -13
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +747 -724
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c +22 -25
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c +51 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +369 -376
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c +12 -16
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +112 -108
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/secret.upbdefs.c +45 -53
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +177 -180
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.c +92 -102
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/discovery.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/service/endpoint/v3/eds.upbdefs.c +32 -42
- data/src/core/ext/upbdefs-generated/envoy/service/listener/v3/lds.upbdefs.c +30 -40
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +4 -7
- data/src/core/ext/upbdefs-generated/envoy/service/route/v3/rds.upbdefs.c +38 -44
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/string.upbdefs.c +30 -33
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +14 -11
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.c +42 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/authority.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.c +62 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/collection_entry.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.c +45 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/context_params.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.c +49 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.c +67 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_locator.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.c +50 -0
- data/src/core/ext/upbdefs-generated/xds/core/v3/resource_name.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +738 -567
- data/src/core/ext/xds/xds_api.h +46 -84
- data/src/core/ext/xds/xds_bootstrap.cc +59 -40
- data/src/core/ext/xds/xds_bootstrap.h +12 -4
- data/src/core/ext/xds/xds_certificate_provider.cc +180 -74
- data/src/core/ext/xds/xds_certificate_provider.h +83 -44
- data/src/core/ext/xds/xds_client.cc +13 -11
- data/src/core/ext/xds/xds_client.h +3 -0
- data/src/core/ext/xds/xds_client_stats.cc +2 -1
- data/src/core/ext/xds/xds_server_config_fetcher.cc +147 -11
- data/src/core/lib/channel/handshaker.cc +2 -5
- data/src/core/lib/channel/handshaker.h +1 -1
- data/src/core/lib/gpr/log.cc +6 -1
- data/src/core/lib/gprpp/mpscq.cc +2 -2
- data/src/core/lib/gprpp/ref_counted.h +1 -1
- data/src/core/lib/gprpp/sync.h +129 -40
- data/src/core/lib/gprpp/time_util.cc +77 -0
- data/src/core/lib/gprpp/time_util.h +42 -0
- data/src/core/lib/http/httpcli_security_connector.cc +2 -2
- data/src/core/lib/iomgr/ev_apple.cc +10 -7
- data/src/core/lib/iomgr/ev_epollex_linux.cc +4 -4
- data/src/core/lib/iomgr/iomgr_posix.cc +0 -1
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +0 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +1 -0
- data/src/core/lib/iomgr/tcp_client_posix.cc +1 -1
- data/src/core/lib/iomgr/tcp_posix.cc +4 -4
- data/src/core/lib/security/authorization/matchers.cc +339 -0
- data/src/core/lib/security/authorization/matchers.h +158 -0
- data/src/core/lib/security/authorization/mock_cel/activation.h +1 -1
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +9 -7
- data/src/core/lib/security/credentials/alts/alts_credentials.cc +2 -1
- data/src/core/lib/security/credentials/alts/alts_credentials.h +1 -1
- data/src/core/lib/security/credentials/credentials.h +2 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +2 -2
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -1
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -1
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +7 -6
- data/src/core/lib/security/credentials/insecure/insecure_credentials.cc +2 -2
- data/src/core/lib/security/credentials/jwt/json_token.cc +0 -3
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +0 -3
- data/src/core/lib/security/credentials/local/local_credentials.cc +2 -1
- data/src/core/lib/security/credentials/local/local_credentials.h +1 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +2 -1
- data/src/core/lib/security/credentials/ssl/ssl_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.cc +2 -1
- data/src/core/lib/security/credentials/tls/tls_credentials.h +1 -1
- data/src/core/lib/security/credentials/xds/xds_credentials.cc +128 -59
- data/src/core/lib/security/credentials/xds/xds_credentials.h +3 -3
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +5 -5
- data/src/core/lib/security/security_connector/ssl_utils.cc +3 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +26 -14
- data/src/core/lib/security/transport/security_handshaker.cc +1 -3
- data/src/core/lib/slice/slice_intern.cc +1 -1
- data/src/core/lib/surface/init.cc +13 -15
- data/src/core/lib/surface/server.cc +3 -3
- data/src/core/lib/surface/server.h +3 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/metadata.cc +6 -2
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +17 -20
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +16 -21
- data/src/core/tsi/fake_transport_security.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session.h +0 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.cc +0 -2
- data/src/core/tsi/ssl/session_cache/ssl_session_cache.h +2 -4
- data/src/core/tsi/ssl_transport_security.cc +0 -3
- data/src/core/tsi/ssl_transport_security.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +7 -0
- data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +1 -0
- data/third_party/boringssl-with-bazel/err_data.c +725 -723
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +15 -14
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_locl.h +30 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +28 -79
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +39 -85
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +5 -16
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +10 -61
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +158 -0
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/bn_asn1.c +3 -10
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +8 -9
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +60 -45
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +6 -81
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +87 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu-aarch64-win.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/dh_asn1.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → dh_extra}/params.c +179 -0
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +25 -0
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +2 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +3 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +13 -20
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/check.c +0 -0
- data/third_party/boringssl-with-bazel/src/crypto/{dh → fipsmodule/dh}/dh.c +136 -213
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +9 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +28 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +128 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +0 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +51 -32
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +147 -0
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +18 -29
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +13 -4
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +13 -11
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +34 -0
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/rand_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +7 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +5 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_r2x.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +8 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +29 -23
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +39 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +11 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +40 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +25 -36
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +6 -6
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +6 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +3 -3
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +652 -545
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +0 -167
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +10 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +62 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +22 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +56 -26
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +15 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +12 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +3 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +2 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +42 -24
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +27 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +287 -98
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +139 -36
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +11 -20
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +10 -5
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +37 -16
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +20 -14
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +7 -8
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +5 -7
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +329 -31
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +48 -15
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +66 -24
- metadata +77 -65
- data/src/core/ext/upb-generated/udpa/core/v1/authority.upb.h +0 -60
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.c +0 -52
- data/src/core/ext/upb-generated/udpa/core/v1/collection_entry.upb.h +0 -143
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.c +0 -42
- data/src/core/ext/upb-generated/udpa/core/v1/context_params.upb.h +0 -84
- data/src/core/ext/upb-generated/udpa/core/v1/resource.upb.h +0 -94
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.c +0 -54
- data/src/core/ext/upb-generated/udpa/core/v1/resource_locator.upb.h +0 -173
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.c +0 -36
- data/src/core/ext/upb-generated/udpa/core/v1/resource_name.upb.h +0 -92
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.c +0 -42
- data/src/core/ext/upbdefs-generated/udpa/core/v1/authority.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.c +0 -62
- data/src/core/ext/upbdefs-generated/udpa/core/v1/collection_entry.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.c +0 -45
- data/src/core/ext/upbdefs-generated/udpa/core/v1/context_params.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.c +0 -49
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource.upbdefs.h +0 -35
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.c +0 -68
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_locator.upbdefs.h +0 -40
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.c +0 -51
- data/src/core/ext/upbdefs-generated/udpa/core/v1/resource_name.upbdefs.h +0 -35
- data/src/core/lib/iomgr/iomgr_posix.h +0 -26
@@ -71,22 +71,22 @@
|
|
71
71
|
#include "../internal.h"
|
72
72
|
#include "internal.h"
|
73
73
|
|
74
|
-
static int v3_check_critical(char **value);
|
75
|
-
static int v3_check_generic(char **value);
|
74
|
+
static int v3_check_critical(const char **value);
|
75
|
+
static int v3_check_generic(const char **value);
|
76
76
|
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
77
|
-
int crit, char *value);
|
78
|
-
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
|
77
|
+
int crit, const char *value);
|
78
|
+
static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
|
79
79
|
int crit, int type,
|
80
80
|
X509V3_CTX *ctx);
|
81
81
|
static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
|
82
82
|
int ext_nid, int crit, void *ext_struc);
|
83
|
-
static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
|
83
|
+
static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
|
84
84
|
long *ext_len);
|
85
85
|
/* CONF *conf: Config file */
|
86
86
|
/* char *name: Name */
|
87
87
|
/* char *value: Value */
|
88
|
-
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
|
89
|
-
char *value)
|
88
|
+
X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
|
89
|
+
const char *value)
|
90
90
|
{
|
91
91
|
int crit;
|
92
92
|
int ext_type;
|
@@ -105,7 +105,7 @@ X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
|
|
105
105
|
/* CONF *conf: Config file */
|
106
106
|
/* char *value: Value */
|
107
107
|
X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
108
|
-
char *value)
|
108
|
+
const char *value)
|
109
109
|
{
|
110
110
|
int crit;
|
111
111
|
int ext_type;
|
@@ -119,7 +119,7 @@ X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
|
119
119
|
/* CONF *conf: Config file */
|
120
120
|
/* char *value: Value */
|
121
121
|
static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
|
122
|
-
int crit, char *value)
|
122
|
+
int crit, const char *value)
|
123
123
|
{
|
124
124
|
const X509V3_EXT_METHOD *method;
|
125
125
|
X509_EXTENSION *ext;
|
@@ -199,7 +199,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
|
|
199
199
|
p = ext_der;
|
200
200
|
method->i2d(ext_struc, &p);
|
201
201
|
}
|
202
|
-
if (!(ext_oct =
|
202
|
+
if (!(ext_oct = ASN1_OCTET_STRING_new()))
|
203
203
|
goto merr;
|
204
204
|
ext_oct->data = ext_der;
|
205
205
|
ext_oct->length = ext_len;
|
@@ -207,7 +207,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
|
|
207
207
|
ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
|
208
208
|
if (!ext)
|
209
209
|
goto merr;
|
210
|
-
|
210
|
+
ASN1_OCTET_STRING_free(ext_oct);
|
211
211
|
|
212
212
|
return ext;
|
213
213
|
|
@@ -230,9 +230,9 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
|
|
230
230
|
}
|
231
231
|
|
232
232
|
/* Check the extension string for critical flag */
|
233
|
-
static int v3_check_critical(char **value)
|
233
|
+
static int v3_check_critical(const char **value)
|
234
234
|
{
|
235
|
-
char *p = *value;
|
235
|
+
const char *p = *value;
|
236
236
|
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
|
237
237
|
return 0;
|
238
238
|
p += 9;
|
@@ -243,10 +243,10 @@ static int v3_check_critical(char **value)
|
|
243
243
|
}
|
244
244
|
|
245
245
|
/* Check extension string for generic extension and return the type */
|
246
|
-
static int v3_check_generic(char **value)
|
246
|
+
static int v3_check_generic(const char **value)
|
247
247
|
{
|
248
248
|
int gen_type = 0;
|
249
|
-
char *p = *value;
|
249
|
+
const char *p = *value;
|
250
250
|
if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
|
251
251
|
p += 4;
|
252
252
|
gen_type = 1;
|
@@ -263,7 +263,7 @@ static int v3_check_generic(char **value)
|
|
263
263
|
}
|
264
264
|
|
265
265
|
/* Create a generic extension: for now just handle DER type */
|
266
|
-
static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
|
266
|
+
static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
|
267
267
|
int crit, int gen_type,
|
268
268
|
X509V3_CTX *ctx)
|
269
269
|
{
|
@@ -289,7 +289,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
|
|
289
289
|
goto err;
|
290
290
|
}
|
291
291
|
|
292
|
-
if (!(oct =
|
292
|
+
if (!(oct = ASN1_OCTET_STRING_new())) {
|
293
293
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
294
294
|
goto err;
|
295
295
|
}
|
@@ -302,14 +302,14 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
|
|
302
302
|
|
303
303
|
err:
|
304
304
|
ASN1_OBJECT_free(obj);
|
305
|
-
|
305
|
+
ASN1_OCTET_STRING_free(oct);
|
306
306
|
if (ext_der)
|
307
307
|
OPENSSL_free(ext_der);
|
308
308
|
return extension;
|
309
309
|
|
310
310
|
}
|
311
311
|
|
312
|
-
static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
|
312
|
+
static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
|
313
313
|
long *ext_len)
|
314
314
|
{
|
315
315
|
ASN1_TYPE *typ;
|
@@ -327,7 +327,7 @@ static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
|
|
327
327
|
* file section to an extension STACK.
|
328
328
|
*/
|
329
329
|
|
330
|
-
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
|
330
|
+
int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
|
331
331
|
STACK_OF(X509_EXTENSION) **sk)
|
332
332
|
{
|
333
333
|
X509_EXTENSION *ext;
|
@@ -351,7 +351,7 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
|
|
351
351
|
* Convenience functions to add extensions to a certificate, CRL and request
|
352
352
|
*/
|
353
353
|
|
354
|
-
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
354
|
+
int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
|
355
355
|
X509 *cert)
|
356
356
|
{
|
357
357
|
STACK_OF(X509_EXTENSION) **sk = NULL;
|
@@ -362,7 +362,7 @@ int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
|
362
362
|
|
363
363
|
/* Same as above but for a CRL */
|
364
364
|
|
365
|
-
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
365
|
+
int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
|
366
366
|
X509_CRL *crl)
|
367
367
|
{
|
368
368
|
STACK_OF(X509_EXTENSION) **sk = NULL;
|
@@ -373,7 +373,7 @@ int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
|
373
373
|
|
374
374
|
/* Add extensions to certificate request */
|
375
375
|
|
376
|
-
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
376
|
+
int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
|
377
377
|
X509_REQ *req)
|
378
378
|
{
|
379
379
|
STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
|
@@ -390,7 +390,7 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
|
|
390
390
|
|
391
391
|
/* Config database functions */
|
392
392
|
|
393
|
-
char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
|
393
|
+
char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
|
394
394
|
{
|
395
395
|
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
|
396
396
|
OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
|
@@ -401,7 +401,7 @@ char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
|
|
401
401
|
return NULL;
|
402
402
|
}
|
403
403
|
|
404
|
-
STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)
|
404
|
+
STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
|
405
405
|
{
|
406
406
|
if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
|
407
407
|
OPENSSL_PUT_ERROR(X509V3, X509V3_R_OPERATION_NOT_DEFINED);
|
@@ -245,7 +245,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
|
|
245
245
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_INTERNAL_ERROR);
|
246
246
|
goto err;
|
247
247
|
}
|
248
|
-
qual->d.cpsuri =
|
248
|
+
qual->d.cpsuri = ASN1_IA5STRING_new();
|
249
249
|
if (qual->d.cpsuri == NULL) {
|
250
250
|
goto err;
|
251
251
|
}
|
@@ -319,7 +319,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
|
|
319
319
|
for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
|
320
320
|
cnf = sk_CONF_VALUE_value(unot, i);
|
321
321
|
if (!strcmp(cnf->name, "explicitText")) {
|
322
|
-
not->exptext =
|
322
|
+
not->exptext = ASN1_VISIBLESTRING_new();
|
323
323
|
if (not->exptext == NULL)
|
324
324
|
goto merr;
|
325
325
|
if (!ASN1_STRING_set(not->exptext, cnf->value,
|
@@ -87,7 +87,8 @@ const X509V3_EXT_METHOD v3_crl_reason = {
|
|
87
87
|
(void *)crl_reasons
|
88
88
|
};
|
89
89
|
|
90
|
-
char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
|
90
|
+
char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
|
91
|
+
const ASN1_ENUMERATED *e)
|
91
92
|
{
|
92
93
|
const ENUMERATED_NAMES *enam;
|
93
94
|
long strval;
|
@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
|
|
72
72
|
IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
|
73
73
|
|
74
74
|
ASN1_SEQUENCE(EDIPARTYNAME) = {
|
75
|
-
|
76
|
-
|
75
|
+
/* DirectoryString is a CHOICE type, so use explicit tagging. */
|
76
|
+
ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
|
77
|
+
ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
|
77
78
|
} ASN1_SEQUENCE_END(EDIPARTYNAME)
|
78
79
|
|
79
80
|
IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
|
@@ -102,42 +103,56 @@ IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
|
|
102
103
|
|
103
104
|
IMPLEMENT_ASN1_DUP_FUNCTION(GENERAL_NAME)
|
104
105
|
|
105
|
-
|
106
|
-
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
|
106
|
+
static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
|
107
107
|
{
|
108
|
-
|
108
|
+
/* nameAssigner is optional and may be NULL. */
|
109
|
+
if (a->nameAssigner == NULL) {
|
110
|
+
if (b->nameAssigner != NULL) {
|
111
|
+
return -1;
|
112
|
+
}
|
113
|
+
} else {
|
114
|
+
if (b->nameAssigner == NULL ||
|
115
|
+
ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner) != 0) {
|
116
|
+
return -1;
|
117
|
+
}
|
118
|
+
}
|
119
|
+
|
120
|
+
/* partyName may not be NULL. */
|
121
|
+
return ASN1_STRING_cmp(a->partyName, b->partyName);
|
122
|
+
}
|
109
123
|
|
124
|
+
/* Returns 0 if they are equal, != 0 otherwise. */
|
125
|
+
int GENERAL_NAME_cmp(const GENERAL_NAME *a, const GENERAL_NAME *b)
|
126
|
+
{
|
110
127
|
if (!a || !b || a->type != b->type)
|
111
128
|
return -1;
|
129
|
+
|
112
130
|
switch (a->type) {
|
113
131
|
case GEN_X400:
|
132
|
+
return ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
|
133
|
+
|
114
134
|
case GEN_EDIPARTY:
|
115
|
-
|
116
|
-
break;
|
135
|
+
return edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
|
117
136
|
|
118
137
|
case GEN_OTHERNAME:
|
119
|
-
|
120
|
-
break;
|
138
|
+
return OTHERNAME_cmp(a->d.otherName, b->d.otherName);
|
121
139
|
|
122
140
|
case GEN_EMAIL:
|
123
141
|
case GEN_DNS:
|
124
142
|
case GEN_URI:
|
125
|
-
|
126
|
-
break;
|
143
|
+
return ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
|
127
144
|
|
128
145
|
case GEN_DIRNAME:
|
129
|
-
|
130
|
-
break;
|
146
|
+
return X509_NAME_cmp(a->d.dirn, b->d.dirn);
|
131
147
|
|
132
148
|
case GEN_IPADD:
|
133
|
-
|
134
|
-
break;
|
149
|
+
return ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
|
135
150
|
|
136
151
|
case GEN_RID:
|
137
|
-
|
138
|
-
break;
|
152
|
+
return OBJ_cmp(a->d.rid, b->d.rid);
|
139
153
|
}
|
140
|
-
|
154
|
+
|
155
|
+
return -1;
|
141
156
|
}
|
142
157
|
|
143
158
|
/* Returns 0 if they are equal, != 0 otherwise. */
|
@@ -159,8 +174,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
|
|
159
174
|
{
|
160
175
|
switch (type) {
|
161
176
|
case GEN_X400:
|
177
|
+
a->d.x400Address = value;
|
178
|
+
break;
|
179
|
+
|
162
180
|
case GEN_EDIPARTY:
|
163
|
-
a->d.
|
181
|
+
a->d.ediPartyName = value;
|
164
182
|
break;
|
165
183
|
|
166
184
|
case GEN_OTHERNAME:
|
@@ -194,8 +212,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
|
|
194
212
|
*ptype = a->type;
|
195
213
|
switch (a->type) {
|
196
214
|
case GEN_X400:
|
215
|
+
return a->d.x400Address;
|
216
|
+
|
197
217
|
case GEN_EDIPARTY:
|
198
|
-
return a->d.
|
218
|
+
return a->d.ediPartyName;
|
199
219
|
|
200
220
|
case GEN_OTHERNAME:
|
201
221
|
return a->d.otherName;
|
@@ -108,11 +108,10 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
|
|
108
108
|
OPENSSL_PUT_ERROR(X509V3, X509V3_R_INVALID_NULL_ARGUMENT);
|
109
109
|
return NULL;
|
110
110
|
}
|
111
|
-
if (!(ia5 =
|
111
|
+
if (!(ia5 = ASN1_IA5STRING_new()))
|
112
112
|
goto err;
|
113
|
-
if (!ASN1_STRING_set(
|
114
|
-
|
115
|
-
M_ASN1_IA5STRING_free(ia5);
|
113
|
+
if (!ASN1_STRING_set(ia5, str, strlen(str))) {
|
114
|
+
ASN1_IA5STRING_free(ia5);
|
116
115
|
goto err;
|
117
116
|
}
|
118
117
|
return ia5;
|
@@ -122,7 +122,7 @@ const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
|
|
122
122
|
return sk_X509V3_EXT_METHOD_value(ext_list, idx);
|
123
123
|
}
|
124
124
|
|
125
|
-
const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
|
125
|
+
const X509V3_EXT_METHOD *X509V3_EXT_get(const X509_EXTENSION *ext)
|
126
126
|
{
|
127
127
|
int nid;
|
128
128
|
if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
|
@@ -203,7 +203,7 @@ int X509V3_add_standard_extensions(void)
|
|
203
203
|
|
204
204
|
/* Return an extension internal structure */
|
205
205
|
|
206
|
-
void *X509V3_EXT_d2i(X509_EXTENSION *ext)
|
206
|
+
void *X509V3_EXT_d2i(const X509_EXTENSION *ext)
|
207
207
|
{
|
208
208
|
const X509V3_EXT_METHOD *method;
|
209
209
|
const unsigned char *p;
|
@@ -217,49 +217,38 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
|
|
217
217
|
return method->d2i(NULL, &p, ext->value->length);
|
218
218
|
}
|
219
219
|
|
220
|
-
|
221
|
-
*
|
222
|
-
* variable returns the last found extension and can be used to retrieve
|
223
|
-
* multiple extensions of the same NID. However multiple extensions with the
|
224
|
-
* same NID is usually due to a badly encoded certificate so if idx is NULL
|
225
|
-
* we choke if multiple extensions exist. The "crit" variable is set to the
|
226
|
-
* critical value. The return value is the decoded extension or NULL on
|
227
|
-
* error. The actual error can have several different causes, the value of
|
228
|
-
* *crit reflects the cause: >= 0, extension found but not decoded (reflects
|
229
|
-
* critical value). -1 extension not found. -2 extension occurs more than
|
230
|
-
* once.
|
231
|
-
*/
|
232
|
-
|
233
|
-
void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
|
234
|
-
int *idx)
|
220
|
+
void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *extensions, int nid,
|
221
|
+
int *out_critical, int *out_idx)
|
235
222
|
{
|
236
223
|
int lastpos;
|
237
224
|
size_t i;
|
238
225
|
X509_EXTENSION *ex, *found_ex = NULL;
|
239
|
-
if (!
|
240
|
-
if (
|
241
|
-
*
|
242
|
-
if (
|
243
|
-
*
|
226
|
+
if (!extensions) {
|
227
|
+
if (out_idx)
|
228
|
+
*out_idx = -1;
|
229
|
+
if (out_critical)
|
230
|
+
*out_critical = -1;
|
244
231
|
return NULL;
|
245
232
|
}
|
246
|
-
if (
|
247
|
-
lastpos = *
|
233
|
+
if (out_idx)
|
234
|
+
lastpos = *out_idx + 1;
|
248
235
|
else
|
249
236
|
lastpos = 0;
|
250
237
|
if (lastpos < 0)
|
251
238
|
lastpos = 0;
|
252
|
-
for (i = lastpos; i < sk_X509_EXTENSION_num(
|
253
|
-
ex = sk_X509_EXTENSION_value(
|
239
|
+
for (i = lastpos; i < sk_X509_EXTENSION_num(extensions); i++) {
|
240
|
+
ex = sk_X509_EXTENSION_value(extensions, i);
|
254
241
|
if (OBJ_obj2nid(ex->object) == nid) {
|
255
|
-
if (
|
256
|
-
|
242
|
+
if (out_idx) {
|
243
|
+
/* TODO(https://crbug.com/boringssl/379): Consistently reject
|
244
|
+
* duplicate extensions. */
|
245
|
+
*out_idx = i;
|
257
246
|
found_ex = ex;
|
258
247
|
break;
|
259
248
|
} else if (found_ex) {
|
260
249
|
/* Found more than one */
|
261
|
-
if (
|
262
|
-
*
|
250
|
+
if (out_critical)
|
251
|
+
*out_critical = -2;
|
263
252
|
return NULL;
|
264
253
|
}
|
265
254
|
found_ex = ex;
|
@@ -267,16 +256,16 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
|
|
267
256
|
}
|
268
257
|
if (found_ex) {
|
269
258
|
/* Found it */
|
270
|
-
if (
|
271
|
-
*
|
259
|
+
if (out_critical)
|
260
|
+
*out_critical = X509_EXTENSION_get_critical(found_ex);
|
272
261
|
return X509V3_EXT_d2i(found_ex);
|
273
262
|
}
|
274
263
|
|
275
264
|
/* Extension not found */
|
276
|
-
if (
|
277
|
-
*
|
278
|
-
if (
|
279
|
-
*
|
265
|
+
if (out_idx)
|
266
|
+
*out_idx = -1;
|
267
|
+
if (out_critical)
|
268
|
+
*out_critical = -1;
|
280
269
|
return NULL;
|
281
270
|
}
|
282
271
|
|
@@ -183,7 +183,7 @@ int X509V3_extensions_print(BIO *bp, const char *title,
|
|
183
183
|
return 0;
|
184
184
|
if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
|
185
185
|
BIO_printf(bp, "%*s", indent + 4, "");
|
186
|
-
|
186
|
+
ASN1_STRING_print(bp, ex->value);
|
187
187
|
}
|
188
188
|
if (BIO_write(bp, "\n", 1) <= 0)
|
189
189
|
return 0;
|
@@ -83,18 +83,18 @@ char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *
|
|
83
83
|
}
|
84
84
|
|
85
85
|
ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
|
86
|
-
X509V3_CTX *ctx, char *str)
|
86
|
+
X509V3_CTX *ctx, const char *str)
|
87
87
|
{
|
88
88
|
ASN1_OCTET_STRING *oct;
|
89
89
|
long length;
|
90
90
|
|
91
|
-
if (!(oct =
|
91
|
+
if (!(oct = ASN1_OCTET_STRING_new())) {
|
92
92
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
93
93
|
return NULL;
|
94
94
|
}
|
95
95
|
|
96
96
|
if (!(oct->data = x509v3_hex_to_bytes(str, &length))) {
|
97
|
-
|
97
|
+
ASN1_OCTET_STRING_free(oct);
|
98
98
|
return NULL;
|
99
99
|
}
|
100
100
|
|
@@ -115,7 +115,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
|
|
115
115
|
if (strcmp(str, "hash"))
|
116
116
|
return s2i_ASN1_OCTET_STRING(method, ctx, str);
|
117
117
|
|
118
|
-
if (!(oct =
|
118
|
+
if (!(oct = ASN1_OCTET_STRING_new())) {
|
119
119
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
120
120
|
return NULL;
|
121
121
|
}
|
@@ -142,7 +142,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
|
|
142
142
|
(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
|
143
143
|
goto err;
|
144
144
|
|
145
|
-
if (!
|
145
|
+
if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
|
146
146
|
OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
|
147
147
|
goto err;
|
148
148
|
}
|
@@ -150,6 +150,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
|
|
150
150
|
return oct;
|
151
151
|
|
152
152
|
err:
|
153
|
-
|
153
|
+
ASN1_OCTET_STRING_free(oct);
|
154
154
|
return NULL;
|
155
155
|
}
|