grpc 1.53.0.pre2 → 1.54.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +80 -66
- data/include/grpc/event_engine/event_engine.h +30 -14
- data/include/grpc/grpc_security.h +4 -0
- data/include/grpc/impl/grpc_types.h +11 -2
- data/include/grpc/support/port_platform.h +4 -4
- data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
- data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
- data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
- data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
- data/src/core/ext/filters/client_channel/client_channel.h +131 -173
- data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
- data/src/core/ext/filters/client_channel/config_selector.h +4 -3
- data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +1 -15
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
- data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +13 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
- data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
- data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
- data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
- data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
- data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
- data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
- data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
- data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
- data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
- data/src/core/ext/gcp/metadata_query.cc +142 -0
- data/src/core/ext/gcp/metadata_query.h +82 -0
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
- data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +42 -23
- data/src/core/ext/transport/chttp2/transport/hpack_parser.h +5 -3
- data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
- data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
- data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
- data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
- data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
- data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
- data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
- data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
- data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
- data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
- data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
- data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
- data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
- data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
- data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
- data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
- data/src/core/ext/xds/xds_client_stats.cc +29 -15
- data/src/core/ext/xds/xds_client_stats.h +24 -20
- data/src/core/ext/xds/xds_endpoint.cc +5 -2
- data/src/core/ext/xds/xds_endpoint.h +9 -1
- data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
- data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
- data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
- data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
- data/src/core/lib/backoff/random_early_detection.h +59 -0
- data/src/core/lib/channel/call_finalization.h +1 -1
- data/src/core/lib/channel/call_tracer.cc +51 -0
- data/src/core/lib/channel/call_tracer.h +101 -38
- data/src/core/lib/channel/connected_channel.cc +483 -1050
- data/src/core/lib/channel/context.h +8 -1
- data/src/core/lib/channel/promise_based_filter.cc +106 -42
- data/src/core/lib/channel/promise_based_filter.h +27 -13
- data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
- data/src/core/lib/config/config_vars.cc +151 -0
- data/src/core/lib/config/config_vars.h +127 -0
- data/src/core/lib/config/config_vars_non_generated.cc +51 -0
- data/src/core/lib/config/load_config.cc +66 -0
- data/src/core/lib/config/load_config.h +49 -0
- data/src/core/lib/debug/trace.cc +5 -6
- data/src/core/lib/debug/trace.h +0 -5
- data/src/core/lib/event_engine/event_engine.cc +37 -2
- data/src/core/lib/event_engine/handle_containers.h +7 -22
- data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
- data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
- data/src/core/lib/event_engine/resolved_address.cc +2 -1
- data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
- data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
- data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
- data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
- data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
- data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
- data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
- data/src/core/lib/experiments/config.cc +3 -10
- data/src/core/lib/experiments/experiments.cc +7 -0
- data/src/core/lib/experiments/experiments.h +9 -1
- data/src/core/lib/gpr/log.cc +15 -28
- data/src/core/lib/gprpp/fork.cc +8 -14
- data/src/core/lib/gprpp/orphanable.h +4 -3
- data/src/core/lib/gprpp/per_cpu.h +9 -3
- data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
- data/src/core/lib/gprpp/ref_counted.h +33 -34
- data/src/core/lib/gprpp/thd.h +16 -0
- data/src/core/lib/gprpp/time.cc +1 -0
- data/src/core/lib/gprpp/time.h +4 -4
- data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
- data/src/core/lib/iomgr/call_combiner.h +2 -2
- data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
- data/src/core/lib/iomgr/endpoint_pair.h +2 -2
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
- data/src/core/lib/iomgr/ev_posix.cc +13 -53
- data/src/core/lib/iomgr/ev_posix.h +0 -3
- data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
- data/src/core/lib/iomgr/iomgr.cc +4 -8
- data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
- data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
- data/src/core/lib/iomgr/pollset_windows.cc +1 -1
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
- data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_posix.cc +0 -1
- data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
- data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
- data/src/core/lib/iomgr/tcp_windows.cc +12 -8
- data/src/core/lib/load_balancing/lb_policy.cc +9 -13
- data/src/core/lib/load_balancing/lb_policy.h +4 -2
- data/src/core/lib/promise/activity.cc +22 -6
- data/src/core/lib/promise/activity.h +61 -24
- data/src/core/lib/promise/cancel_callback.h +77 -0
- data/src/core/lib/promise/detail/basic_seq.h +1 -1
- data/src/core/lib/promise/detail/promise_factory.h +4 -0
- data/src/core/lib/promise/for_each.h +176 -0
- data/src/core/lib/promise/if.h +9 -0
- data/src/core/lib/promise/interceptor_list.h +23 -2
- data/src/core/lib/promise/latch.h +89 -3
- data/src/core/lib/promise/loop.h +13 -9
- data/src/core/lib/promise/map.h +7 -0
- data/src/core/lib/promise/party.cc +286 -0
- data/src/core/lib/promise/party.h +499 -0
- data/src/core/lib/promise/pipe.h +197 -57
- data/src/core/lib/promise/poll.h +48 -0
- data/src/core/lib/promise/promise.h +2 -2
- data/src/core/lib/resource_quota/arena.cc +19 -3
- data/src/core/lib/resource_quota/arena.h +119 -5
- data/src/core/lib/resource_quota/memory_quota.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
- data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
- data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
- data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
- data/src/core/lib/slice/slice.cc +1 -1
- data/src/core/lib/surface/builtins.cc +2 -0
- data/src/core/lib/surface/call.cc +926 -1024
- data/src/core/lib/surface/call.h +10 -0
- data/src/core/lib/surface/lame_client.cc +1 -0
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/batch_builder.cc +179 -0
- data/src/core/lib/transport/batch_builder.h +468 -0
- data/src/core/lib/transport/bdp_estimator.cc +7 -7
- data/src/core/lib/transport/bdp_estimator.h +10 -6
- data/src/core/lib/transport/custom_metadata.h +30 -0
- data/src/core/lib/transport/metadata_batch.cc +9 -6
- data/src/core/lib/transport/metadata_batch.h +58 -16
- data/src/core/lib/transport/parsed_metadata.h +3 -3
- data/src/core/lib/transport/timeout_encoding.cc +6 -1
- data/src/core/lib/transport/transport.cc +30 -2
- data/src/core/lib/transport/transport.h +70 -14
- data/src/core/lib/transport/transport_impl.h +7 -0
- data/src/core/lib/transport/transport_op_string.cc +52 -42
- data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
- data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
- data/src/core/tsi/ssl_transport_security.cc +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/third_party/abseil-cpp/absl/base/config.h +1 -1
- data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
- data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
- data/third_party/abseil-cpp/absl/flags/config.h +68 -0
- data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
- data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
- data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
- data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
- data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
- data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
- data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
- data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
- data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
- data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
- data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
- data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
- data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
- data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
- data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
- data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
- data/third_party/boringssl-with-bazel/err_data.c +728 -712
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
- data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
- data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
- data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
- data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
- data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
- data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
- data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
- data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
- data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
- data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
- data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
- data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
- data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
- data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
- data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
- data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
- data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
- data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
- data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
- data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
- data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
- data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
- data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
- data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
- data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
- data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
- data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
- data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
- data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
- data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
- data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
- data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
- data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
- data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
- data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
- data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
- data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
- data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
- data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
- data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
- data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
- data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
- data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
- data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
- data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
- data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
- data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
- data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
- data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
- data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
- data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
- data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
- data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
- data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
- data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
- data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
- data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
- data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
- data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
- data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
- data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
- data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
- data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
- data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
- data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
- data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
- data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
- data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
- data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
- data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
- data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
- data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
- data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
- data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
- data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
- data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
- data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
- data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
- data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
- data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
- data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
- data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
- data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
- data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
- data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
- data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
- data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
- data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
- data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
- data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
- data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
- data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
- data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
- data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
- data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
- data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
- data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
- data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
- data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
- data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
- data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
- data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
- data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
- data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
- data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
- data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
- metadata +107 -72
- data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
- data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
- data/src/core/lib/gprpp/global_config.h +0 -93
- data/src/core/lib/gprpp/global_config_env.cc +0 -140
- data/src/core/lib/gprpp/global_config_env.h +0 -133
- data/src/core/lib/gprpp/global_config_generic.h +0 -40
- data/src/core/lib/promise/intra_activity_waiter.h +0 -55
- data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
- data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
- data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
- data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
- data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
- data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
- data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
- /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
- /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
- /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
- /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
- /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
- /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
- /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
- /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
- /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
- /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
- /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
- /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
- /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
|
@@ -78,605 +78,601 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *out_omit,
|
|
|
78
78
|
static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
|
|
79
79
|
int skcontlen, const ASN1_ITEM *item, int do_sort);
|
|
80
80
|
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
|
|
81
|
-
const ASN1_TEMPLATE *tt, int tag, int aclass
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
if (!buf) {
|
|
97
|
-
OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
|
|
98
|
-
return -1;
|
|
99
|
-
}
|
|
100
|
-
p = buf;
|
|
101
|
-
int len2 = ASN1_item_ex_i2d(&val, &p, it, /*tag=*/-1, /*aclass=*/0);
|
|
102
|
-
if (len2 <= 0) {
|
|
103
|
-
return len2;
|
|
104
|
-
}
|
|
105
|
-
assert(len == len2);
|
|
106
|
-
*out = buf;
|
|
107
|
-
return len;
|
|
81
|
+
const ASN1_TEMPLATE *tt, int tag, int aclass,
|
|
82
|
+
int optional);
|
|
83
|
+
|
|
84
|
+
// Top level i2d equivalents
|
|
85
|
+
|
|
86
|
+
int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) {
|
|
87
|
+
if (out && !*out) {
|
|
88
|
+
unsigned char *p, *buf;
|
|
89
|
+
int len = ASN1_item_ex_i2d(&val, NULL, it, /*tag=*/-1, /*aclass=*/0);
|
|
90
|
+
if (len <= 0) {
|
|
91
|
+
return len;
|
|
92
|
+
}
|
|
93
|
+
buf = OPENSSL_malloc(len);
|
|
94
|
+
if (!buf) {
|
|
95
|
+
return -1;
|
|
108
96
|
}
|
|
97
|
+
p = buf;
|
|
98
|
+
int len2 = ASN1_item_ex_i2d(&val, &p, it, /*tag=*/-1, /*aclass=*/0);
|
|
99
|
+
if (len2 <= 0) {
|
|
100
|
+
OPENSSL_free(buf);
|
|
101
|
+
return len2;
|
|
102
|
+
}
|
|
103
|
+
assert(len == len2);
|
|
104
|
+
*out = buf;
|
|
105
|
+
return len;
|
|
106
|
+
}
|
|
109
107
|
|
|
110
|
-
|
|
108
|
+
return ASN1_item_ex_i2d(&val, out, it, /*tag=*/-1, /*aclass=*/0);
|
|
111
109
|
}
|
|
112
110
|
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
* performs the normal item handling: it can be used in external types.
|
|
116
|
-
*/
|
|
111
|
+
// Encode an item, taking care of IMPLICIT tagging (if any). This function
|
|
112
|
+
// performs the normal item handling: it can be used in external types.
|
|
117
113
|
|
|
118
114
|
int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
|
|
119
|
-
const ASN1_ITEM *it, int tag, int aclass)
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
return ret;
|
|
115
|
+
const ASN1_ITEM *it, int tag, int aclass) {
|
|
116
|
+
int ret = asn1_item_ex_i2d_opt(pval, out, it, tag, aclass, /*optional=*/0);
|
|
117
|
+
assert(ret != 0);
|
|
118
|
+
return ret;
|
|
124
119
|
}
|
|
125
120
|
|
|
126
|
-
|
|
127
|
-
|
|
121
|
+
// asn1_item_ex_i2d_opt behaves like |ASN1_item_ex_i2d| but, if |optional| is
|
|
122
|
+
// non-zero and |*pval| is omitted, it returns zero and writes no bytes.
|
|
128
123
|
int asn1_item_ex_i2d_opt(ASN1_VALUE **pval, unsigned char **out,
|
|
129
124
|
const ASN1_ITEM *it, int tag, int aclass,
|
|
130
|
-
int optional)
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
if (
|
|
144
|
-
|
|
145
|
-
return 0;
|
|
146
|
-
}
|
|
147
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
148
|
-
return -1;
|
|
125
|
+
int optional) {
|
|
126
|
+
const ASN1_TEMPLATE *tt = NULL;
|
|
127
|
+
int i, seqcontlen, seqlen;
|
|
128
|
+
|
|
129
|
+
// Historically, |aclass| was repurposed to pass additional flags into the
|
|
130
|
+
// encoding process.
|
|
131
|
+
assert((aclass & ASN1_TFLG_TAG_CLASS) == aclass);
|
|
132
|
+
// If not overridding the tag, |aclass| is ignored and should be zero.
|
|
133
|
+
assert(tag != -1 || aclass == 0);
|
|
134
|
+
|
|
135
|
+
// All fields are pointers, except for boolean |ASN1_ITYPE_PRIMITIVE|s.
|
|
136
|
+
// Optional primitives are handled later.
|
|
137
|
+
if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) {
|
|
138
|
+
if (optional) {
|
|
139
|
+
return 0;
|
|
149
140
|
}
|
|
141
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
142
|
+
return -1;
|
|
143
|
+
}
|
|
150
144
|
|
|
151
|
-
|
|
152
|
-
|
|
145
|
+
switch (it->itype) {
|
|
153
146
|
case ASN1_ITYPE_PRIMITIVE:
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
return asn1_template_ex_i2d(pval, out, it->templates, tag, aclass);
|
|
147
|
+
if (it->templates) {
|
|
148
|
+
// This is an |ASN1_ITEM_TEMPLATE|.
|
|
149
|
+
if (it->templates->flags & ASN1_TFLG_OPTIONAL) {
|
|
150
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
151
|
+
return -1;
|
|
160
152
|
}
|
|
161
|
-
return
|
|
153
|
+
return asn1_template_ex_i2d(pval, out, it->templates, tag, aclass,
|
|
154
|
+
optional);
|
|
155
|
+
}
|
|
156
|
+
return asn1_i2d_ex_primitive(pval, out, it, tag, aclass, optional);
|
|
162
157
|
|
|
163
158
|
case ASN1_ITYPE_MSTRING:
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
}
|
|
172
|
-
return asn1_i2d_ex_primitive(pval, out, it, -1, 0, optional);
|
|
159
|
+
// It never makes sense for multi-strings to have implicit tagging, so
|
|
160
|
+
// if tag != -1, then this looks like an error in the template.
|
|
161
|
+
if (tag != -1) {
|
|
162
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
163
|
+
return -1;
|
|
164
|
+
}
|
|
165
|
+
return asn1_i2d_ex_primitive(pval, out, it, -1, 0, optional);
|
|
173
166
|
|
|
174
167
|
case ASN1_ITYPE_CHOICE: {
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
ASN1_VALUE **pchval = asn1_get_field_ptr(pval, chtt);
|
|
194
|
-
return asn1_template_ex_i2d(pchval, out, chtt, -1, 0);
|
|
168
|
+
// It never makes sense for CHOICE types to have implicit tagging, so if
|
|
169
|
+
// tag != -1, then this looks like an error in the template.
|
|
170
|
+
if (tag != -1) {
|
|
171
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
172
|
+
return -1;
|
|
173
|
+
}
|
|
174
|
+
i = asn1_get_choice_selector(pval, it);
|
|
175
|
+
if (i < 0 || i >= it->tcount) {
|
|
176
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE);
|
|
177
|
+
return -1;
|
|
178
|
+
}
|
|
179
|
+
const ASN1_TEMPLATE *chtt = it->templates + i;
|
|
180
|
+
if (chtt->flags & ASN1_TFLG_OPTIONAL) {
|
|
181
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
182
|
+
return -1;
|
|
183
|
+
}
|
|
184
|
+
ASN1_VALUE **pchval = asn1_get_field_ptr(pval, chtt);
|
|
185
|
+
return asn1_template_ex_i2d(pchval, out, chtt, -1, 0, /*optional=*/0);
|
|
195
186
|
}
|
|
196
187
|
|
|
197
188
|
case ASN1_ITYPE_EXTERN: {
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
189
|
+
// We don't support implicit tagging with external types.
|
|
190
|
+
if (tag != -1) {
|
|
191
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
192
|
+
return -1;
|
|
193
|
+
}
|
|
194
|
+
const ASN1_EXTERN_FUNCS *ef = it->funcs;
|
|
195
|
+
int ret = ef->asn1_ex_i2d(pval, out, it);
|
|
196
|
+
if (ret == 0) {
|
|
197
|
+
// |asn1_ex_i2d| should never return zero. We have already checked
|
|
198
|
+
// for optional values generically, and |ASN1_ITYPE_EXTERN| fields
|
|
199
|
+
// must be pointers.
|
|
200
|
+
OPENSSL_PUT_ERROR(ASN1, ERR_R_INTERNAL_ERROR);
|
|
201
|
+
return -1;
|
|
202
|
+
}
|
|
203
|
+
return ret;
|
|
209
204
|
}
|
|
210
205
|
|
|
211
206
|
case ASN1_ITYPE_SEQUENCE: {
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
207
|
+
i = asn1_enc_restore(&seqcontlen, out, pval, it);
|
|
208
|
+
// An error occurred
|
|
209
|
+
if (i < 0) {
|
|
210
|
+
return -1;
|
|
211
|
+
}
|
|
212
|
+
// We have a valid cached encoding...
|
|
213
|
+
if (i > 0) {
|
|
214
|
+
return seqcontlen;
|
|
215
|
+
}
|
|
216
|
+
// Otherwise carry on
|
|
217
|
+
seqcontlen = 0;
|
|
218
|
+
// If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL
|
|
219
|
+
if (tag == -1) {
|
|
220
|
+
tag = V_ASN1_SEQUENCE;
|
|
221
|
+
aclass = V_ASN1_UNIVERSAL;
|
|
222
|
+
}
|
|
223
|
+
// First work out sequence content length
|
|
224
|
+
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
|
|
225
|
+
const ASN1_TEMPLATE *seqtt;
|
|
226
|
+
ASN1_VALUE **pseqval;
|
|
227
|
+
int tmplen;
|
|
228
|
+
seqtt = asn1_do_adb(pval, tt, 1);
|
|
229
|
+
if (!seqtt) {
|
|
230
|
+
return -1;
|
|
225
231
|
}
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
seqtt = asn1_do_adb(pval, tt, 1);
|
|
232
|
-
if (!seqtt)
|
|
233
|
-
return -1;
|
|
234
|
-
pseqval = asn1_get_field_ptr(pval, seqtt);
|
|
235
|
-
tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, 0);
|
|
236
|
-
if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
|
|
237
|
-
return -1;
|
|
238
|
-
seqcontlen += tmplen;
|
|
232
|
+
pseqval = asn1_get_field_ptr(pval, seqtt);
|
|
233
|
+
tmplen =
|
|
234
|
+
asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, 0, /*optional=*/0);
|
|
235
|
+
if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen)) {
|
|
236
|
+
return -1;
|
|
239
237
|
}
|
|
238
|
+
seqcontlen += tmplen;
|
|
239
|
+
}
|
|
240
240
|
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
return seqlen;
|
|
244
|
-
/* Output SEQUENCE header */
|
|
245
|
-
ASN1_put_object(out, /*constructed=*/1, seqcontlen, tag, aclass);
|
|
246
|
-
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
|
|
247
|
-
const ASN1_TEMPLATE *seqtt;
|
|
248
|
-
ASN1_VALUE **pseqval;
|
|
249
|
-
seqtt = asn1_do_adb(pval, tt, 1);
|
|
250
|
-
if (!seqtt)
|
|
251
|
-
return -1;
|
|
252
|
-
pseqval = asn1_get_field_ptr(pval, seqtt);
|
|
253
|
-
if (asn1_template_ex_i2d(pseqval, out, seqtt, -1, 0) < 0) {
|
|
254
|
-
return -1;
|
|
255
|
-
}
|
|
256
|
-
}
|
|
241
|
+
seqlen = ASN1_object_size(/*constructed=*/1, seqcontlen, tag);
|
|
242
|
+
if (!out || seqlen == -1) {
|
|
257
243
|
return seqlen;
|
|
244
|
+
}
|
|
245
|
+
// Output SEQUENCE header
|
|
246
|
+
ASN1_put_object(out, /*constructed=*/1, seqcontlen, tag, aclass);
|
|
247
|
+
for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
|
|
248
|
+
const ASN1_TEMPLATE *seqtt;
|
|
249
|
+
ASN1_VALUE **pseqval;
|
|
250
|
+
seqtt = asn1_do_adb(pval, tt, 1);
|
|
251
|
+
if (!seqtt) {
|
|
252
|
+
return -1;
|
|
253
|
+
}
|
|
254
|
+
pseqval = asn1_get_field_ptr(pval, seqtt);
|
|
255
|
+
if (asn1_template_ex_i2d(pseqval, out, seqtt, -1, 0, /*optional=*/0) <
|
|
256
|
+
0) {
|
|
257
|
+
return -1;
|
|
258
|
+
}
|
|
259
|
+
}
|
|
260
|
+
return seqlen;
|
|
258
261
|
}
|
|
259
262
|
|
|
260
263
|
default:
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
265
|
+
return -1;
|
|
266
|
+
}
|
|
264
267
|
}
|
|
265
268
|
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
* taking an |optional| parameter, it uses the |ASN1_TFLG_OPTIONAL| flag. */
|
|
269
|
+
// asn1_template_ex_i2d behaves like |asn1_item_ex_i2d_opt| but uses an
|
|
270
|
+
// |ASN1_TEMPLATE| instead of an |ASN1_ITEM|. An |ASN1_TEMPLATE| wraps an
|
|
271
|
+
// |ASN1_ITEM| with modifiers such as tagging, SEQUENCE or SET, etc.
|
|
270
272
|
static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
|
|
271
|
-
const ASN1_TEMPLATE *tt, int tag, int iclass
|
|
272
|
-
{
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
if (
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
292
|
-
|
|
293
|
-
|
|
294
|
-
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
273
|
+
const ASN1_TEMPLATE *tt, int tag, int iclass,
|
|
274
|
+
int optional) {
|
|
275
|
+
int i, ret, ttag, tclass;
|
|
276
|
+
size_t j;
|
|
277
|
+
uint32_t flags = tt->flags;
|
|
278
|
+
|
|
279
|
+
// Historically, |iclass| was repurposed to pass additional flags into the
|
|
280
|
+
// encoding process.
|
|
281
|
+
assert((iclass & ASN1_TFLG_TAG_CLASS) == iclass);
|
|
282
|
+
// If not overridding the tag, |iclass| is ignored and should be zero.
|
|
283
|
+
assert(tag != -1 || iclass == 0);
|
|
284
|
+
|
|
285
|
+
// Work out tag and class to use: tagging may come either from the
|
|
286
|
+
// template or the arguments, not both because this would create
|
|
287
|
+
// ambiguity.
|
|
288
|
+
if (flags & ASN1_TFLG_TAG_MASK) {
|
|
289
|
+
// Error if argument and template tagging
|
|
290
|
+
if (tag != -1) {
|
|
291
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
292
|
+
return -1;
|
|
293
|
+
}
|
|
294
|
+
// Get tagging from template
|
|
295
|
+
ttag = tt->tag;
|
|
296
|
+
tclass = flags & ASN1_TFLG_TAG_CLASS;
|
|
297
|
+
} else if (tag != -1) {
|
|
298
|
+
// No template tagging, get from arguments
|
|
299
|
+
ttag = tag;
|
|
300
|
+
tclass = iclass & ASN1_TFLG_TAG_CLASS;
|
|
301
|
+
} else {
|
|
302
|
+
ttag = -1;
|
|
303
|
+
tclass = 0;
|
|
304
|
+
}
|
|
305
|
+
|
|
306
|
+
// The template may itself by marked as optional, or this may be the template
|
|
307
|
+
// of an |ASN1_ITEM_TEMPLATE| type which was contained inside an outer
|
|
308
|
+
// optional template. (They cannot both be true because the
|
|
309
|
+
// |ASN1_ITEM_TEMPLATE| codepath rejects optional templates.)
|
|
310
|
+
assert(!optional || (flags & ASN1_TFLG_OPTIONAL) == 0);
|
|
311
|
+
optional = optional || (flags & ASN1_TFLG_OPTIONAL) != 0;
|
|
312
|
+
|
|
313
|
+
// At this point 'ttag' contains the outer tag to use, and 'tclass' is the
|
|
314
|
+
// class.
|
|
315
|
+
|
|
316
|
+
if (flags & ASN1_TFLG_SK_MASK) {
|
|
317
|
+
// SET OF, SEQUENCE OF
|
|
318
|
+
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
|
|
319
|
+
int isset, sktag, skaclass;
|
|
320
|
+
int skcontlen, sklen;
|
|
321
|
+
ASN1_VALUE *skitem;
|
|
322
|
+
|
|
323
|
+
if (!*pval) {
|
|
324
|
+
if (optional) {
|
|
325
|
+
return 0;
|
|
326
|
+
}
|
|
327
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
328
|
+
return -1;
|
|
304
329
|
}
|
|
305
330
|
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
/* SET OF, SEQUENCE OF */
|
|
315
|
-
STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
|
|
316
|
-
int isset, sktag, skaclass;
|
|
317
|
-
int skcontlen, sklen;
|
|
318
|
-
ASN1_VALUE *skitem;
|
|
319
|
-
|
|
320
|
-
if (!*pval) {
|
|
321
|
-
if (optional) {
|
|
322
|
-
return 0;
|
|
323
|
-
}
|
|
324
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
325
|
-
return -1;
|
|
326
|
-
}
|
|
331
|
+
if (flags & ASN1_TFLG_SET_OF) {
|
|
332
|
+
isset = 1;
|
|
333
|
+
// Historically, types with both bits set were mutated when
|
|
334
|
+
// serialized to apply the sort. We no longer support this.
|
|
335
|
+
assert((flags & ASN1_TFLG_SEQUENCE_OF) == 0);
|
|
336
|
+
} else {
|
|
337
|
+
isset = 0;
|
|
338
|
+
}
|
|
327
339
|
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
340
|
+
// Work out inner tag value: if EXPLICIT or no tagging use underlying
|
|
341
|
+
// type.
|
|
342
|
+
if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
|
|
343
|
+
sktag = ttag;
|
|
344
|
+
skaclass = tclass;
|
|
345
|
+
} else {
|
|
346
|
+
skaclass = V_ASN1_UNIVERSAL;
|
|
347
|
+
if (isset) {
|
|
348
|
+
sktag = V_ASN1_SET;
|
|
349
|
+
} else {
|
|
350
|
+
sktag = V_ASN1_SEQUENCE;
|
|
351
|
+
}
|
|
352
|
+
}
|
|
336
353
|
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
354
|
+
// Determine total length of items
|
|
355
|
+
skcontlen = 0;
|
|
356
|
+
for (j = 0; j < sk_ASN1_VALUE_num(sk); j++) {
|
|
357
|
+
int tmplen;
|
|
358
|
+
skitem = sk_ASN1_VALUE_value(sk, j);
|
|
359
|
+
tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0);
|
|
360
|
+
if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) {
|
|
361
|
+
return -1;
|
|
362
|
+
}
|
|
363
|
+
skcontlen += tmplen;
|
|
364
|
+
}
|
|
365
|
+
sklen = ASN1_object_size(/*constructed=*/1, skcontlen, sktag);
|
|
366
|
+
if (sklen == -1) {
|
|
367
|
+
return -1;
|
|
368
|
+
}
|
|
369
|
+
// If EXPLICIT need length of surrounding tag
|
|
370
|
+
if (flags & ASN1_TFLG_EXPTAG) {
|
|
371
|
+
ret = ASN1_object_size(/*constructed=*/1, sklen, ttag);
|
|
372
|
+
} else {
|
|
373
|
+
ret = sklen;
|
|
374
|
+
}
|
|
351
375
|
|
|
352
|
-
|
|
353
|
-
|
|
354
|
-
for (j = 0; j < sk_ASN1_VALUE_num(sk); j++) {
|
|
355
|
-
int tmplen;
|
|
356
|
-
skitem = sk_ASN1_VALUE_value(sk, j);
|
|
357
|
-
tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
|
|
358
|
-
-1, 0);
|
|
359
|
-
if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
|
|
360
|
-
return -1;
|
|
361
|
-
skcontlen += tmplen;
|
|
362
|
-
}
|
|
363
|
-
sklen = ASN1_object_size(/*constructed=*/1, skcontlen, sktag);
|
|
364
|
-
if (sklen == -1)
|
|
365
|
-
return -1;
|
|
366
|
-
/* If EXPLICIT need length of surrounding tag */
|
|
367
|
-
if (flags & ASN1_TFLG_EXPTAG)
|
|
368
|
-
ret = ASN1_object_size(/*constructed=*/1, sklen, ttag);
|
|
369
|
-
else
|
|
370
|
-
ret = sklen;
|
|
371
|
-
|
|
372
|
-
if (!out || ret == -1)
|
|
373
|
-
return ret;
|
|
374
|
-
|
|
375
|
-
/* Now encode this lot... */
|
|
376
|
-
/* EXPLICIT tag */
|
|
377
|
-
if (flags & ASN1_TFLG_EXPTAG)
|
|
378
|
-
ASN1_put_object(out, /*constructed=*/1, sklen, ttag, tclass);
|
|
379
|
-
/* SET or SEQUENCE and IMPLICIT tag */
|
|
380
|
-
ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass);
|
|
381
|
-
/* And the stuff itself */
|
|
382
|
-
if (!asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
|
|
383
|
-
isset)) {
|
|
384
|
-
return -1;
|
|
385
|
-
}
|
|
386
|
-
return ret;
|
|
376
|
+
if (!out || ret == -1) {
|
|
377
|
+
return ret;
|
|
387
378
|
}
|
|
388
379
|
|
|
380
|
+
// Now encode this lot...
|
|
381
|
+
// EXPLICIT tag
|
|
389
382
|
if (flags & ASN1_TFLG_EXPTAG) {
|
|
390
|
-
|
|
391
|
-
/* Find length of tagged item */
|
|
392
|
-
i = asn1_item_ex_i2d_opt(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0,
|
|
393
|
-
optional);
|
|
394
|
-
if (i <= 0)
|
|
395
|
-
return i;
|
|
396
|
-
/* Find length of EXPLICIT tag */
|
|
397
|
-
ret = ASN1_object_size(/*constructed=*/1, i, ttag);
|
|
398
|
-
if (out && ret != -1) {
|
|
399
|
-
/* Output tag and item */
|
|
400
|
-
ASN1_put_object(out, /*constructed=*/1, i, ttag, tclass);
|
|
401
|
-
if (ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1,
|
|
402
|
-
0) < 0) {
|
|
403
|
-
return -1;
|
|
404
|
-
}
|
|
405
|
-
}
|
|
406
|
-
return ret;
|
|
383
|
+
ASN1_put_object(out, /*constructed=*/1, sklen, ttag, tclass);
|
|
407
384
|
}
|
|
385
|
+
// SET or SEQUENCE and IMPLICIT tag
|
|
386
|
+
ASN1_put_object(out, /*constructed=*/1, skcontlen, sktag, skaclass);
|
|
387
|
+
// And the stuff itself
|
|
388
|
+
if (!asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset)) {
|
|
389
|
+
return -1;
|
|
390
|
+
}
|
|
391
|
+
return ret;
|
|
392
|
+
}
|
|
393
|
+
|
|
394
|
+
if (flags & ASN1_TFLG_EXPTAG) {
|
|
395
|
+
// EXPLICIT tagging
|
|
396
|
+
// Find length of tagged item
|
|
397
|
+
i = asn1_item_ex_i2d_opt(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0,
|
|
398
|
+
optional);
|
|
399
|
+
if (i <= 0) {
|
|
400
|
+
return i;
|
|
401
|
+
}
|
|
402
|
+
// Find length of EXPLICIT tag
|
|
403
|
+
ret = ASN1_object_size(/*constructed=*/1, i, ttag);
|
|
404
|
+
if (out && ret != -1) {
|
|
405
|
+
// Output tag and item
|
|
406
|
+
ASN1_put_object(out, /*constructed=*/1, i, ttag, tclass);
|
|
407
|
+
if (ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0) < 0) {
|
|
408
|
+
return -1;
|
|
409
|
+
}
|
|
410
|
+
}
|
|
411
|
+
return ret;
|
|
412
|
+
}
|
|
408
413
|
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
414
|
+
// Either normal or IMPLICIT tagging
|
|
415
|
+
return asn1_item_ex_i2d_opt(pval, out, ASN1_ITEM_ptr(tt->item), ttag, tclass,
|
|
416
|
+
optional);
|
|
413
417
|
}
|
|
414
418
|
|
|
415
|
-
|
|
419
|
+
// Temporary structure used to hold DER encoding of items for SET OF
|
|
416
420
|
|
|
417
421
|
typedef struct {
|
|
418
|
-
|
|
419
|
-
|
|
422
|
+
unsigned char *data;
|
|
423
|
+
int length;
|
|
420
424
|
} DER_ENC;
|
|
421
425
|
|
|
422
|
-
static int der_cmp(const void *a, const void *b)
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
426
|
+
static int der_cmp(const void *a, const void *b) {
|
|
427
|
+
const DER_ENC *d1 = a, *d2 = b;
|
|
428
|
+
int cmplen, i;
|
|
429
|
+
cmplen = (d1->length < d2->length) ? d1->length : d2->length;
|
|
430
|
+
i = OPENSSL_memcmp(d1->data, d2->data, cmplen);
|
|
431
|
+
if (i) {
|
|
432
|
+
return i;
|
|
433
|
+
}
|
|
434
|
+
return d1->length - d2->length;
|
|
431
435
|
}
|
|
432
436
|
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
437
|
+
// asn1_set_seq_out writes |sk| to |out| under the i2d output convention,
|
|
438
|
+
// excluding the tag and length. It returns one on success and zero on error.
|
|
439
|
+
// |skcontlen| must be the total encoded size. If |do_sort| is non-zero, the
|
|
440
|
+
// elements are sorted for a SET OF type. Each element of |sk| has type
|
|
441
|
+
// |item|.
|
|
438
442
|
static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
|
|
439
|
-
int skcontlen, const ASN1_ITEM *item, int do_sort)
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
if (ASN1_item_ex_i2d(&skitem, out, item, -1, 0) < 0) {
|
|
446
|
-
return 0;
|
|
447
|
-
}
|
|
448
|
-
}
|
|
449
|
-
return 1;
|
|
450
|
-
}
|
|
451
|
-
|
|
452
|
-
if (sk_ASN1_VALUE_num(sk) > ((size_t)-1) / sizeof(DER_ENC)) {
|
|
453
|
-
OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
|
|
443
|
+
int skcontlen, const ASN1_ITEM *item, int do_sort) {
|
|
444
|
+
// No need to sort if there are fewer than two items.
|
|
445
|
+
if (!do_sort || sk_ASN1_VALUE_num(sk) < 2) {
|
|
446
|
+
for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
|
|
447
|
+
ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
|
|
448
|
+
if (ASN1_item_ex_i2d(&skitem, out, item, -1, 0) < 0) {
|
|
454
449
|
return 0;
|
|
450
|
+
}
|
|
455
451
|
}
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
452
|
+
return 1;
|
|
453
|
+
}
|
|
454
|
+
|
|
455
|
+
if (sk_ASN1_VALUE_num(sk) > ((size_t)-1) / sizeof(DER_ENC)) {
|
|
456
|
+
OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
|
|
457
|
+
return 0;
|
|
458
|
+
}
|
|
459
|
+
|
|
460
|
+
int ret = 0;
|
|
461
|
+
unsigned char *const buf = OPENSSL_malloc(skcontlen);
|
|
462
|
+
DER_ENC *encoded = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*encoded));
|
|
463
|
+
if (encoded == NULL || buf == NULL) {
|
|
464
|
+
goto err;
|
|
465
|
+
}
|
|
466
|
+
|
|
467
|
+
// Encode all the elements into |buf| and populate |encoded|.
|
|
468
|
+
unsigned char *p = buf;
|
|
469
|
+
for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
|
|
470
|
+
ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
|
|
471
|
+
encoded[i].data = p;
|
|
472
|
+
encoded[i].length = ASN1_item_ex_i2d(&skitem, &p, item, -1, 0);
|
|
473
|
+
if (encoded[i].length < 0) {
|
|
474
|
+
goto err;
|
|
463
475
|
}
|
|
476
|
+
assert(p - buf <= skcontlen);
|
|
477
|
+
}
|
|
464
478
|
|
|
465
|
-
|
|
466
|
-
unsigned char *p = buf;
|
|
467
|
-
for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
|
|
468
|
-
ASN1_VALUE *skitem = sk_ASN1_VALUE_value(sk, i);
|
|
469
|
-
encoded[i].data = p;
|
|
470
|
-
encoded[i].length = ASN1_item_ex_i2d(&skitem, &p, item, -1, 0);
|
|
471
|
-
if (encoded[i].length < 0) {
|
|
472
|
-
goto err;
|
|
473
|
-
}
|
|
474
|
-
assert(p - buf <= skcontlen);
|
|
475
|
-
}
|
|
476
|
-
|
|
477
|
-
qsort(encoded, sk_ASN1_VALUE_num(sk), sizeof(*encoded), der_cmp);
|
|
479
|
+
qsort(encoded, sk_ASN1_VALUE_num(sk), sizeof(*encoded), der_cmp);
|
|
478
480
|
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
481
|
+
// Output the elements in sorted order.
|
|
482
|
+
p = *out;
|
|
483
|
+
for (size_t i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
|
|
484
|
+
OPENSSL_memcpy(p, encoded[i].data, encoded[i].length);
|
|
485
|
+
p += encoded[i].length;
|
|
486
|
+
}
|
|
487
|
+
*out = p;
|
|
486
488
|
|
|
487
|
-
|
|
489
|
+
ret = 1;
|
|
488
490
|
|
|
489
491
|
err:
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
492
|
+
OPENSSL_free(encoded);
|
|
493
|
+
OPENSSL_free(buf);
|
|
494
|
+
return ret;
|
|
493
495
|
}
|
|
494
496
|
|
|
495
|
-
|
|
496
|
-
|
|
497
|
+
// asn1_i2d_ex_primitive behaves like |ASN1_item_ex_i2d| but |item| must be a
|
|
498
|
+
// a PRIMITIVE or MSTRING type that is not an |ASN1_ITEM_TEMPLATE|.
|
|
497
499
|
static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
|
|
498
500
|
const ASN1_ITEM *it, int tag, int aclass,
|
|
499
|
-
int optional)
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
if (
|
|
509
|
-
|
|
510
|
-
return 0;
|
|
511
|
-
}
|
|
512
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
513
|
-
return -1;
|
|
514
|
-
}
|
|
515
|
-
|
|
516
|
-
/*
|
|
517
|
-
* If SEQUENCE, SET or OTHER then header is included in pseudo content
|
|
518
|
-
* octets so don't include tag+length. We need to check here because the
|
|
519
|
-
* call to asn1_ex_i2c() could change utype.
|
|
520
|
-
*/
|
|
521
|
-
int usetag = utype != V_ASN1_SEQUENCE && utype != V_ASN1_SET &&
|
|
522
|
-
utype != V_ASN1_OTHER;
|
|
523
|
-
|
|
524
|
-
/* If not implicitly tagged get tag from underlying type */
|
|
525
|
-
if (tag == -1)
|
|
526
|
-
tag = utype;
|
|
527
|
-
|
|
528
|
-
/* Output tag+length followed by content octets */
|
|
529
|
-
if (out) {
|
|
530
|
-
if (usetag) {
|
|
531
|
-
ASN1_put_object(out, /*constructed=*/0, len, tag, aclass);
|
|
532
|
-
}
|
|
533
|
-
int len2 = asn1_ex_i2c(pval, *out, &omit, &utype, it);
|
|
534
|
-
if (len2 < 0) {
|
|
535
|
-
return -1;
|
|
536
|
-
}
|
|
537
|
-
assert(len == len2);
|
|
538
|
-
assert(!omit);
|
|
539
|
-
*out += len;
|
|
501
|
+
int optional) {
|
|
502
|
+
// Get length of content octets and maybe find out the underlying type.
|
|
503
|
+
int omit;
|
|
504
|
+
int utype = it->utype;
|
|
505
|
+
int len = asn1_ex_i2c(pval, NULL, &omit, &utype, it);
|
|
506
|
+
if (len < 0) {
|
|
507
|
+
return -1;
|
|
508
|
+
}
|
|
509
|
+
if (omit) {
|
|
510
|
+
if (optional) {
|
|
511
|
+
return 0;
|
|
540
512
|
}
|
|
541
|
-
|
|
513
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
|
|
514
|
+
return -1;
|
|
515
|
+
}
|
|
516
|
+
|
|
517
|
+
// If SEQUENCE, SET or OTHER then header is included in pseudo content
|
|
518
|
+
// octets so don't include tag+length. We need to check here because the
|
|
519
|
+
// call to asn1_ex_i2c() could change utype.
|
|
520
|
+
int usetag =
|
|
521
|
+
utype != V_ASN1_SEQUENCE && utype != V_ASN1_SET && utype != V_ASN1_OTHER;
|
|
522
|
+
|
|
523
|
+
// If not implicitly tagged get tag from underlying type
|
|
524
|
+
if (tag == -1) {
|
|
525
|
+
tag = utype;
|
|
526
|
+
}
|
|
527
|
+
|
|
528
|
+
// Output tag+length followed by content octets
|
|
529
|
+
if (out) {
|
|
542
530
|
if (usetag) {
|
|
543
|
-
|
|
531
|
+
ASN1_put_object(out, /*constructed=*/0, len, tag, aclass);
|
|
544
532
|
}
|
|
545
|
-
|
|
533
|
+
int len2 = asn1_ex_i2c(pval, *out, &omit, &utype, it);
|
|
534
|
+
if (len2 < 0) {
|
|
535
|
+
return -1;
|
|
536
|
+
}
|
|
537
|
+
assert(len == len2);
|
|
538
|
+
assert(!omit);
|
|
539
|
+
*out += len;
|
|
540
|
+
}
|
|
541
|
+
|
|
542
|
+
if (usetag) {
|
|
543
|
+
return ASN1_object_size(/*constructed=*/0, len, tag);
|
|
544
|
+
}
|
|
545
|
+
return len;
|
|
546
546
|
}
|
|
547
547
|
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
548
|
+
// asn1_ex_i2c writes the |*pval| to |cout| under the i2d output convention,
|
|
549
|
+
// excluding the tag and length. It returns the number of bytes written,
|
|
550
|
+
// possibly zero, on success or -1 on error. If |*pval| should be omitted, it
|
|
551
|
+
// returns zero and sets |*out_omit| to true.
|
|
552
|
+
//
|
|
553
|
+
// If |it| is an MSTRING or ANY type, it gets the underlying type from |*pval|,
|
|
554
|
+
// which must be an |ASN1_STRING| or |ASN1_TYPE|, respectively. It then updates
|
|
555
|
+
// |*putype| with the tag number of type used, or |V_ASN1_OTHER| if it was not a
|
|
556
|
+
// universal type. If |*putype| is set to |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or
|
|
557
|
+
// |V_ASN1_OTHER|, it additionally outputs the tag and length, so the caller
|
|
558
|
+
// must not do so.
|
|
559
|
+
//
|
|
560
|
+
// Otherwise, |*putype| must contain |it->utype|.
|
|
561
|
+
//
|
|
562
|
+
// WARNING: Unlike most functions in this file, |asn1_ex_i2c| can return zero
|
|
563
|
+
// without omitting the element. ASN.1 values may have empty contents.
|
|
564
564
|
static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *out_omit,
|
|
565
|
-
int *putype, const ASN1_ITEM *it)
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
580
|
-
|
|
581
|
-
|
|
582
|
-
if (
|
|
583
|
-
|
|
584
|
-
|
|
585
|
-
*out_omit = 1;
|
|
586
|
-
return 0;
|
|
587
|
-
}
|
|
565
|
+
int *putype, const ASN1_ITEM *it) {
|
|
566
|
+
ASN1_BOOLEAN *tbool = NULL;
|
|
567
|
+
ASN1_STRING *strtmp;
|
|
568
|
+
ASN1_OBJECT *otmp;
|
|
569
|
+
int utype;
|
|
570
|
+
const unsigned char *cont;
|
|
571
|
+
unsigned char c;
|
|
572
|
+
int len;
|
|
573
|
+
|
|
574
|
+
// Historically, |it->funcs| for primitive types contained an
|
|
575
|
+
// |ASN1_PRIMITIVE_FUNCS| table of callbacks.
|
|
576
|
+
assert(it->funcs == NULL);
|
|
577
|
+
|
|
578
|
+
*out_omit = 0;
|
|
579
|
+
|
|
580
|
+
// Should type be omitted?
|
|
581
|
+
if ((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
|
|
582
|
+
if (!*pval) {
|
|
583
|
+
*out_omit = 1;
|
|
584
|
+
return 0;
|
|
588
585
|
}
|
|
586
|
+
}
|
|
587
|
+
|
|
588
|
+
if (it->itype == ASN1_ITYPE_MSTRING) {
|
|
589
|
+
// If MSTRING type set the underlying type
|
|
590
|
+
strtmp = (ASN1_STRING *)*pval;
|
|
591
|
+
utype = strtmp->type;
|
|
592
|
+
if (utype < 0 && utype != V_ASN1_OTHER) {
|
|
593
|
+
// MSTRINGs can have type -1 when default-constructed.
|
|
594
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
|
|
595
|
+
return -1;
|
|
596
|
+
}
|
|
597
|
+
// Negative INTEGER and ENUMERATED values use |ASN1_STRING| type values
|
|
598
|
+
// that do not match their corresponding utype values. INTEGERs cannot
|
|
599
|
+
// participate in MSTRING types, but ENUMERATEDs can.
|
|
600
|
+
//
|
|
601
|
+
// TODO(davidben): Is this a bug? Although arguably one of the MSTRING
|
|
602
|
+
// types should contain more values, rather than less. See
|
|
603
|
+
// https://crbug.com/boringssl/412. But it is not possible to fit all
|
|
604
|
+
// possible ANY values into an |ASN1_STRING|, so matching the spec here
|
|
605
|
+
// is somewhat hopeless.
|
|
606
|
+
if (utype == V_ASN1_NEG_INTEGER) {
|
|
607
|
+
utype = V_ASN1_INTEGER;
|
|
608
|
+
} else if (utype == V_ASN1_NEG_ENUMERATED) {
|
|
609
|
+
utype = V_ASN1_ENUMERATED;
|
|
610
|
+
}
|
|
611
|
+
*putype = utype;
|
|
612
|
+
} else if (it->utype == V_ASN1_ANY) {
|
|
613
|
+
// If ANY set type and pointer to value
|
|
614
|
+
ASN1_TYPE *typ;
|
|
615
|
+
typ = (ASN1_TYPE *)*pval;
|
|
616
|
+
utype = typ->type;
|
|
617
|
+
if (utype < 0 && utype != V_ASN1_OTHER) {
|
|
618
|
+
// |ASN1_TYPE|s can have type -1 when default-constructed.
|
|
619
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
|
|
620
|
+
return -1;
|
|
621
|
+
}
|
|
622
|
+
*putype = utype;
|
|
623
|
+
pval = &typ->value.asn1_value;
|
|
624
|
+
} else {
|
|
625
|
+
utype = *putype;
|
|
626
|
+
}
|
|
589
627
|
|
|
590
|
-
|
|
591
|
-
/* If MSTRING type set the underlying type */
|
|
592
|
-
strtmp = (ASN1_STRING *)*pval;
|
|
593
|
-
utype = strtmp->type;
|
|
594
|
-
if (utype < 0 && utype != V_ASN1_OTHER) {
|
|
595
|
-
/* MSTRINGs can have type -1 when default-constructed. */
|
|
596
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
|
|
597
|
-
return -1;
|
|
598
|
-
}
|
|
599
|
-
/* Negative INTEGER and ENUMERATED values use |ASN1_STRING| type values
|
|
600
|
-
* that do not match their corresponding utype values. INTEGERs cannot
|
|
601
|
-
* participate in MSTRING types, but ENUMERATEDs can.
|
|
602
|
-
*
|
|
603
|
-
* TODO(davidben): Is this a bug? Although arguably one of the MSTRING
|
|
604
|
-
* types should contain more values, rather than less. See
|
|
605
|
-
* https://crbug.com/boringssl/412. But it is not possible to fit all
|
|
606
|
-
* possible ANY values into an |ASN1_STRING|, so matching the spec here
|
|
607
|
-
* is somewhat hopeless. */
|
|
608
|
-
if (utype == V_ASN1_NEG_INTEGER) {
|
|
609
|
-
utype = V_ASN1_INTEGER;
|
|
610
|
-
} else if (utype == V_ASN1_NEG_ENUMERATED) {
|
|
611
|
-
utype = V_ASN1_ENUMERATED;
|
|
612
|
-
}
|
|
613
|
-
*putype = utype;
|
|
614
|
-
} else if (it->utype == V_ASN1_ANY) {
|
|
615
|
-
/* If ANY set type and pointer to value */
|
|
616
|
-
ASN1_TYPE *typ;
|
|
617
|
-
typ = (ASN1_TYPE *)*pval;
|
|
618
|
-
utype = typ->type;
|
|
619
|
-
if (utype < 0 && utype != V_ASN1_OTHER) {
|
|
620
|
-
/* |ASN1_TYPE|s can have type -1 when default-constructed. */
|
|
621
|
-
OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TYPE);
|
|
622
|
-
return -1;
|
|
623
|
-
}
|
|
624
|
-
*putype = utype;
|
|
625
|
-
pval = &typ->value.asn1_value;
|
|
626
|
-
} else
|
|
627
|
-
utype = *putype;
|
|
628
|
-
|
|
629
|
-
switch (utype) {
|
|
628
|
+
switch (utype) {
|
|
630
629
|
case V_ASN1_OBJECT:
|
|
631
|
-
|
|
632
|
-
|
|
633
|
-
|
|
634
|
-
|
|
635
|
-
|
|
636
|
-
|
|
637
|
-
|
|
638
|
-
|
|
639
|
-
|
|
630
|
+
otmp = (ASN1_OBJECT *)*pval;
|
|
631
|
+
cont = otmp->data;
|
|
632
|
+
len = otmp->length;
|
|
633
|
+
if (len == 0) {
|
|
634
|
+
// Some |ASN1_OBJECT|s do not have OIDs and cannot be serialized.
|
|
635
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
|
|
636
|
+
return -1;
|
|
637
|
+
}
|
|
638
|
+
break;
|
|
640
639
|
|
|
641
640
|
case V_ASN1_NULL:
|
|
642
|
-
|
|
643
|
-
|
|
644
|
-
|
|
641
|
+
cont = NULL;
|
|
642
|
+
len = 0;
|
|
643
|
+
break;
|
|
645
644
|
|
|
646
645
|
case V_ASN1_BOOLEAN:
|
|
647
|
-
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
|
|
652
|
-
|
|
653
|
-
|
|
654
|
-
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
cont = &c;
|
|
664
|
-
len = 1;
|
|
665
|
-
break;
|
|
646
|
+
tbool = (ASN1_BOOLEAN *)pval;
|
|
647
|
+
if (*tbool == ASN1_BOOLEAN_NONE) {
|
|
648
|
+
*out_omit = 1;
|
|
649
|
+
return 0;
|
|
650
|
+
}
|
|
651
|
+
if (it->utype != V_ASN1_ANY) {
|
|
652
|
+
// Default handling if value == size field then omit
|
|
653
|
+
if ((*tbool && (it->size > 0)) || (!*tbool && !it->size)) {
|
|
654
|
+
*out_omit = 1;
|
|
655
|
+
return 0;
|
|
656
|
+
}
|
|
657
|
+
}
|
|
658
|
+
c = *tbool ? 0xff : 0x00;
|
|
659
|
+
cont = &c;
|
|
660
|
+
len = 1;
|
|
661
|
+
break;
|
|
666
662
|
|
|
667
663
|
case V_ASN1_BIT_STRING: {
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
664
|
+
int ret =
|
|
665
|
+
i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
|
|
666
|
+
// |i2c_ASN1_BIT_STRING| returns zero on error instead of -1.
|
|
667
|
+
return ret <= 0 ? -1 : ret;
|
|
672
668
|
}
|
|
673
669
|
|
|
674
670
|
case V_ASN1_INTEGER:
|
|
675
671
|
case V_ASN1_ENUMERATED: {
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
672
|
+
// |i2c_ASN1_INTEGER| also handles ENUMERATED.
|
|
673
|
+
int ret = i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
|
|
674
|
+
// |i2c_ASN1_INTEGER| returns zero on error instead of -1.
|
|
675
|
+
return ret <= 0 ? -1 : ret;
|
|
680
676
|
}
|
|
681
677
|
|
|
682
678
|
case V_ASN1_OCTET_STRING:
|
|
@@ -695,16 +691,20 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *out_omit,
|
|
|
695
691
|
case V_ASN1_UTF8STRING:
|
|
696
692
|
case V_ASN1_SEQUENCE:
|
|
697
693
|
case V_ASN1_SET:
|
|
698
|
-
|
|
699
|
-
|
|
700
|
-
|
|
701
|
-
|
|
702
|
-
|
|
703
|
-
|
|
704
|
-
|
|
694
|
+
// This is not a valid |ASN1_ITEM| type, but it appears in |ASN1_TYPE|.
|
|
695
|
+
case V_ASN1_OTHER:
|
|
696
|
+
// All based on ASN1_STRING and handled the same
|
|
697
|
+
strtmp = (ASN1_STRING *)*pval;
|
|
698
|
+
cont = strtmp->data;
|
|
699
|
+
len = strtmp->length;
|
|
700
|
+
break;
|
|
705
701
|
|
|
706
|
-
|
|
707
|
-
|
|
708
|
-
|
|
709
|
-
|
|
702
|
+
default:
|
|
703
|
+
OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_TEMPLATE);
|
|
704
|
+
return -1;
|
|
705
|
+
}
|
|
706
|
+
if (cout && len) {
|
|
707
|
+
OPENSSL_memcpy(cout, cont, len);
|
|
708
|
+
}
|
|
709
|
+
return len;
|
|
710
710
|
}
|