grpc 1.53.0.pre2 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +80 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/impl/grpc_types.h +11 -2
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +13 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +42 -23
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +5 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
- data/src/core/lib/backoff/random_early_detection.h +59 -0
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/endpoint_pair.h +2 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +9 -6
- data/src/core/lib/transport/metadata_batch.h +58 -16
- data/src/core/lib/transport/parsed_metadata.h +3 -3
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +107 -72
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -163,12 +163,16 @@ OPENSSL_EXPORT void ERR_free_strings(void);
|
|
|
163
163
|
|
|
164
164
|
// ERR_GET_LIB returns the library code for the error. This is one of
|
|
165
165
|
// the |ERR_LIB_*| values.
|
|
166
|
-
|
|
166
|
+
OPENSSL_INLINE int ERR_GET_LIB(uint32_t packed_error) {
|
|
167
|
+
return (int)((packed_error >> 24) & 0xff);
|
|
168
|
+
}
|
|
167
169
|
|
|
168
170
|
// ERR_GET_REASON returns the reason code for the error. This is one of
|
|
169
171
|
// library-specific |LIB_R_*| values where |LIB| is the library (see
|
|
170
172
|
// |ERR_GET_LIB|). Note that reason codes are specific to the library.
|
|
171
|
-
|
|
173
|
+
OPENSSL_INLINE int ERR_GET_REASON(uint32_t packed_error) {
|
|
174
|
+
return (int)(packed_error & 0xfff);
|
|
175
|
+
}
|
|
172
176
|
|
|
173
177
|
// ERR_get_error gets the packed error code for the least recent error and
|
|
174
178
|
// removes that error from the queue. If there are no errors in the queue then
|
|
@@ -183,6 +187,15 @@ OPENSSL_EXPORT uint32_t ERR_get_error_line(const char **file, int *line);
|
|
|
183
187
|
// can be printed. This is always set if |data| is non-NULL.
|
|
184
188
|
#define ERR_FLAG_STRING 1
|
|
185
189
|
|
|
190
|
+
// ERR_FLAG_MALLOCED is passed into |ERR_set_error_data| to indicate that |data|
|
|
191
|
+
// was allocated with |OPENSSL_malloc|.
|
|
192
|
+
//
|
|
193
|
+
// It is, separately, returned in |*flags| from |ERR_get_error_line_data| to
|
|
194
|
+
// indicate that |*data| has a non-static lifetime, but this lifetime is still
|
|
195
|
+
// managed by the library. The caller must not call |OPENSSL_free| or |free| on
|
|
196
|
+
// |data|.
|
|
197
|
+
#define ERR_FLAG_MALLOCED 2
|
|
198
|
+
|
|
186
199
|
// ERR_get_error_line_data acts like |ERR_get_error_line|, but also returns the
|
|
187
200
|
// error-specific data pointer and flags. The flags are a bitwise-OR of
|
|
188
201
|
// |ERR_FLAG_*| values. The error-specific data is owned by the error queue
|
|
@@ -406,11 +419,15 @@ OPENSSL_EXPORT char *ERR_error_string(uint32_t packed_error, char *buf);
|
|
|
406
419
|
#define ERR_ERROR_STRING_BUF_LEN 120
|
|
407
420
|
|
|
408
421
|
// ERR_GET_FUNC returns zero. BoringSSL errors do not report a function code.
|
|
409
|
-
|
|
422
|
+
OPENSSL_INLINE int ERR_GET_FUNC(uint32_t packed_error) {
|
|
423
|
+
(void)packed_error;
|
|
424
|
+
return 0;
|
|
425
|
+
}
|
|
410
426
|
|
|
411
|
-
//
|
|
412
|
-
//
|
|
427
|
+
// ERR_TXT_* are provided for compatibility with code that assumes that it's
|
|
428
|
+
// using OpenSSL.
|
|
413
429
|
#define ERR_TXT_STRING ERR_FLAG_STRING
|
|
430
|
+
#define ERR_TXT_MALLOCED ERR_FLAG_MALLOCED
|
|
414
431
|
|
|
415
432
|
|
|
416
433
|
// Private functions.
|
|
@@ -444,6 +461,17 @@ OPENSSL_EXPORT void ERR_add_error_data(unsigned count, ...);
|
|
|
444
461
|
OPENSSL_EXPORT void ERR_add_error_dataf(const char *format, ...)
|
|
445
462
|
OPENSSL_PRINTF_FORMAT_FUNC(1, 2);
|
|
446
463
|
|
|
464
|
+
// ERR_set_error_data sets the data on the most recent error to |data|, which
|
|
465
|
+
// must be a NUL-terminated string. |flags| must contain |ERR_FLAG_STRING|. If
|
|
466
|
+
// |flags| contains |ERR_FLAG_MALLOCED|, this function takes ownership of
|
|
467
|
+
// |data|, which must have been allocated with |OPENSSL_malloc|. Otherwise, it
|
|
468
|
+
// saves a copy of |data|.
|
|
469
|
+
//
|
|
470
|
+
// Note this differs from OpenSSL which, when |ERR_FLAG_MALLOCED| is unset,
|
|
471
|
+
// saves the pointer as-is and requires it remain valid for the lifetime of the
|
|
472
|
+
// address space.
|
|
473
|
+
OPENSSL_EXPORT void ERR_set_error_data(char *data, int flags);
|
|
474
|
+
|
|
447
475
|
// ERR_NUM_ERRORS is one more than the limit of the number of errors in the
|
|
448
476
|
// queue.
|
|
449
477
|
#define ERR_NUM_ERRORS 16
|
|
@@ -178,6 +178,7 @@ OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey);
|
|
|
178
178
|
#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey
|
|
179
179
|
#define EVP_PKEY_ED25519 NID_ED25519
|
|
180
180
|
#define EVP_PKEY_X25519 NID_X25519
|
|
181
|
+
#define EVP_PKEY_HKDF NID_hkdf
|
|
181
182
|
|
|
182
183
|
// EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of
|
|
183
184
|
// the given type. It returns one if successful or zero if the |type| argument
|
|
@@ -665,11 +666,11 @@ OPENSSL_EXPORT int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
|
|
|
665
666
|
// success and zero on error.
|
|
666
667
|
OPENSSL_EXPORT int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
|
|
667
668
|
|
|
668
|
-
// EVP_PKEY_derive derives a shared key
|
|
669
|
-
//
|
|
670
|
-
//
|
|
671
|
-
//
|
|
672
|
-
//
|
|
669
|
+
// EVP_PKEY_derive derives a shared key from |ctx|. If |key| is non-NULL then,
|
|
670
|
+
// on entry, |out_key_len| must contain the amount of space at |key|. If
|
|
671
|
+
// sufficient then the shared key will be written to |key| and |*out_key_len|
|
|
672
|
+
// will be set to the length. If |key| is NULL then |out_key_len| will be set to
|
|
673
|
+
// the maximum length.
|
|
673
674
|
//
|
|
674
675
|
// WARNING: Setting |out| to NULL only gives the maximum size of the key. The
|
|
675
676
|
// actual key may be smaller.
|
|
@@ -935,7 +936,10 @@ OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx,
|
|
|
935
936
|
// EVP_PKEY_set1_tls_encodedpoint replaces |pkey| with a public key encoded by
|
|
936
937
|
// |in|. It returns one on success and zero on error.
|
|
937
938
|
//
|
|
938
|
-
//
|
|
939
|
+
// If |pkey| is an EC key, the format is an X9.62 point and |pkey| must already
|
|
940
|
+
// have an EC group configured. If it is an X25519 key, it is the 32-byte X25519
|
|
941
|
+
// public key representation. This function is not supported for other key types
|
|
942
|
+
// and will fail.
|
|
939
943
|
OPENSSL_EXPORT int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
|
|
940
944
|
const uint8_t *in,
|
|
941
945
|
size_t len);
|
|
@@ -945,7 +949,10 @@ OPENSSL_EXPORT int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
|
|
|
945
949
|
// |OPENSSL_free| to release this buffer. The function returns the length of the
|
|
946
950
|
// buffer on success and zero on error.
|
|
947
951
|
//
|
|
948
|
-
//
|
|
952
|
+
// If |pkey| is an EC key, the format is an X9.62 point with uncompressed
|
|
953
|
+
// coordinates. If it is an X25519 key, it is the 32-byte X25519 public key
|
|
954
|
+
// representation. This function is not supported for other key types and will
|
|
955
|
+
// fail.
|
|
949
956
|
OPENSSL_EXPORT size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey,
|
|
950
957
|
uint8_t **out_ptr);
|
|
951
958
|
|
|
@@ -1017,6 +1024,14 @@ OPENSSL_EXPORT int i2d_EC_PUBKEY(const EC_KEY *ec_key, uint8_t **outp);
|
|
|
1017
1024
|
OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **out, const uint8_t **inp,
|
|
1018
1025
|
long len);
|
|
1019
1026
|
|
|
1027
|
+
// EVP_PKEY_CTX_set_dsa_paramgen_bits returns zero.
|
|
1028
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx,
|
|
1029
|
+
int nbits);
|
|
1030
|
+
|
|
1031
|
+
// EVP_PKEY_CTX_set_dsa_paramgen_q_bits returns zero.
|
|
1032
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx,
|
|
1033
|
+
int qbits);
|
|
1034
|
+
|
|
1020
1035
|
|
|
1021
1036
|
// Preprocessor compatibility section (hidden).
|
|
1022
1037
|
//
|
|
@@ -1041,29 +1056,6 @@ OPENSSL_EXPORT EC_KEY *d2i_EC_PUBKEY(EC_KEY **out, const uint8_t **inp,
|
|
|
1041
1056
|
ERR_put_error(ERR_LIB_EVP, 0, reason, __FILE__, __LINE__)
|
|
1042
1057
|
|
|
1043
1058
|
|
|
1044
|
-
// Private structures.
|
|
1045
|
-
|
|
1046
|
-
struct evp_pkey_st {
|
|
1047
|
-
CRYPTO_refcount_t references;
|
|
1048
|
-
|
|
1049
|
-
// type contains one of the EVP_PKEY_* values or NID_undef and determines
|
|
1050
|
-
// which element (if any) of the |pkey| union is valid.
|
|
1051
|
-
int type;
|
|
1052
|
-
|
|
1053
|
-
union {
|
|
1054
|
-
void *ptr;
|
|
1055
|
-
RSA *rsa;
|
|
1056
|
-
DSA *dsa;
|
|
1057
|
-
DH *dh;
|
|
1058
|
-
EC_KEY *ec;
|
|
1059
|
-
} pkey;
|
|
1060
|
-
|
|
1061
|
-
// ameth contains a pointer to a method table that contains many ASN.1
|
|
1062
|
-
// methods for the key type.
|
|
1063
|
-
const EVP_PKEY_ASN1_METHOD *ameth;
|
|
1064
|
-
} /* EVP_PKEY */;
|
|
1065
|
-
|
|
1066
|
-
|
|
1067
1059
|
#if defined(__cplusplus)
|
|
1068
1060
|
} // extern C
|
|
1069
1061
|
|
|
@@ -145,7 +145,7 @@ OPENSSL_EXPORT int TYPE_get_ex_new_index(long argl, void *argp,
|
|
|
145
145
|
CRYPTO_EX_free *free_func);
|
|
146
146
|
|
|
147
147
|
// TYPE_set_ex_data sets an extra data pointer on |t|. The |index| argument
|
|
148
|
-
//
|
|
148
|
+
// must have been returned from a previous call to |TYPE_get_ex_new_index|.
|
|
149
149
|
OPENSSL_EXPORT int TYPE_set_ex_data(TYPE *t, int index, void *arg);
|
|
150
150
|
|
|
151
151
|
// TYPE_get_ex_data returns an extra data pointer for |t|, or NULL if no such
|
|
@@ -98,6 +98,10 @@ OPENSSL_EXPORT HMAC_CTX *HMAC_CTX_new(void);
|
|
|
98
98
|
// HMAC_CTX_cleanup frees data owned by |ctx|. It does not free |ctx| itself.
|
|
99
99
|
OPENSSL_EXPORT void HMAC_CTX_cleanup(HMAC_CTX *ctx);
|
|
100
100
|
|
|
101
|
+
// HMAC_CTX_cleanse zeros the digest state from |ctx| and then performs the
|
|
102
|
+
// actions of |HMAC_CTX_cleanup|.
|
|
103
|
+
OPENSSL_EXPORT void HMAC_CTX_cleanse(HMAC_CTX *ctx);
|
|
104
|
+
|
|
101
105
|
// HMAC_CTX_free calls |HMAC_CTX_cleanup| and then frees |ctx| itself.
|
|
102
106
|
OPENSSL_EXPORT void HMAC_CTX_free(HMAC_CTX *ctx);
|
|
103
107
|
|
|
@@ -133,6 +137,9 @@ OPENSSL_EXPORT int HMAC_Final(HMAC_CTX *ctx, uint8_t *out,
|
|
|
133
137
|
// |ctx|. On entry, |ctx| must have been setup with |HMAC_Init_ex|.
|
|
134
138
|
OPENSSL_EXPORT size_t HMAC_size(const HMAC_CTX *ctx);
|
|
135
139
|
|
|
140
|
+
// HMAC_CTX_get_md returns |ctx|'s hash function.
|
|
141
|
+
OPENSSL_EXPORT const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
|
|
142
|
+
|
|
136
143
|
// HMAC_CTX_copy_ex sets |dest| equal to |src|. On entry, |dest| must have been
|
|
137
144
|
// initialised by calling |HMAC_CTX_init|. It returns one on success and zero
|
|
138
145
|
// on error.
|
|
@@ -30,7 +30,7 @@ extern "C" {
|
|
|
30
30
|
// Hybrid Public Key Encryption (HPKE) enables a sender to encrypt messages to a
|
|
31
31
|
// receiver with a public key.
|
|
32
32
|
//
|
|
33
|
-
// See
|
|
33
|
+
// See RFC 9180.
|
|
34
34
|
|
|
35
35
|
|
|
36
36
|
// Parameters.
|
|
@@ -51,6 +51,30 @@ OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_hpke_x25519_hkdf_sha256(void);
|
|
|
51
51
|
// will be one of the |EVP_HPKE_KEM_*| constants.
|
|
52
52
|
OPENSSL_EXPORT uint16_t EVP_HPKE_KEM_id(const EVP_HPKE_KEM *kem);
|
|
53
53
|
|
|
54
|
+
// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of an encoded public key
|
|
55
|
+
// for all KEMs currently supported by this library.
|
|
56
|
+
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
|
|
57
|
+
|
|
58
|
+
// EVP_HPKE_KEM_public_key_len returns the length of a public key for |kem|.
|
|
59
|
+
// This value will be at most |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH|.
|
|
60
|
+
OPENSSL_EXPORT size_t EVP_HPKE_KEM_public_key_len(const EVP_HPKE_KEM *kem);
|
|
61
|
+
|
|
62
|
+
// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of an encoded private
|
|
63
|
+
// key for all KEMs currently supported by this library.
|
|
64
|
+
#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
|
|
65
|
+
|
|
66
|
+
// EVP_HPKE_KEM_private_key_len returns the length of a private key for |kem|.
|
|
67
|
+
// This value will be at most |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH|.
|
|
68
|
+
OPENSSL_EXPORT size_t EVP_HPKE_KEM_private_key_len(const EVP_HPKE_KEM *kem);
|
|
69
|
+
|
|
70
|
+
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
|
|
71
|
+
// shared secret, for all KEMs currently supported by this library.
|
|
72
|
+
#define EVP_HPKE_MAX_ENC_LENGTH 32
|
|
73
|
+
|
|
74
|
+
// EVP_HPKE_KEM_enc_len returns the length of the "enc", the encapsulated shared
|
|
75
|
+
// secret, for |kem|. This value will be at most |EVP_HPKE_MAX_ENC_LENGTH|.
|
|
76
|
+
OPENSSL_EXPORT size_t EVP_HPKE_KEM_enc_len(const EVP_HPKE_KEM *kem);
|
|
77
|
+
|
|
54
78
|
// The following constants are KDF identifiers.
|
|
55
79
|
#define EVP_HPKE_HKDF_SHA256 0x0001
|
|
56
80
|
|
|
@@ -60,6 +84,11 @@ OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_hpke_hkdf_sha256(void);
|
|
|
60
84
|
// EVP_HPKE_KDF_id returns the HPKE KDF identifier for |kdf|.
|
|
61
85
|
OPENSSL_EXPORT uint16_t EVP_HPKE_KDF_id(const EVP_HPKE_KDF *kdf);
|
|
62
86
|
|
|
87
|
+
// EVP_HPKE_KDF_hkdf_md returns the HKDF hash function corresponding to |kdf|,
|
|
88
|
+
// or NULL if |kdf| is not an HKDF-based KDF. All currently supported KDFs are
|
|
89
|
+
// HKDF-based.
|
|
90
|
+
OPENSSL_EXPORT const EVP_MD *EVP_HPKE_KDF_hkdf_md(const EVP_HPKE_KDF *kdf);
|
|
91
|
+
|
|
63
92
|
// The following constants are AEAD identifiers.
|
|
64
93
|
#define EVP_HPKE_AES_128_GCM 0x0001
|
|
65
94
|
#define EVP_HPKE_AES_256_GCM 0x0002
|
|
@@ -127,28 +156,22 @@ OPENSSL_EXPORT int EVP_HPKE_KEY_generate(EVP_HPKE_KEY *key,
|
|
|
127
156
|
// EVP_HPKE_KEY_kem returns the HPKE KEM used by |key|.
|
|
128
157
|
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_KEY_kem(const EVP_HPKE_KEY *key);
|
|
129
158
|
|
|
130
|
-
// EVP_HPKE_MAX_PUBLIC_KEY_LENGTH is the maximum length of a public key for all
|
|
131
|
-
// KEMs supported by this library.
|
|
132
|
-
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH 32
|
|
133
|
-
|
|
134
159
|
// EVP_HPKE_KEY_public_key writes |key|'s public key to |out| and sets
|
|
135
160
|
// |*out_len| to the number of bytes written. On success, it returns one and
|
|
136
161
|
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
|
|
137
162
|
// Setting |max_out| to |EVP_HPKE_MAX_PUBLIC_KEY_LENGTH| will ensure the public
|
|
138
|
-
// key fits.
|
|
163
|
+
// key fits. An exact size can also be determined by
|
|
164
|
+
// |EVP_HPKE_KEM_public_key_len|.
|
|
139
165
|
OPENSSL_EXPORT int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key,
|
|
140
166
|
uint8_t *out, size_t *out_len,
|
|
141
167
|
size_t max_out);
|
|
142
168
|
|
|
143
|
-
// EVP_HPKE_MAX_PRIVATE_KEY_LENGTH is the maximum length of a private key for
|
|
144
|
-
// all KEMs supported by this library.
|
|
145
|
-
#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH 32
|
|
146
|
-
|
|
147
169
|
// EVP_HPKE_KEY_private_key writes |key|'s private key to |out| and sets
|
|
148
170
|
// |*out_len| to the number of bytes written. On success, it returns one and
|
|
149
171
|
// writes at most |max_out| bytes. If |max_out| is too small, it returns zero.
|
|
150
172
|
// Setting |max_out| to |EVP_HPKE_MAX_PRIVATE_KEY_LENGTH| will ensure the
|
|
151
|
-
// private key fits.
|
|
173
|
+
// private key fits. An exact size can also be determined by
|
|
174
|
+
// |EVP_HPKE_KEM_private_key_len|.
|
|
152
175
|
OPENSSL_EXPORT int EVP_HPKE_KEY_private_key(const EVP_HPKE_KEY *key,
|
|
153
176
|
uint8_t *out, size_t *out_len,
|
|
154
177
|
size_t max_out);
|
|
@@ -182,16 +205,13 @@ OPENSSL_EXPORT EVP_HPKE_CTX *EVP_HPKE_CTX_new(void);
|
|
|
182
205
|
// created with |EVP_HPKE_CTX_new|.
|
|
183
206
|
OPENSSL_EXPORT void EVP_HPKE_CTX_free(EVP_HPKE_CTX *ctx);
|
|
184
207
|
|
|
185
|
-
// EVP_HPKE_MAX_ENC_LENGTH is the maximum length of "enc", the encapsulated
|
|
186
|
-
// shared secret, for all supported KEMs in this library.
|
|
187
|
-
#define EVP_HPKE_MAX_ENC_LENGTH 32
|
|
188
|
-
|
|
189
208
|
// EVP_HPKE_CTX_setup_sender implements the SetupBaseS HPKE operation. It
|
|
190
209
|
// encapsulates a shared secret for |peer_public_key| and sets up |ctx| as a
|
|
191
210
|
// sender context. It writes the encapsulated shared secret to |out_enc| and
|
|
192
211
|
// sets |*out_enc_len| to the number of bytes written. It writes at most
|
|
193
212
|
// |max_enc| bytes and fails if the buffer is too small. Setting |max_enc| to at
|
|
194
|
-
// least |EVP_HPKE_MAX_ENC_LENGTH| will ensure the buffer is large enough.
|
|
213
|
+
// least |EVP_HPKE_MAX_ENC_LENGTH| will ensure the buffer is large enough. An
|
|
214
|
+
// exact size may also be determined by |EVP_PKEY_KEM_enc_len|.
|
|
195
215
|
//
|
|
196
216
|
// This function returns one on success and zero on error. Note that
|
|
197
217
|
// |peer_public_key| may be invalid, in which case this function will return an
|
|
@@ -292,6 +312,10 @@ OPENSSL_EXPORT int EVP_HPKE_CTX_export(const EVP_HPKE_CTX *ctx, uint8_t *out,
|
|
|
292
312
|
// up as a sender.
|
|
293
313
|
OPENSSL_EXPORT size_t EVP_HPKE_CTX_max_overhead(const EVP_HPKE_CTX *ctx);
|
|
294
314
|
|
|
315
|
+
// EVP_HPKE_CTX_kem returns |ctx|'s configured KEM, or NULL if the context has
|
|
316
|
+
// not been set up.
|
|
317
|
+
OPENSSL_EXPORT const EVP_HPKE_KEM *EVP_HPKE_CTX_kem(const EVP_HPKE_CTX *ctx);
|
|
318
|
+
|
|
295
319
|
// EVP_HPKE_CTX_aead returns |ctx|'s configured AEAD, or NULL if the context has
|
|
296
320
|
// not been set up.
|
|
297
321
|
OPENSSL_EXPORT const EVP_HPKE_AEAD *EVP_HPKE_CTX_aead(const EVP_HPKE_CTX *ctx);
|
|
@@ -307,6 +331,7 @@ OPENSSL_EXPORT const EVP_HPKE_KDF *EVP_HPKE_CTX_kdf(const EVP_HPKE_CTX *ctx);
|
|
|
307
331
|
// but accessing or modifying their fields is forbidden.
|
|
308
332
|
|
|
309
333
|
struct evp_hpke_ctx_st {
|
|
334
|
+
const EVP_HPKE_KEM *kem;
|
|
310
335
|
const EVP_HPKE_AEAD *aead;
|
|
311
336
|
const EVP_HPKE_KDF *kdf;
|
|
312
337
|
EVP_AEAD_CTX aead_ctx;
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
/* Copyright (c) 2022, Google Inc.
|
|
2
|
+
*
|
|
3
|
+
* Permission to use, copy, modify, and/or distribute this software for any
|
|
4
|
+
* purpose with or without fee is hereby granted, provided that the above
|
|
5
|
+
* copyright notice and this permission notice appear in all copies.
|
|
6
|
+
*
|
|
7
|
+
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
8
|
+
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
9
|
+
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
10
|
+
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
11
|
+
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
12
|
+
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
13
|
+
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
14
|
+
|
|
15
|
+
#ifndef OPENSSL_HEADER_KDF_H
|
|
16
|
+
#define OPENSSL_HEADER_KDF_H
|
|
17
|
+
|
|
18
|
+
#include <openssl/base.h>
|
|
19
|
+
|
|
20
|
+
#if defined(__cplusplus)
|
|
21
|
+
extern "C" {
|
|
22
|
+
#endif
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
// KDF support for EVP.
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
// HKDF-specific functions.
|
|
29
|
+
//
|
|
30
|
+
// The following functions are provided for OpenSSL compatibility. Prefer the
|
|
31
|
+
// HKDF functions in <openssl/hkdf.h>. In each, |ctx| must be created with
|
|
32
|
+
// |EVP_PKEY_CTX_new_id| with |EVP_PKEY_HKDF| and then initialized with
|
|
33
|
+
// |EVP_PKEY_derive_init|.
|
|
34
|
+
|
|
35
|
+
// EVP_PKEY_HKDEF_MODE_* define "modes" for use with |EVP_PKEY_CTX_hkdf_mode|.
|
|
36
|
+
// The mispelling of "HKDF" as "HKDEF" is intentional for OpenSSL compatibility.
|
|
37
|
+
#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
|
|
38
|
+
#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
|
|
39
|
+
#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
|
|
40
|
+
|
|
41
|
+
// EVP_PKEY_CTX_hkdf_mode configures which HKDF operation to run. It returns one
|
|
42
|
+
// on success and zero on error. |mode| must be one of |EVP_PKEY_HKDEF_MODE_*|.
|
|
43
|
+
// By default, the mode is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND|.
|
|
44
|
+
//
|
|
45
|
+
// If |mode| is |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
|
|
46
|
+
// |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, the output is variable-length.
|
|
47
|
+
// |EVP_PKEY_derive| uses the size of the output buffer as the output length for
|
|
48
|
+
// HKDF-Expand.
|
|
49
|
+
//
|
|
50
|
+
// WARNING: Although this API calls it a "mode", HKDF-Extract and HKDF-Expand
|
|
51
|
+
// are distinct operations with distinct inputs and distinct kinds of keys.
|
|
52
|
+
// Callers should not pass input secrets for one operation into the other.
|
|
53
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode);
|
|
54
|
+
|
|
55
|
+
// EVP_PKEY_CTX_set_hkdf_md sets |md| as the digest to use with HKDF. It returns
|
|
56
|
+
// one on success and zero on error.
|
|
57
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set_hkdf_md(EVP_PKEY_CTX *ctx,
|
|
58
|
+
const EVP_MD *md);
|
|
59
|
+
|
|
60
|
+
// EVP_PKEY_CTX_set1_hkdf_key configures HKDF to use |key_len| bytes from |key|
|
|
61
|
+
// as the "key", described below. It returns one on success and zero on error.
|
|
62
|
+
//
|
|
63
|
+
// Which input is the key depends on the "mode" (see |EVP_PKEY_CTX_hkdf_mode|).
|
|
64
|
+
// If |EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND| or
|
|
65
|
+
// |EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY|, this function specifies the input keying
|
|
66
|
+
// material (IKM) for HKDF-Extract. If |EVP_PKEY_HKDEF_MODE_EXPAND_ONLY|, it
|
|
67
|
+
// instead specifies the pseudorandom key (PRK) for HKDF-Expand.
|
|
68
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_key(EVP_PKEY_CTX *ctx,
|
|
69
|
+
const uint8_t *key,
|
|
70
|
+
size_t key_len);
|
|
71
|
+
|
|
72
|
+
// EVP_PKEY_CTX_set1_hkdf_salt configures HKDF to use |salt_len| bytes from
|
|
73
|
+
// |salt| as the salt parameter to HKDF-Extract. It returns one on success and
|
|
74
|
+
// zero on error. If performing HKDF-Expand only, this parameter is ignored.
|
|
75
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_set1_hkdf_salt(EVP_PKEY_CTX *ctx,
|
|
76
|
+
const uint8_t *salt,
|
|
77
|
+
size_t salt_len);
|
|
78
|
+
|
|
79
|
+
// EVP_PKEY_CTX_add1_hkdf_info appends |info_len| bytes from |info| to the info
|
|
80
|
+
// parameter used with HKDF-Expand. It returns one on success and zero on error.
|
|
81
|
+
// If performing HKDF-Extract only, this parameter is ignored.
|
|
82
|
+
OPENSSL_EXPORT int EVP_PKEY_CTX_add1_hkdf_info(EVP_PKEY_CTX *ctx,
|
|
83
|
+
const uint8_t *info,
|
|
84
|
+
size_t info_len);
|
|
85
|
+
|
|
86
|
+
|
|
87
|
+
#if defined(__cplusplus)
|
|
88
|
+
} // extern C
|
|
89
|
+
#endif
|
|
90
|
+
|
|
91
|
+
#endif // OPENSSL_HEADER_KDF_H
|
|
@@ -75,17 +75,26 @@ extern "C" {
|
|
|
75
75
|
// unless stated otherwise.
|
|
76
76
|
|
|
77
77
|
|
|
78
|
-
|
|
78
|
+
#ifndef _BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
|
79
|
+
// OPENSSL_malloc is similar to a regular |malloc|, but allocates additional
|
|
80
|
+
// private data. The resulting pointer must be freed with |OPENSSL_free|. In
|
|
81
|
+
// the case of a malloc failure, prior to returning NULL |OPENSSL_malloc| will
|
|
82
|
+
// push |ERR_R_MALLOC_FAILURE| onto the openssl error stack.
|
|
79
83
|
OPENSSL_EXPORT void *OPENSSL_malloc(size_t size);
|
|
84
|
+
#endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
|
80
85
|
|
|
81
86
|
// OPENSSL_free does nothing if |ptr| is NULL. Otherwise it zeros out the
|
|
82
|
-
// memory allocated at |ptr| and frees it.
|
|
87
|
+
// memory allocated at |ptr| and frees it along with the private data.
|
|
88
|
+
// It must only be used on on |ptr| values obtained from |OPENSSL_malloc|
|
|
83
89
|
OPENSSL_EXPORT void OPENSSL_free(void *ptr);
|
|
84
90
|
|
|
91
|
+
#ifndef _BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
|
85
92
|
// OPENSSL_realloc returns a pointer to a buffer of |new_size| bytes that
|
|
86
93
|
// contains the contents of |ptr|. Unlike |realloc|, a new buffer is always
|
|
87
|
-
// allocated and the data at |ptr| is always wiped and freed.
|
|
94
|
+
// allocated and the data at |ptr| is always wiped and freed. Memory is
|
|
95
|
+
// allocated with |OPENSSL_malloc| and must be freed with |OPENSSL_free|.
|
|
88
96
|
OPENSSL_EXPORT void *OPENSSL_realloc(void *ptr, size_t new_size);
|
|
97
|
+
#endif // !_BORINGSSL_PROHIBIT_OPENSSL_MALLOC
|
|
89
98
|
|
|
90
99
|
// OPENSSL_cleanse zeros out |len| bytes of memory at |ptr|. This is similar to
|
|
91
100
|
// |memset_s| from C11.
|
|
@@ -110,13 +119,42 @@ OPENSSL_EXPORT char *OPENSSL_strdup(const char *s);
|
|
|
110
119
|
// OPENSSL_strnlen has the same behaviour as strnlen(3).
|
|
111
120
|
OPENSSL_EXPORT size_t OPENSSL_strnlen(const char *s, size_t len);
|
|
112
121
|
|
|
113
|
-
//
|
|
122
|
+
// OPENSSL_isalpha is a locale-independent, ASCII-only version of isalpha(3), It
|
|
123
|
+
// only recognizes 'a' through 'z' and 'A' through 'Z' as alphabetic.
|
|
124
|
+
OPENSSL_EXPORT int OPENSSL_isalpha(int c);
|
|
125
|
+
|
|
126
|
+
// OPENSSL_isdigit is a locale-independent, ASCII-only version of isdigit(3), It
|
|
127
|
+
// only recognizes '0' through '9' as digits.
|
|
128
|
+
OPENSSL_EXPORT int OPENSSL_isdigit(int c);
|
|
129
|
+
|
|
130
|
+
// OPENSSL_isxdigit is a locale-independent, ASCII-only version of isxdigit(3),
|
|
131
|
+
// It only recognizes '0' through '9', 'a' through 'f', and 'A through 'F' as
|
|
132
|
+
// digits.
|
|
133
|
+
OPENSSL_EXPORT int OPENSSL_isxdigit(int c);
|
|
134
|
+
|
|
135
|
+
// OPENSSL_fromxdigit returns one if |c| is a hexadecimal digit as recognized
|
|
136
|
+
// by OPENSSL_isxdigit, and sets |out| to the corresponding value. Otherwise
|
|
137
|
+
// zero is returned.
|
|
138
|
+
OPENSSL_EXPORT int OPENSSL_fromxdigit(uint8_t *out, int c);
|
|
139
|
+
|
|
140
|
+
// OPENSSL_isalnum is a locale-independent, ASCII-only version of isalnum(3), It
|
|
141
|
+
// only recognizes what |OPENSSL_isalpha| and |OPENSSL_isdigit| recognize.
|
|
142
|
+
OPENSSL_EXPORT int OPENSSL_isalnum(int c);
|
|
143
|
+
|
|
144
|
+
// OPENSSL_tolower is a locale-independent, ASCII-only version of tolower(3). It
|
|
145
|
+
// only lowercases ASCII values. Other values are returned as-is.
|
|
114
146
|
OPENSSL_EXPORT int OPENSSL_tolower(int c);
|
|
115
147
|
|
|
116
|
-
//
|
|
148
|
+
// OPENSSL_isspace is a locale-independent, ASCII-only version of isspace(3). It
|
|
149
|
+
// only recognizes '\t', '\n', '\v', '\f', '\r', and ' '.
|
|
150
|
+
OPENSSL_EXPORT int OPENSSL_isspace(int c);
|
|
151
|
+
|
|
152
|
+
// OPENSSL_strcasecmp is a locale-independent, ASCII-only version of
|
|
153
|
+
// strcasecmp(3).
|
|
117
154
|
OPENSSL_EXPORT int OPENSSL_strcasecmp(const char *a, const char *b);
|
|
118
155
|
|
|
119
|
-
// OPENSSL_strncasecmp is a locale-independent version of
|
|
156
|
+
// OPENSSL_strncasecmp is a locale-independent, ASCII-only version of
|
|
157
|
+
// strncasecmp(3).
|
|
120
158
|
OPENSSL_EXPORT int OPENSSL_strncasecmp(const char *a, const char *b, size_t n);
|
|
121
159
|
|
|
122
160
|
// DECIMAL_SIZE returns an upper bound for the length of the decimal
|
|
@@ -131,12 +169,25 @@ OPENSSL_EXPORT int BIO_snprintf(char *buf, size_t n, const char *format, ...)
|
|
|
131
169
|
OPENSSL_EXPORT int BIO_vsnprintf(char *buf, size_t n, const char *format,
|
|
132
170
|
va_list args) OPENSSL_PRINTF_FORMAT_FUNC(3, 0);
|
|
133
171
|
|
|
172
|
+
// OPENSSL_vasprintf has the same behavior as vasprintf(3), except that
|
|
173
|
+
// memory allocated in a returned string must be freed with |OPENSSL_free|.
|
|
174
|
+
OPENSSL_EXPORT int OPENSSL_vasprintf(char **str, const char *format,
|
|
175
|
+
va_list args)
|
|
176
|
+
OPENSSL_PRINTF_FORMAT_FUNC(2, 0);
|
|
177
|
+
|
|
178
|
+
// OPENSSL_asprintf has the same behavior as asprintf(3), except that
|
|
179
|
+
// memory allocated in a returned string must be freed with |OPENSSL_free|.
|
|
180
|
+
OPENSSL_EXPORT int OPENSSL_asprintf(char **str, const char *format, ...)
|
|
181
|
+
OPENSSL_PRINTF_FORMAT_FUNC(2, 3);
|
|
182
|
+
|
|
134
183
|
// OPENSSL_strndup returns an allocated, duplicate of |str|, which is, at most,
|
|
135
|
-
// |size| bytes. The result is always NUL terminated.
|
|
184
|
+
// |size| bytes. The result is always NUL terminated. The memory allocated
|
|
185
|
+
// must be freed with |OPENSSL_free|.
|
|
136
186
|
OPENSSL_EXPORT char *OPENSSL_strndup(const char *str, size_t size);
|
|
137
187
|
|
|
138
188
|
// OPENSSL_memdup returns an allocated, duplicate of |size| bytes from |data| or
|
|
139
|
-
// NULL on allocation failure.
|
|
189
|
+
// NULL on allocation failure. The memory allocated must be freed with
|
|
190
|
+
// |OPENSSL_free|.
|
|
140
191
|
OPENSSL_EXPORT void *OPENSSL_memdup(const void *data, size_t size);
|
|
141
192
|
|
|
142
193
|
// OPENSSL_strlcpy acts like strlcpy(3).
|
|
@@ -164,6 +215,21 @@ OPENSSL_EXPORT void CRYPTO_free(void *ptr, const char *file, int line);
|
|
|
164
215
|
// allocations on free, but we define |OPENSSL_clear_free| for compatibility.
|
|
165
216
|
OPENSSL_EXPORT void OPENSSL_clear_free(void *ptr, size_t len);
|
|
166
217
|
|
|
218
|
+
// CRYPTO_secure_malloc_init returns zero.
|
|
219
|
+
OPENSSL_EXPORT int CRYPTO_secure_malloc_init(size_t size, size_t min_size);
|
|
220
|
+
|
|
221
|
+
// CRYPTO_secure_malloc_initialized returns zero.
|
|
222
|
+
OPENSSL_EXPORT int CRYPTO_secure_malloc_initialized(void);
|
|
223
|
+
|
|
224
|
+
// CRYPTO_secure_used returns zero.
|
|
225
|
+
OPENSSL_EXPORT size_t CRYPTO_secure_used(void);
|
|
226
|
+
|
|
227
|
+
// OPENSSL_secure_malloc calls |OPENSSL_malloc|.
|
|
228
|
+
OPENSSL_EXPORT void *OPENSSL_secure_malloc(size_t size);
|
|
229
|
+
|
|
230
|
+
// OPENSSL_secure_clear_free calls |OPENSSL_clear_free|.
|
|
231
|
+
OPENSSL_EXPORT void OPENSSL_secure_clear_free(void *ptr, size_t len);
|
|
232
|
+
|
|
167
233
|
|
|
168
234
|
#if defined(__cplusplus)
|
|
169
235
|
} // extern C
|
|
@@ -4251,6 +4251,19 @@ extern "C" {
|
|
|
4251
4251
|
#define NID_sha512_256 962
|
|
4252
4252
|
#define OBJ_sha512_256 2L, 16L, 840L, 1L, 101L, 3L, 4L, 2L, 6L
|
|
4253
4253
|
|
|
4254
|
+
#define SN_hkdf "HKDF"
|
|
4255
|
+
#define LN_hkdf "hkdf"
|
|
4256
|
+
#define NID_hkdf 963
|
|
4257
|
+
|
|
4258
|
+
#define SN_X25519Kyber768 "X25519Kyber768"
|
|
4259
|
+
#define NID_X25519Kyber768 964
|
|
4260
|
+
|
|
4261
|
+
#define SN_P256Kyber768 "P256Kyber768"
|
|
4262
|
+
#define NID_P256Kyber768 965
|
|
4263
|
+
|
|
4264
|
+
#define SN_P384Kyber768 "P384Kyber768"
|
|
4265
|
+
#define NID_P384Kyber768 966
|
|
4266
|
+
|
|
4254
4267
|
|
|
4255
4268
|
#if defined(__cplusplus)
|
|
4256
4269
|
} /* extern C */
|
|
@@ -349,10 +349,6 @@ OPENSSL_EXPORT int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name,
|
|
|
349
349
|
|
|
350
350
|
OPENSSL_EXPORT STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(
|
|
351
351
|
BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
|
|
352
|
-
OPENSSL_EXPORT int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi,
|
|
353
|
-
EVP_CIPHER *enc, unsigned char *kstr,
|
|
354
|
-
int klen, pem_password_cb *cd,
|
|
355
|
-
void *u);
|
|
356
352
|
|
|
357
353
|
OPENSSL_EXPORT int PEM_read(FILE *fp, char **name, char **header,
|
|
358
354
|
unsigned char **data, long *len);
|
|
@@ -421,40 +417,40 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
|
|
|
421
417
|
|
|
422
418
|
DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
|
|
423
419
|
|
|
424
|
-
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x,
|
|
420
|
+
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, const EVP_PKEY *x,
|
|
425
421
|
int nid, char *kstr,
|
|
426
422
|
int klen,
|
|
427
423
|
pem_password_cb *cb,
|
|
428
424
|
void *u);
|
|
429
|
-
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *,
|
|
425
|
+
OPENSSL_EXPORT int PEM_write_bio_PKCS8PrivateKey(BIO *, const EVP_PKEY *,
|
|
430
426
|
const EVP_CIPHER *, char *,
|
|
431
427
|
int, pem_password_cb *,
|
|
432
428
|
void *);
|
|
433
|
-
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x,
|
|
429
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_bio(BIO *bp, const EVP_PKEY *x,
|
|
434
430
|
const EVP_CIPHER *enc, char *kstr,
|
|
435
431
|
int klen, pem_password_cb *cb,
|
|
436
432
|
void *u);
|
|
437
|
-
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x,
|
|
438
|
-
char *kstr, int klen,
|
|
433
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, const EVP_PKEY *x,
|
|
434
|
+
int nid, char *kstr, int klen,
|
|
439
435
|
pem_password_cb *cb, void *u);
|
|
440
436
|
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x,
|
|
441
437
|
pem_password_cb *cb, void *u);
|
|
442
438
|
|
|
443
|
-
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x,
|
|
439
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_fp(FILE *fp, const EVP_PKEY *x,
|
|
444
440
|
const EVP_CIPHER *enc, char *kstr,
|
|
445
441
|
int klen, pem_password_cb *cb,
|
|
446
442
|
void *u);
|
|
447
|
-
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x,
|
|
448
|
-
char *kstr, int klen,
|
|
443
|
+
OPENSSL_EXPORT int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, const EVP_PKEY *x,
|
|
444
|
+
int nid, char *kstr, int klen,
|
|
449
445
|
pem_password_cb *cb, void *u);
|
|
450
|
-
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x,
|
|
451
|
-
char *kstr, int klen,
|
|
446
|
+
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey_nid(FILE *fp, const EVP_PKEY *x,
|
|
447
|
+
int nid, char *kstr, int klen,
|
|
452
448
|
pem_password_cb *cb, void *u);
|
|
453
449
|
|
|
454
450
|
OPENSSL_EXPORT EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x,
|
|
455
451
|
pem_password_cb *cb, void *u);
|
|
456
452
|
|
|
457
|
-
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x,
|
|
453
|
+
OPENSSL_EXPORT int PEM_write_PKCS8PrivateKey(FILE *fp, const EVP_PKEY *x,
|
|
458
454
|
const EVP_CIPHER *enc, char *kstr,
|
|
459
455
|
int klen, pem_password_cb *cd,
|
|
460
456
|
void *u);
|
|
@@ -122,6 +122,8 @@ OPENSSL_EXPORT EVP_PKEY *PKCS8_parse_encrypted_private_key(CBS *cbs,
|
|
|
122
122
|
// and decrypts it using |password|, sets |*out_key| to the included private
|
|
123
123
|
// key and appends the included certificates to |out_certs|. It returns one on
|
|
124
124
|
// success and zero on error. The caller takes ownership of the outputs.
|
|
125
|
+
// Any friendlyName attributes (RFC 2985) in the PKCS#12 structure will be
|
|
126
|
+
// returned on the |X509| objects as aliases. See also |X509_alias_get0|.
|
|
125
127
|
OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
|
|
126
128
|
STACK_OF(X509) *out_certs,
|
|
127
129
|
CBS *in, const char *password);
|
|
@@ -219,6 +221,11 @@ OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password,
|
|
|
219
221
|
// implemented for compatibility with external packages. Note the output still
|
|
220
222
|
// requires a password for the MAC. Unencrypted keys in PKCS#12 are also not
|
|
221
223
|
// widely supported and may not open in other implementations.
|
|
224
|
+
//
|
|
225
|
+
// If |cert| or |chain| have associated aliases (see |X509_alias_set1|), they
|
|
226
|
+
// will be included in the output as friendlyName attributes (RFC 2985). It is
|
|
227
|
+
// an error to specify both an alias on |cert| and a non-NULL |name|
|
|
228
|
+
// parameter.
|
|
222
229
|
OPENSSL_EXPORT PKCS12 *PKCS12_create(const char *password, const char *name,
|
|
223
230
|
const EVP_PKEY *pkey, X509 *cert,
|
|
224
231
|
const STACK_OF(X509) *chain, int key_nid,
|
|
@@ -278,5 +285,6 @@ BSSL_NAMESPACE_END
|
|
|
278
285
|
#define PKCS8_R_UNSUPPORTED_PRF 130
|
|
279
286
|
#define PKCS8_R_INVALID_CHARACTERS 131
|
|
280
287
|
#define PKCS8_R_UNSUPPORTED_OPTIONS 132
|
|
288
|
+
#define PKCS8_R_AMBIGUOUS_FRIENDLY_NAME 133
|
|
281
289
|
|
|
282
290
|
#endif // OPENSSL_HEADER_PKCS8_H
|