grpc 1.38.0 → 1.40.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +68 -21
- data/include/grpc/event_engine/endpoint_config.h +48 -0
- data/include/grpc/event_engine/event_engine.h +23 -29
- data/include/grpc/event_engine/port.h +2 -0
- data/include/grpc/event_engine/slice_allocator.h +21 -36
- data/include/grpc/grpc.h +9 -2
- data/include/grpc/grpc_security.h +32 -0
- data/include/grpc/grpc_security_constants.h +1 -0
- data/include/grpc/impl/codegen/grpc_types.h +33 -19
- data/include/grpc/impl/codegen/port_platform.h +41 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +415 -249
- data/src/core/ext/filters/client_channel/client_channel.h +42 -18
- data/src/core/ext/filters/client_channel/config_selector.h +19 -6
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +2 -0
- data/src/core/ext/filters/client_channel/health/health_check_client.h +3 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +16 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +7 -8
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +12 -21
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +3 -5
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +734 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +10 -0
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +8 -15
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +3 -6
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -36
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +14 -22
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -9
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +68 -103
- data/src/core/ext/filters/client_channel/lb_policy.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy.h +70 -46
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_event_engine.cc +31 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_event_engine.cc +28 -0
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +7 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +116 -76
- data/src/core/ext/filters/client_channel/retry_filter.cc +967 -544
- data/src/core/ext/filters/client_channel/retry_service_config.cc +57 -28
- data/src/core/ext/filters/client_channel/retry_service_config.h +9 -3
- data/src/core/ext/filters/client_channel/service_config_call_data.h +45 -5
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/http/client/http_client_filter.cc +5 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +2 -1
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +5 -1
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +3 -2
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +1 -1
- data/src/core/{lib/event_engine/slice_allocator.cc → ext/transport/chttp2/transport/chttp2_slice_allocator.cc} +23 -16
- data/src/core/ext/transport/chttp2/transport/chttp2_slice_allocator.h +74 -0
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +12 -10
- data/src/core/ext/transport/chttp2/transport/flow_control.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +4 -4
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +8 -8
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +639 -752
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +190 -69
- data/src/core/ext/transport/chttp2/transport/internal.h +2 -1
- data/src/core/ext/transport/chttp2/transport/parsing.cc +72 -56
- data/src/core/ext/transport/chttp2/transport/varint.cc +6 -4
- data/src/core/ext/transport/inproc/inproc_transport.cc +42 -31
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +56 -35
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +180 -76
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +35 -27
- data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +97 -48
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +45 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +67 -7
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +66 -9
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +227 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/resolver.upb.h +121 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/substitution_format_string.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.c +35 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/udp_socket_config.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +32 -24
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -73
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +4 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +15 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +48 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +171 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +8 -6
- data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +27 -19
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +1 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +24 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +57 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +29 -17
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +72 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +3 -2
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +4 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +15 -11
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +85 -43
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +274 -91
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +11 -8
- data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +30 -13
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +33 -5
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +115 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.c +60 -0
- data/src/core/ext/upb-generated/envoy/type/http/v3/path_transformation.upb.h +181 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +1 -0
- data/src/core/ext/upb-generated/validate/validate.upb.c +82 -66
- data/src/core/ext/upb-generated/validate/validate.upb.h +220 -124
- data/src/core/ext/upbdefs-generated/envoy/annotations/deprecation.upbdefs.c +15 -7
- data/src/core/ext/upbdefs-generated/envoy/config/accesslog/v3/accesslog.upbdefs.c +53 -52
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +318 -277
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/cluster/v3/cluster.upbdefs.c +437 -410
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.c +198 -170
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/base.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/config_source.upbdefs.c +9 -8
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +219 -163
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.c +59 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/resolver.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/substitution_format_string.upbdefs.c +29 -25
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.c +52 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/udp_socket_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +135 -125
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener_components.upbdefs.c +131 -123
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +90 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c +32 -24
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c +69 -55
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +684 -664
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +13 -10
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +441 -375
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h +10 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/common.upbdefs.c +122 -114
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +1 -1
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +112 -79
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.c +64 -0
- data/src/core/ext/upbdefs-generated/envoy/type/http/v3/path_transformation.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/regex.upbdefs.c +35 -32
- data/src/core/ext/upbdefs-generated/google/rpc/status.upbdefs.c +4 -4
- data/src/core/ext/upbdefs-generated/validate/validate.upbdefs.c +182 -160
- data/src/core/ext/xds/certificate_provider_store.h +1 -1
- data/src/core/ext/xds/xds_api.cc +582 -257
- data/src/core/ext/xds/xds_api.h +46 -8
- data/src/core/ext/xds/xds_bootstrap.cc +4 -1
- data/src/core/ext/xds/xds_client.cc +66 -43
- data/src/core/ext/xds/xds_client.h +0 -4
- data/src/core/ext/xds/xds_http_filters.cc +3 -2
- data/src/core/ext/xds/xds_http_filters.h +3 -0
- data/src/core/lib/address_utils/sockaddr_utils.cc +13 -0
- data/src/core/lib/address_utils/sockaddr_utils.h +10 -0
- data/src/core/lib/channel/call_tracer.h +85 -0
- data/src/core/lib/channel/channel_stack.h +1 -1
- data/src/core/lib/channel/channelz.h +3 -0
- data/src/core/lib/channel/context.h +3 -0
- data/src/core/lib/channel/status_util.h +4 -0
- data/src/core/lib/compression/stream_compression.h +1 -1
- data/src/core/lib/compression/stream_compression_gzip.h +1 -1
- data/src/core/lib/compression/stream_compression_identity.h +1 -1
- data/src/core/lib/debug/stats.h +1 -1
- data/src/core/lib/event_engine/endpoint_config.cc +46 -0
- data/src/core/lib/event_engine/endpoint_config_internal.h +42 -0
- data/src/core/lib/event_engine/event_engine.cc +50 -0
- data/src/core/lib/event_engine/sockaddr.cc +14 -12
- data/src/core/lib/event_engine/sockaddr.h +44 -0
- data/src/core/lib/gpr/murmur_hash.cc +4 -2
- data/src/core/lib/gpr/wrap_memcpy.cc +2 -1
- data/src/core/lib/gprpp/manual_constructor.h +1 -1
- data/src/core/lib/gprpp/orphanable.h +3 -3
- data/src/core/lib/gprpp/status_helper.h +3 -0
- data/src/core/lib/gprpp/sync.h +2 -30
- data/src/core/lib/iomgr/buffer_list.cc +1 -1
- data/src/core/lib/iomgr/endpoint_pair_event_engine.cc +33 -0
- data/src/core/lib/iomgr/error.cc +5 -4
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.h +1 -1
- data/src/core/lib/iomgr/event_engine/closure.cc +54 -0
- data/src/core/lib/iomgr/event_engine/closure.h +33 -0
- data/src/core/lib/iomgr/event_engine/endpoint.cc +192 -0
- data/src/core/lib/iomgr/event_engine/endpoint.h +53 -0
- data/src/core/lib/iomgr/event_engine/iomgr.cc +105 -0
- data/src/core/lib/iomgr/event_engine/iomgr.h +24 -0
- data/src/core/lib/iomgr/event_engine/pollset.cc +87 -0
- data/{include/grpc/event_engine/channel_args.h → src/core/lib/iomgr/event_engine/pollset.h} +7 -10
- data/src/core/lib/iomgr/event_engine/promise.h +51 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.cc +41 -0
- data/src/core/lib/iomgr/event_engine/resolved_address_internal.h +35 -0
- data/src/core/lib/iomgr/event_engine/resolver.cc +110 -0
- data/src/core/lib/iomgr/event_engine/tcp.cc +263 -0
- data/src/core/lib/iomgr/event_engine/timer.cc +57 -0
- data/src/core/lib/iomgr/exec_ctx.cc +8 -0
- data/src/core/lib/iomgr/exec_ctx.h +3 -4
- data/src/core/lib/iomgr/executor/threadpool.cc +2 -3
- data/src/core/lib/iomgr/executor/threadpool.h +2 -2
- data/src/core/lib/iomgr/iomgr.cc +1 -1
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -0
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +40 -10
- data/src/core/lib/iomgr/pollset_custom.cc +2 -2
- data/src/core/lib/iomgr/pollset_custom.h +3 -1
- data/src/core/lib/iomgr/pollset_uv.cc +3 -1
- data/src/core/lib/iomgr/pollset_uv.h +5 -1
- data/src/core/lib/iomgr/port.h +7 -5
- data/src/core/lib/iomgr/python_util.h +1 -1
- data/src/core/lib/iomgr/resolve_address.cc +5 -1
- data/src/core/lib/iomgr/resolve_address.h +6 -0
- data/src/core/lib/iomgr/resource_quota.cc +2 -0
- data/src/core/lib/iomgr/sockaddr.h +1 -0
- data/src/core/lib/iomgr/socket_mutator.cc +15 -2
- data/src/core/lib/iomgr/socket_mutator.h +26 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -4
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/tcp_client_posix.cc +7 -2
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -0
- data/src/core/lib/iomgr/tcp_posix.cc +42 -39
- data/src/core/lib/iomgr/tcp_posix.h +8 -0
- data/src/core/lib/iomgr/tcp_server_custom.cc +3 -4
- data/src/core/lib/iomgr/tcp_server_posix.cc +7 -0
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +2 -1
- data/src/core/lib/iomgr/timer.h +6 -1
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/json/json_reader.cc +1 -2
- data/src/core/lib/matchers/matchers.cc +8 -20
- data/src/core/lib/matchers/matchers.h +2 -1
- data/src/core/lib/security/authorization/authorization_engine.h +44 -0
- data/src/core/lib/security/authorization/authorization_policy_provider.h +32 -0
- data/src/core/lib/security/authorization/authorization_policy_provider_vtable.cc +46 -0
- data/src/core/lib/security/authorization/evaluate_args.cc +209 -0
- data/src/core/lib/security/authorization/evaluate_args.h +91 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +3 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +49 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +7 -0
- data/src/core/lib/security/credentials/tls/tls_utils.cc +32 -0
- data/src/core/lib/security/credentials/tls/tls_utils.h +13 -0
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +9 -6
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -0
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +6 -18
- data/src/core/lib/security/transport/security_handshaker.cc +12 -4
- data/src/core/lib/security/transport/server_auth_filter.cc +0 -7
- data/src/core/lib/slice/slice.cc +12 -2
- data/src/core/lib/slice/slice_internal.h +1 -0
- data/src/core/lib/surface/call.cc +26 -7
- data/src/core/lib/surface/call.h +11 -0
- data/src/core/lib/surface/completion_queue.cc +22 -22
- data/src/core/lib/surface/completion_queue.h +1 -1
- data/src/core/lib/surface/completion_queue_factory.cc +1 -2
- data/src/core/lib/surface/init.cc +1 -3
- data/src/core/lib/surface/init.h +10 -1
- data/src/core/lib/surface/server.cc +3 -1
- data/src/core/lib/surface/server.h +3 -3
- data/src/core/lib/surface/version.cc +2 -4
- data/src/core/lib/transport/error_utils.cc +2 -2
- data/src/core/lib/transport/metadata_batch.cc +13 -2
- data/src/core/lib/transport/metadata_batch.h +7 -0
- data/src/core/lib/transport/transport.h +2 -0
- data/src/core/lib/transport/transport_op_string.cc +1 -1
- data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
- data/src/core/tsi/alts/crypt/gsec.h +2 -0
- data/src/ruby/ext/grpc/extconf.rb +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +6 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +10 -1
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/boringssl-with-bazel/err_data.c +269 -263
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +8 -6
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/cipher_extra.c +4 -0
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +9 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +0 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/md32_common.h +87 -121
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md4/md4.c +20 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/md5/md5.c +19 -30
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +26 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +10 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +28 -39
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +48 -66
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +362 -371
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +4 -2
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_asn1.c +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +101 -11
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +14 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +53 -73
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +31 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +5 -8
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +5 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +7 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +5 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +66 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +40 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/chacha.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +6 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +14 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +19 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +325 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs7.h +23 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +99 -63
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -109
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +12 -19
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +48 -50
- data/third_party/boringssl-with-bazel/src/include/openssl/x509_vfy.h +451 -435
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_srtp.cc +1 -1
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +773 -84
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +80 -47
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +24 -19
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +189 -86
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +45 -56
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +272 -167
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +14 -19
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +34 -102
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +2 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +8 -31
- data/third_party/boringssl-with-bazel/src/ssl/ssl_stat.cc +3 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_transcript.cc +4 -3
- data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +7 -3
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +576 -648
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +31 -3
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +98 -39
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +141 -94
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +58 -68
- data/third_party/xxhash/xxhash.h +77 -195
- metadata +81 -39
- data/src/core/lib/gpr/arena.h +0 -47
- data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +0 -267
- data/third_party/boringssl-with-bazel/src/crypto/x509/vpm_int.h +0 -71
@@ -192,7 +192,8 @@ static int pkcs7_bundle_certificates_cb(CBB *out, const void *arg) {
|
|
192
192
|
}
|
193
193
|
}
|
194
194
|
|
195
|
-
|
195
|
+
// |certificates| is a implicitly-tagged SET OF.
|
196
|
+
return CBB_flush_asn1_set_of(&certificates) && CBB_flush(out);
|
196
197
|
}
|
197
198
|
|
198
199
|
int PKCS7_bundle_certificates(CBB *out, const STACK_OF(X509) *certs) {
|
@@ -222,7 +223,8 @@ static int pkcs7_bundle_crls_cb(CBB *out, const void *arg) {
|
|
222
223
|
}
|
223
224
|
}
|
224
225
|
|
225
|
-
|
226
|
+
// |crl_data| is a implicitly-tagged SET OF.
|
227
|
+
return CBB_flush_asn1_set_of(&crl_data) && CBB_flush(out);
|
226
228
|
}
|
227
229
|
|
228
230
|
int PKCS7_bundle_CRLs(CBB *out, const STACK_OF(X509_CRL) *crls) {
|
@@ -15,7 +15,7 @@
|
|
15
15
|
#include <openssl/base.h>
|
16
16
|
#include "../fipsmodule/rand/internal.h"
|
17
17
|
|
18
|
-
#if defined(
|
18
|
+
#if defined(BORINGSSL_FIPS)
|
19
19
|
|
20
20
|
// RAND_need_entropy is called by the FIPS module when it has blocked because of
|
21
21
|
// a lack of entropy. This signal is used as an indication to feed it more.
|
@@ -31,4 +31,4 @@ void RAND_need_entropy(size_t bytes_needed) {
|
|
31
31
|
RAND_load_entropy(buf, todo, used_cpu);
|
32
32
|
}
|
33
33
|
|
34
|
-
#endif //
|
34
|
+
#endif // FIPS
|
@@ -1,16 +1,60 @@
|
|
1
|
-
/*
|
1
|
+
/*
|
2
|
+
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
|
3
|
+
* 2013.
|
4
|
+
*/
|
5
|
+
/* ====================================================================
|
6
|
+
* Copyright (c) 2013 The OpenSSL Project. All rights reserved.
|
2
7
|
*
|
3
|
-
*
|
4
|
-
*
|
5
|
-
*
|
8
|
+
* Redistribution and use in source and binary forms, with or without
|
9
|
+
* modification, are permitted provided that the following conditions
|
10
|
+
* are met:
|
6
11
|
*
|
7
|
-
*
|
8
|
-
*
|
9
|
-
*
|
10
|
-
*
|
11
|
-
*
|
12
|
-
*
|
13
|
-
*
|
12
|
+
* 1. Redistributions of source code must retain the above copyright
|
13
|
+
* notice, this list of conditions and the following disclaimer.
|
14
|
+
*
|
15
|
+
* 2. Redistributions in binary form must reproduce the above copyright
|
16
|
+
* notice, this list of conditions and the following disclaimer in
|
17
|
+
* the documentation and/or other materials provided with the
|
18
|
+
* distribution.
|
19
|
+
*
|
20
|
+
* 3. All advertising materials mentioning features or use of this
|
21
|
+
* software must display the following acknowledgment:
|
22
|
+
* "This product includes software developed by the OpenSSL Project
|
23
|
+
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
|
24
|
+
*
|
25
|
+
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
26
|
+
* endorse or promote products derived from this software without
|
27
|
+
* prior written permission. For written permission, please contact
|
28
|
+
* licensing@OpenSSL.org.
|
29
|
+
*
|
30
|
+
* 5. Products derived from this software may not be called "OpenSSL"
|
31
|
+
* nor may "OpenSSL" appear in their names without prior written
|
32
|
+
* permission of the OpenSSL Project.
|
33
|
+
*
|
34
|
+
* 6. Redistributions of any form whatsoever must retain the following
|
35
|
+
* acknowledgment:
|
36
|
+
* "This product includes software developed by the OpenSSL Project
|
37
|
+
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
|
38
|
+
*
|
39
|
+
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
40
|
+
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
41
|
+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
42
|
+
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
43
|
+
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
44
|
+
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
45
|
+
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
46
|
+
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
47
|
+
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
48
|
+
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
49
|
+
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
50
|
+
* OF THE POSSIBILITY OF SUCH DAMAGE.
|
51
|
+
* ====================================================================
|
52
|
+
*
|
53
|
+
* This product includes cryptographic software written by Eric Young
|
54
|
+
* (eay@cryptsoft.com). This product includes software written by Tim
|
55
|
+
* Hudson (tjh@cryptsoft.com).
|
56
|
+
*
|
57
|
+
*/
|
14
58
|
|
15
59
|
#ifndef OPENSSL_HEADER_X509_INTERNAL_H
|
16
60
|
#define OPENSSL_HEADER_X509_INTERNAL_H
|
@@ -42,6 +86,52 @@ struct x509_attributes_st {
|
|
42
86
|
STACK_OF(ASN1_TYPE) *set;
|
43
87
|
} /* X509_ATTRIBUTE */;
|
44
88
|
|
89
|
+
struct x509_cert_aux_st {
|
90
|
+
STACK_OF(ASN1_OBJECT) *trust; // trusted uses
|
91
|
+
STACK_OF(ASN1_OBJECT) *reject; // rejected uses
|
92
|
+
ASN1_UTF8STRING *alias; // "friendly name"
|
93
|
+
ASN1_OCTET_STRING *keyid; // key id of private key
|
94
|
+
STACK_OF(X509_ALGOR) *other; // other unspecified info
|
95
|
+
} /* X509_CERT_AUX */;
|
96
|
+
|
97
|
+
typedef struct {
|
98
|
+
ASN1_ENCODING enc;
|
99
|
+
ASN1_INTEGER *version;
|
100
|
+
X509_NAME *subject;
|
101
|
+
X509_PUBKEY *pubkey;
|
102
|
+
// d=2 hl=2 l= 0 cons: cont: 00
|
103
|
+
STACK_OF(X509_ATTRIBUTE) *attributes; // [ 0 ]
|
104
|
+
} X509_REQ_INFO;
|
105
|
+
|
106
|
+
DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
|
107
|
+
|
108
|
+
struct X509_req_st {
|
109
|
+
X509_REQ_INFO *req_info;
|
110
|
+
X509_ALGOR *sig_alg;
|
111
|
+
ASN1_BIT_STRING *signature;
|
112
|
+
CRYPTO_refcount_t references;
|
113
|
+
} /* X509_REQ */;
|
114
|
+
|
115
|
+
struct X509_VERIFY_PARAM_st {
|
116
|
+
char *name;
|
117
|
+
time_t check_time; // Time to use
|
118
|
+
unsigned long inh_flags; // Inheritance flags
|
119
|
+
unsigned long flags; // Various verify flags
|
120
|
+
int purpose; // purpose to check untrusted certificates
|
121
|
+
int trust; // trust setting to check
|
122
|
+
int depth; // Verify depth
|
123
|
+
STACK_OF(ASN1_OBJECT) *policies; // Permissible policies
|
124
|
+
// The following fields specify acceptable peer identities.
|
125
|
+
STACK_OF(OPENSSL_STRING) *hosts; // Set of acceptable names
|
126
|
+
unsigned int hostflags; // Flags to control matching features
|
127
|
+
char *peername; // Matching hostname in peer certificate
|
128
|
+
char *email; // If not NULL email address to match
|
129
|
+
size_t emaillen;
|
130
|
+
unsigned char *ip; // If not NULL IP address to match
|
131
|
+
size_t iplen; // Length of IP address
|
132
|
+
unsigned char poison; // Fail all verifications at name checking
|
133
|
+
} /* X509_VERIFY_PARAM */;
|
134
|
+
|
45
135
|
|
46
136
|
/* RSA-PSS functions. */
|
47
137
|
|
@@ -384,7 +384,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
|
|
384
384
|
} else
|
385
385
|
i = 0;
|
386
386
|
|
387
|
-
if (X509_get_version(x) !=
|
387
|
+
if (X509_get_version(x) != X509_VERSION_3) {
|
388
388
|
rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
|
389
389
|
/* Correct error depth */
|
390
390
|
i = 0;
|
@@ -402,7 +402,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
|
|
402
402
|
for (; i < sk_X509_num(chain); i++) {
|
403
403
|
sign_nid = X509_get_signature_nid(x);
|
404
404
|
x = sk_X509_value(chain, i);
|
405
|
-
if (X509_get_version(x) !=
|
405
|
+
if (X509_get_version(x) != X509_VERSION_3) {
|
406
406
|
rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
|
407
407
|
goto end;
|
408
408
|
}
|
@@ -67,7 +67,7 @@
|
|
67
67
|
#include <openssl/x509.h>
|
68
68
|
#include <openssl/x509v3.h>
|
69
69
|
|
70
|
-
#include "
|
70
|
+
#include "internal.h"
|
71
71
|
#include "../internal.h"
|
72
72
|
#include "../x509v3/internal.h"
|
73
73
|
|
@@ -835,20 +835,20 @@ static int check_id_error(X509_STORE_CTX *ctx, int errcode)
|
|
835
835
|
return ctx->verify_cb(0, ctx);
|
836
836
|
}
|
837
837
|
|
838
|
-
static int check_hosts(X509 *x,
|
838
|
+
static int check_hosts(X509 *x, X509_VERIFY_PARAM *param)
|
839
839
|
{
|
840
840
|
size_t i;
|
841
|
-
size_t n = sk_OPENSSL_STRING_num(
|
841
|
+
size_t n = sk_OPENSSL_STRING_num(param->hosts);
|
842
842
|
char *name;
|
843
843
|
|
844
|
-
if (
|
845
|
-
OPENSSL_free(
|
846
|
-
|
844
|
+
if (param->peername != NULL) {
|
845
|
+
OPENSSL_free(param->peername);
|
846
|
+
param->peername = NULL;
|
847
847
|
}
|
848
848
|
for (i = 0; i < n; ++i) {
|
849
|
-
name = sk_OPENSSL_STRING_value(
|
850
|
-
if (X509_check_host(x, name, strlen(name),
|
851
|
-
&
|
849
|
+
name = sk_OPENSSL_STRING_value(param->hosts, i);
|
850
|
+
if (X509_check_host(x, name, strlen(name), param->hostflags,
|
851
|
+
¶m->peername) > 0)
|
852
852
|
return 1;
|
853
853
|
}
|
854
854
|
return n == 0;
|
@@ -857,21 +857,20 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
|
|
857
857
|
static int check_id(X509_STORE_CTX *ctx)
|
858
858
|
{
|
859
859
|
X509_VERIFY_PARAM *vpm = ctx->param;
|
860
|
-
X509_VERIFY_PARAM_ID *id = vpm->id;
|
861
860
|
X509 *x = ctx->cert;
|
862
|
-
if (
|
861
|
+
if (vpm->poison) {
|
863
862
|
if (!check_id_error(ctx, X509_V_ERR_INVALID_CALL))
|
864
863
|
return 0;
|
865
864
|
}
|
866
|
-
if (
|
865
|
+
if (vpm->hosts && check_hosts(x, vpm) <= 0) {
|
867
866
|
if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
|
868
867
|
return 0;
|
869
868
|
}
|
870
|
-
if (
|
869
|
+
if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
|
871
870
|
if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
|
872
871
|
return 0;
|
873
872
|
}
|
874
|
-
if (
|
873
|
+
if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
|
875
874
|
if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
|
876
875
|
return 0;
|
877
876
|
}
|
@@ -2052,7 +2051,7 @@ X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
|
|
2052
2051
|
}
|
2053
2052
|
/* Create new CRL */
|
2054
2053
|
crl = X509_CRL_new();
|
2055
|
-
if (!crl || !X509_CRL_set_version(crl,
|
2054
|
+
if (!crl || !X509_CRL_set_version(crl, X509_CRL_VERSION_2))
|
2056
2055
|
goto memerr;
|
2057
2056
|
/* Set issuer name */
|
2058
2057
|
if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
|
@@ -62,8 +62,9 @@
|
|
62
62
|
#include <openssl/x509.h>
|
63
63
|
#include <openssl/x509v3.h>
|
64
64
|
|
65
|
-
#include "
|
65
|
+
#include "internal.h"
|
66
66
|
#include "../internal.h"
|
67
|
+
#include "../x509v3/internal.h"
|
67
68
|
|
68
69
|
|
69
70
|
/* X509_VERIFY_PARAM functions */
|
@@ -83,7 +84,7 @@ static void str_free(char *s)
|
|
83
84
|
|
84
85
|
#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)
|
85
86
|
|
86
|
-
static int int_x509_param_set_hosts(
|
87
|
+
static int int_x509_param_set_hosts(X509_VERIFY_PARAM *param, int mode,
|
87
88
|
const char *name, size_t namelen)
|
88
89
|
{
|
89
90
|
char *copy;
|
@@ -100,26 +101,26 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
|
|
100
101
|
if (name && OPENSSL_memchr(name, '\0', namelen))
|
101
102
|
return 0;
|
102
103
|
|
103
|
-
if (mode == SET_HOST &&
|
104
|
-
string_stack_free(
|
105
|
-
|
104
|
+
if (mode == SET_HOST && param->hosts) {
|
105
|
+
string_stack_free(param->hosts);
|
106
|
+
param->hosts = NULL;
|
106
107
|
}
|
107
108
|
|
108
109
|
copy = OPENSSL_strndup(name, namelen);
|
109
110
|
if (copy == NULL)
|
110
111
|
return 0;
|
111
112
|
|
112
|
-
if (
|
113
|
-
(
|
113
|
+
if (param->hosts == NULL &&
|
114
|
+
(param->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
|
114
115
|
OPENSSL_free(copy);
|
115
116
|
return 0;
|
116
117
|
}
|
117
118
|
|
118
|
-
if (!sk_OPENSSL_STRING_push(
|
119
|
+
if (!sk_OPENSSL_STRING_push(param->hosts, copy)) {
|
119
120
|
OPENSSL_free(copy);
|
120
|
-
if (sk_OPENSSL_STRING_num(
|
121
|
-
sk_OPENSSL_STRING_free(
|
122
|
-
|
121
|
+
if (sk_OPENSSL_STRING_num(param->hosts) == 0) {
|
122
|
+
sk_OPENSSL_STRING_free(param->hosts);
|
123
|
+
param->hosts = NULL;
|
123
124
|
}
|
124
125
|
return 0;
|
125
126
|
}
|
@@ -129,7 +130,6 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
|
|
129
130
|
|
130
131
|
static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
|
131
132
|
{
|
132
|
-
X509_VERIFY_PARAM_ID *paramid;
|
133
133
|
if (!param)
|
134
134
|
return;
|
135
135
|
param->name = NULL;
|
@@ -145,43 +145,34 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
|
|
145
145
|
sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
|
146
146
|
param->policies = NULL;
|
147
147
|
}
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
paramid->hosts = NULL;
|
148
|
+
if (param->hosts) {
|
149
|
+
string_stack_free(param->hosts);
|
150
|
+
param->hosts = NULL;
|
152
151
|
}
|
153
|
-
if (
|
154
|
-
OPENSSL_free(
|
155
|
-
|
152
|
+
if (param->peername) {
|
153
|
+
OPENSSL_free(param->peername);
|
154
|
+
param->peername = NULL;
|
156
155
|
}
|
157
|
-
if (
|
158
|
-
OPENSSL_free(
|
159
|
-
|
160
|
-
|
156
|
+
if (param->email) {
|
157
|
+
OPENSSL_free(param->email);
|
158
|
+
param->email = NULL;
|
159
|
+
param->emaillen = 0;
|
161
160
|
}
|
162
|
-
if (
|
163
|
-
OPENSSL_free(
|
164
|
-
|
165
|
-
|
161
|
+
if (param->ip) {
|
162
|
+
OPENSSL_free(param->ip);
|
163
|
+
param->ip = NULL;
|
164
|
+
param->iplen = 0;
|
166
165
|
}
|
167
|
-
|
166
|
+
param->poison = 0;
|
168
167
|
}
|
169
168
|
|
170
169
|
X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
|
171
170
|
{
|
172
171
|
X509_VERIFY_PARAM *param;
|
173
|
-
X509_VERIFY_PARAM_ID *paramid;
|
174
172
|
param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
|
175
173
|
if (!param)
|
176
174
|
return NULL;
|
177
|
-
paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM_ID));
|
178
|
-
if (!paramid) {
|
179
|
-
OPENSSL_free(param);
|
180
|
-
return NULL;
|
181
|
-
}
|
182
175
|
OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
|
183
|
-
OPENSSL_memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID));
|
184
|
-
param->id = paramid;
|
185
176
|
x509_verify_param_zero(param);
|
186
177
|
return param;
|
187
178
|
}
|
@@ -191,7 +182,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
|
|
191
182
|
if (param == NULL)
|
192
183
|
return;
|
193
184
|
x509_verify_param_zero(param);
|
194
|
-
OPENSSL_free(param->id);
|
195
185
|
OPENSSL_free(param);
|
196
186
|
}
|
197
187
|
|
@@ -233,11 +223,6 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
|
|
233
223
|
(to_overwrite || \
|
234
224
|
((src->field != (def)) && (to_default || (dest->field == (def)))))
|
235
225
|
|
236
|
-
/* As above but for ID fields */
|
237
|
-
|
238
|
-
#define test_x509_verify_param_copy_id(idf, def) \
|
239
|
-
test_x509_verify_param_copy(id->idf, def)
|
240
|
-
|
241
226
|
/* Macro to test and copy a field if necessary */
|
242
227
|
|
243
228
|
#define x509_verify_param_copy(field, def) \
|
@@ -249,10 +234,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
|
|
249
234
|
{
|
250
235
|
unsigned long inh_flags;
|
251
236
|
int to_default, to_overwrite;
|
252
|
-
X509_VERIFY_PARAM_ID *id;
|
253
237
|
if (!src)
|
254
238
|
return 1;
|
255
|
-
id = src->id;
|
256
239
|
inh_flags = dest->inh_flags | src->inh_flags;
|
257
240
|
|
258
241
|
if (inh_flags & X509_VP_FLAG_ONCE)
|
@@ -294,31 +277,31 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
|
|
294
277
|
}
|
295
278
|
|
296
279
|
/* Copy the host flags if and only if we're copying the host list */
|
297
|
-
if (
|
298
|
-
if (dest->
|
299
|
-
string_stack_free(dest->
|
300
|
-
dest->
|
280
|
+
if (test_x509_verify_param_copy(hosts, NULL)) {
|
281
|
+
if (dest->hosts) {
|
282
|
+
string_stack_free(dest->hosts);
|
283
|
+
dest->hosts = NULL;
|
301
284
|
}
|
302
|
-
if (
|
303
|
-
dest->
|
304
|
-
sk_OPENSSL_STRING_deep_copy(
|
305
|
-
if (dest->
|
285
|
+
if (src->hosts) {
|
286
|
+
dest->hosts =
|
287
|
+
sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
|
288
|
+
if (dest->hosts == NULL)
|
306
289
|
return 0;
|
307
|
-
dest->
|
290
|
+
dest->hostflags = src->hostflags;
|
308
291
|
}
|
309
292
|
}
|
310
293
|
|
311
|
-
if (
|
312
|
-
if (!X509_VERIFY_PARAM_set1_email(dest,
|
294
|
+
if (test_x509_verify_param_copy(email, NULL)) {
|
295
|
+
if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
|
313
296
|
return 0;
|
314
297
|
}
|
315
298
|
|
316
|
-
if (
|
317
|
-
if (!X509_VERIFY_PARAM_set1_ip(dest,
|
299
|
+
if (test_x509_verify_param_copy(ip, NULL)) {
|
300
|
+
if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
|
318
301
|
return 0;
|
319
302
|
}
|
320
303
|
|
321
|
-
dest->
|
304
|
+
dest->poison = src->poison;
|
322
305
|
|
323
306
|
return 1;
|
324
307
|
}
|
@@ -457,8 +440,8 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
|
|
457
440
|
int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
458
441
|
const char *name, size_t namelen)
|
459
442
|
{
|
460
|
-
if (!int_x509_param_set_hosts(param
|
461
|
-
param->
|
443
|
+
if (!int_x509_param_set_hosts(param, SET_HOST, name, namelen)) {
|
444
|
+
param->poison = 1;
|
462
445
|
return 0;
|
463
446
|
}
|
464
447
|
return 1;
|
@@ -467,8 +450,8 @@ int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
|
|
467
450
|
int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
468
451
|
const char *name, size_t namelen)
|
469
452
|
{
|
470
|
-
if (!int_x509_param_set_hosts(param
|
471
|
-
param->
|
453
|
+
if (!int_x509_param_set_hosts(param, ADD_HOST, name, namelen)) {
|
454
|
+
param->poison = 1;
|
472
455
|
return 0;
|
473
456
|
}
|
474
457
|
return 1;
|
@@ -477,21 +460,21 @@ int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
|
|
477
460
|
void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
|
478
461
|
unsigned int flags)
|
479
462
|
{
|
480
|
-
param->
|
463
|
+
param->hostflags = flags;
|
481
464
|
}
|
482
465
|
|
483
466
|
char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
|
484
467
|
{
|
485
|
-
return param->
|
468
|
+
return param->peername;
|
486
469
|
}
|
487
470
|
|
488
471
|
int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
|
489
472
|
const char *email, size_t emaillen)
|
490
473
|
{
|
491
474
|
if (OPENSSL_memchr(email, '\0', emaillen) != NULL ||
|
492
|
-
!int_x509_param_set1(¶m->
|
475
|
+
!int_x509_param_set1(¶m->email, ¶m->emaillen,
|
493
476
|
email, emaillen)) {
|
494
|
-
param->
|
477
|
+
param->poison = 1;
|
495
478
|
return 0;
|
496
479
|
}
|
497
480
|
|
@@ -502,9 +485,9 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
|
|
502
485
|
const unsigned char *ip, size_t iplen)
|
503
486
|
{
|
504
487
|
if ((iplen != 4 && iplen != 16) ||
|
505
|
-
!int_x509_param_set1((char **)¶m->
|
488
|
+
!int_x509_param_set1((char **)¶m->ip, ¶m->iplen,
|
506
489
|
(char *)ip, iplen)) {
|
507
|
-
param->
|
490
|
+
param->poison = 1;
|
508
491
|
return 0;
|
509
492
|
}
|
510
493
|
|
@@ -516,7 +499,7 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
|
|
516
499
|
unsigned char ipout[16];
|
517
500
|
size_t iplen;
|
518
501
|
|
519
|
-
iplen = (size_t)
|
502
|
+
iplen = (size_t)x509v3_a2i_ipadd(ipout, ipasc);
|
520
503
|
if (iplen == 0)
|
521
504
|
return 0;
|
522
505
|
return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
|
@@ -532,10 +515,7 @@ const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
|
|
532
515
|
return param->name;
|
533
516
|
}
|
534
517
|
|
535
|
-
|
536
|
-
{ NULL, 0U, NULL, NULL, 0, NULL, 0, 0 };
|
537
|
-
|
538
|
-
#define vpm_empty_id ((X509_VERIFY_PARAM_ID *)&_empty_id)
|
518
|
+
#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0, 0
|
539
519
|
|
540
520
|
/*
|
541
521
|
* Default verify parameters: these are used for various applications and can
|