grpc 1.53.0 → 1.54.2

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (695) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +80 -66
  3. data/include/grpc/event_engine/event_engine.h +30 -14
  4. data/include/grpc/grpc_security.h +4 -0
  5. data/include/grpc/impl/grpc_types.h +11 -2
  6. data/include/grpc/support/port_platform.h +4 -4
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +11 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +6 -0
  9. data/src/core/ext/filters/client_channel/backup_poller.cc +2 -11
  10. data/src/core/ext/filters/client_channel/backup_poller.h +0 -3
  11. data/src/core/ext/filters/client_channel/client_channel.cc +848 -813
  12. data/src/core/ext/filters/client_channel/client_channel.h +131 -173
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +114 -0
  14. data/src/core/ext/filters/client_channel/config_selector.h +4 -3
  15. data/src/core/ext/filters/client_channel/http_proxy.cc +1 -1
  16. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +6 -1
  17. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +17 -18
  18. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +134 -151
  19. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +2 -16
  20. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +14 -10
  21. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +68 -30
  22. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +11 -3
  23. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +8 -1
  24. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +2 -5
  25. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +2 -2
  26. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +30 -38
  27. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +4 -4
  28. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +20 -26
  29. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +31 -179
  30. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +1 -2
  31. data/src/core/ext/filters/client_channel/resolver/polling_resolver.h +1 -2
  32. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +4 -2
  33. data/src/core/ext/filters/client_channel/retry_filter.cc +95 -102
  34. data/src/core/ext/filters/client_channel/subchannel.cc +2 -4
  35. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +26 -27
  36. data/src/core/ext/filters/client_channel/subchannel_stream_client.h +8 -5
  37. data/src/core/ext/filters/http/client/http_client_filter.cc +3 -3
  38. data/src/core/ext/filters/http/http_filters_plugin.cc +1 -12
  39. data/src/core/ext/filters/http/message_compress/compression_filter.cc +27 -11
  40. data/src/core/ext/filters/message_size/message_size_filter.cc +141 -224
  41. data/src/core/ext/filters/message_size/message_size_filter.h +48 -3
  42. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +7 -6
  43. data/src/core/ext/gcp/metadata_query.cc +137 -0
  44. data/src/core/ext/gcp/metadata_query.h +87 -0
  45. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +70 -55
  46. data/src/core/ext/transport/chttp2/transport/bin_encoder.cc +12 -8
  47. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +5 -1
  48. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +149 -60
  49. data/src/core/ext/transport/chttp2/transport/flow_control.cc +5 -2
  50. data/src/core/ext/transport/chttp2/transport/flow_control.h +2 -1
  51. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +4 -1
  52. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +118 -222
  53. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +295 -113
  54. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -0
  55. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.h +2 -0
  56. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +466 -273
  57. data/src/core/ext/transport/chttp2/transport/hpack_parser.h +7 -3
  58. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +14 -12
  59. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.h +9 -1
  60. data/src/core/ext/transport/chttp2/transport/internal.h +18 -3
  61. data/src/core/ext/transport/chttp2/transport/parsing.cc +9 -2
  62. data/src/core/ext/transport/chttp2/transport/writing.cc +10 -5
  63. data/src/core/ext/transport/inproc/inproc_transport.cc +20 -14
  64. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +5 -3
  65. data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +22 -0
  66. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +5 -3
  67. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +22 -0
  68. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +23 -5
  69. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +94 -3
  70. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +23 -2
  71. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +120 -0
  72. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.c +6 -3
  73. data/src/core/ext/upb-generated/envoy/config/listener/v3/quic_config.upb.h +22 -0
  74. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +24 -6
  75. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +111 -12
  76. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +9 -7
  77. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +27 -9
  78. data/src/core/ext/upb-generated/envoy/config/trace/v3/opentelemetry.upb.c +0 -1
  79. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +11 -7
  80. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +56 -12
  81. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.c +5 -3
  82. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.upb.h +24 -0
  83. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.c +5 -3
  84. data/src/core/ext/upb-generated/envoy/extensions/load_balancing_policies/ring_hash/v3/ring_hash.upb.h +24 -0
  85. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.c +13 -2
  86. data/src/core/ext/upb-generated/envoy/type/matcher/v3/http_inputs.upb.h +49 -0
  87. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +24 -9
  88. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +66 -12
  89. data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +191 -187
  90. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +139 -136
  91. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.c +31 -15
  92. data/src/core/ext/upbdefs-generated/envoy/config/core/v3/proxy_protocol.upbdefs.h +5 -0
  93. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.c +12 -9
  94. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/listener.upbdefs.h +15 -0
  95. data/src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c +54 -45
  96. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c +135 -119
  97. data/src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h +5 -0
  98. data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +100 -97
  99. data/src/core/ext/upbdefs-generated/envoy/config/trace/v3/opentelemetry.upbdefs.c +15 -18
  100. data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +272 -264
  101. data/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/tls.upbdefs.c +117 -117
  102. data/src/core/ext/upbdefs-generated/envoy/service/discovery/v3/ads.upbdefs.c +5 -5
  103. data/src/core/ext/upbdefs-generated/envoy/service/load_stats/v3/lrs.upbdefs.c +5 -5
  104. data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +5 -5
  105. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.c +12 -9
  106. data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/http_inputs.upbdefs.h +5 -0
  107. data/src/core/ext/xds/xds_channel_stack_modifier.cc +1 -2
  108. data/src/core/ext/xds/xds_client_stats.cc +29 -15
  109. data/src/core/ext/xds/xds_client_stats.h +24 -20
  110. data/src/core/ext/xds/xds_endpoint.cc +5 -2
  111. data/src/core/ext/xds/xds_endpoint.h +9 -1
  112. data/src/core/ext/xds/xds_http_rbac_filter.cc +1 -1
  113. data/src/core/ext/xds/xds_lb_policy_registry.cc +13 -0
  114. data/src/core/ext/xds/xds_transport_grpc.cc +1 -1
  115. data/src/core/{ext/filters/client_channel/resolver/dns/dns_resolver_selection.h → lib/backoff/random_early_detection.cc} +14 -12
  116. data/src/core/lib/backoff/random_early_detection.h +59 -0
  117. data/src/core/lib/channel/call_finalization.h +1 -1
  118. data/src/core/lib/channel/call_tracer.cc +51 -0
  119. data/src/core/lib/channel/call_tracer.h +101 -38
  120. data/src/core/lib/channel/connected_channel.cc +483 -1050
  121. data/src/core/lib/channel/context.h +8 -1
  122. data/src/core/lib/channel/promise_based_filter.cc +106 -42
  123. data/src/core/lib/channel/promise_based_filter.h +27 -13
  124. data/src/core/lib/channel/server_call_tracer_filter.cc +110 -0
  125. data/src/core/lib/config/config_vars.cc +151 -0
  126. data/src/core/lib/config/config_vars.h +127 -0
  127. data/src/core/lib/config/config_vars_non_generated.cc +51 -0
  128. data/src/core/lib/config/load_config.cc +66 -0
  129. data/src/core/lib/config/load_config.h +49 -0
  130. data/src/core/lib/debug/trace.cc +5 -6
  131. data/src/core/lib/debug/trace.h +0 -5
  132. data/src/core/lib/event_engine/event_engine.cc +37 -2
  133. data/src/core/lib/event_engine/handle_containers.h +7 -22
  134. data/src/core/lib/event_engine/memory_allocator_factory.h +47 -0
  135. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +0 -4
  136. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +3 -9
  137. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +48 -15
  138. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +8 -8
  139. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +6 -5
  140. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +6 -3
  141. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +27 -18
  142. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +0 -3
  143. data/src/core/lib/event_engine/resolved_address.cc +2 -1
  144. data/src/core/lib/event_engine/windows/win_socket.cc +0 -1
  145. data/src/core/lib/event_engine/windows/windows_endpoint.cc +129 -82
  146. data/src/core/lib/event_engine/windows/windows_endpoint.h +21 -5
  147. data/src/core/lib/event_engine/windows/windows_engine.cc +39 -18
  148. data/src/core/lib/event_engine/windows/windows_engine.h +2 -1
  149. data/src/core/lib/event_engine/windows/windows_listener.cc +370 -0
  150. data/src/core/lib/event_engine/windows/windows_listener.h +155 -0
  151. data/src/core/lib/experiments/config.cc +3 -10
  152. data/src/core/lib/experiments/experiments.cc +7 -0
  153. data/src/core/lib/experiments/experiments.h +9 -1
  154. data/src/core/lib/gpr/log.cc +15 -28
  155. data/src/core/lib/gprpp/fork.cc +8 -14
  156. data/src/core/lib/gprpp/orphanable.h +4 -3
  157. data/src/core/lib/gprpp/per_cpu.h +9 -3
  158. data/src/core/lib/gprpp/{thd_posix.cc → posix/thd.cc} +49 -37
  159. data/src/core/lib/gprpp/ref_counted.h +33 -34
  160. data/src/core/lib/gprpp/thd.h +16 -0
  161. data/src/core/lib/gprpp/time.cc +1 -0
  162. data/src/core/lib/gprpp/time.h +4 -4
  163. data/src/core/lib/gprpp/{thd_windows.cc → windows/thd.cc} +2 -2
  164. data/src/core/lib/iomgr/call_combiner.h +2 -2
  165. data/src/core/lib/iomgr/endpoint_cfstream.cc +4 -2
  166. data/src/core/lib/iomgr/endpoint_pair.h +2 -2
  167. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  168. data/src/core/lib/iomgr/endpoint_pair_windows.cc +1 -1
  169. data/src/core/lib/iomgr/ev_posix.cc +13 -53
  170. data/src/core/lib/iomgr/ev_posix.h +0 -3
  171. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +103 -76
  172. data/src/core/lib/iomgr/iomgr.cc +4 -8
  173. data/src/core/lib/iomgr/iomgr_windows.cc +8 -2
  174. data/src/core/lib/iomgr/pollset_set_windows.cc +9 -9
  175. data/src/core/lib/iomgr/pollset_windows.cc +1 -1
  176. data/src/core/lib/iomgr/socket_utils_common_posix.cc +16 -3
  177. data/src/core/lib/iomgr/tcp_client_windows.cc +2 -2
  178. data/src/core/lib/iomgr/tcp_posix.cc +0 -1
  179. data/src/core/lib/iomgr/tcp_server_posix.cc +5 -16
  180. data/src/core/lib/iomgr/tcp_server_windows.cc +176 -9
  181. data/src/core/lib/iomgr/tcp_windows.cc +12 -8
  182. data/src/core/lib/load_balancing/lb_policy.cc +9 -13
  183. data/src/core/lib/load_balancing/lb_policy.h +4 -2
  184. data/src/core/lib/promise/activity.cc +22 -6
  185. data/src/core/lib/promise/activity.h +61 -24
  186. data/src/core/lib/promise/cancel_callback.h +77 -0
  187. data/src/core/lib/promise/detail/basic_seq.h +1 -1
  188. data/src/core/lib/promise/detail/promise_factory.h +4 -0
  189. data/src/core/lib/promise/for_each.h +176 -0
  190. data/src/core/lib/promise/if.h +9 -0
  191. data/src/core/lib/promise/interceptor_list.h +23 -2
  192. data/src/core/lib/promise/latch.h +89 -3
  193. data/src/core/lib/promise/loop.h +13 -9
  194. data/src/core/lib/promise/map.h +7 -0
  195. data/src/core/lib/promise/party.cc +286 -0
  196. data/src/core/lib/promise/party.h +499 -0
  197. data/src/core/lib/promise/pipe.h +197 -57
  198. data/src/core/lib/promise/poll.h +48 -0
  199. data/src/core/lib/promise/promise.h +2 -2
  200. data/src/core/lib/resource_quota/arena.cc +19 -3
  201. data/src/core/lib/resource_quota/arena.h +119 -5
  202. data/src/core/lib/resource_quota/memory_quota.cc +1 -1
  203. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +12 -35
  204. data/src/core/lib/security/credentials/external/aws_external_account_credentials.h +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +0 -59
  206. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +10 -5
  207. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.h +1 -1
  208. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +13 -0
  209. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h +2 -0
  210. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +5 -9
  211. data/src/core/lib/security/security_connector/ssl_utils.cc +11 -25
  212. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +12 -0
  213. data/src/core/lib/security/transport/secure_endpoint.cc +4 -2
  214. data/src/core/lib/security/transport/server_auth_filter.cc +20 -2
  215. data/src/core/lib/slice/slice.cc +1 -1
  216. data/src/core/lib/surface/builtins.cc +2 -0
  217. data/src/core/lib/surface/call.cc +926 -1024
  218. data/src/core/lib/surface/call.h +10 -0
  219. data/src/core/lib/surface/lame_client.cc +1 -0
  220. data/src/core/lib/surface/validate_metadata.cc +43 -42
  221. data/src/core/lib/surface/validate_metadata.h +9 -0
  222. data/src/core/lib/surface/version.cc +2 -2
  223. data/src/core/lib/transport/batch_builder.cc +179 -0
  224. data/src/core/lib/transport/batch_builder.h +468 -0
  225. data/src/core/lib/transport/bdp_estimator.cc +7 -7
  226. data/src/core/lib/transport/bdp_estimator.h +10 -6
  227. data/src/core/lib/transport/custom_metadata.h +30 -0
  228. data/src/core/lib/transport/metadata_batch.cc +9 -6
  229. data/src/core/lib/transport/metadata_batch.h +168 -18
  230. data/src/core/lib/transport/parsed_metadata.h +19 -9
  231. data/src/core/lib/transport/timeout_encoding.cc +6 -1
  232. data/src/core/lib/transport/transport.cc +30 -2
  233. data/src/core/lib/transport/transport.h +70 -14
  234. data/src/core/lib/transport/transport_impl.h +7 -0
  235. data/src/core/lib/transport/transport_op_string.cc +52 -42
  236. data/src/core/plugin_registry/grpc_plugin_registry.cc +2 -2
  237. data/src/core/tsi/alts/frame_protector/alts_frame_protector.cc +1 -0
  238. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +21 -4
  239. data/src/core/tsi/alts/handshaker/alts_handshaker_client.h +5 -0
  240. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +1 -1
  241. data/src/core/tsi/ssl_transport_security.cc +4 -2
  242. data/src/ruby/lib/grpc/version.rb +1 -1
  243. data/third_party/abseil-cpp/absl/base/config.h +1 -1
  244. data/third_party/abseil-cpp/absl/flags/commandlineflag.cc +34 -0
  245. data/third_party/abseil-cpp/absl/flags/commandlineflag.h +200 -0
  246. data/third_party/abseil-cpp/absl/flags/config.h +68 -0
  247. data/third_party/abseil-cpp/absl/flags/declare.h +73 -0
  248. data/third_party/abseil-cpp/absl/flags/flag.cc +38 -0
  249. data/third_party/abseil-cpp/absl/flags/flag.h +310 -0
  250. data/{src/core/lib/gprpp/global_config_custom.h → third_party/abseil-cpp/absl/flags/internal/commandlineflag.cc} +11 -14
  251. data/third_party/abseil-cpp/absl/flags/internal/commandlineflag.h +68 -0
  252. data/third_party/abseil-cpp/absl/flags/internal/flag.cc +615 -0
  253. data/third_party/abseil-cpp/absl/flags/internal/flag.h +800 -0
  254. data/third_party/abseil-cpp/absl/flags/internal/flag_msvc.inc +116 -0
  255. data/third_party/abseil-cpp/absl/flags/internal/path_util.h +62 -0
  256. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.cc +65 -0
  257. data/third_party/abseil-cpp/absl/flags/internal/private_handle_accessor.h +61 -0
  258. data/third_party/abseil-cpp/absl/flags/internal/program_name.cc +60 -0
  259. data/third_party/abseil-cpp/absl/flags/internal/program_name.h +50 -0
  260. data/third_party/abseil-cpp/absl/flags/internal/registry.h +97 -0
  261. data/third_party/abseil-cpp/absl/flags/internal/sequence_lock.h +187 -0
  262. data/third_party/abseil-cpp/absl/flags/marshalling.cc +241 -0
  263. data/third_party/abseil-cpp/absl/flags/marshalling.h +356 -0
  264. data/third_party/abseil-cpp/absl/flags/reflection.cc +354 -0
  265. data/third_party/abseil-cpp/absl/flags/reflection.h +90 -0
  266. data/third_party/abseil-cpp/absl/flags/usage_config.cc +165 -0
  267. data/third_party/abseil-cpp/absl/flags/usage_config.h +135 -0
  268. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +12 -8
  269. data/third_party/boringssl-with-bazel/err_data.c +728 -712
  270. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +177 -177
  271. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bool.c +28 -55
  272. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_d2i_fp.c +21 -23
  273. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_dup.c +20 -23
  274. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_gentm.c +66 -185
  275. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_i2d_fp.c +18 -21
  276. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +356 -311
  277. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +174 -194
  278. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +146 -210
  279. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_octet.c +6 -9
  280. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strex.c +346 -526
  281. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +110 -131
  282. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +130 -116
  283. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +93 -60
  284. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utctm.c +93 -181
  285. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +242 -305
  286. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_par.c +41 -18
  287. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +30 -33
  288. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +36 -33
  289. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +29 -26
  290. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +133 -88
  291. data/third_party/boringssl-with-bazel/src/crypto/asn1/posix_time.c +230 -0
  292. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +791 -791
  293. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +526 -526
  294. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_fre.c +114 -135
  295. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_new.c +201 -207
  296. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_typ.c +21 -26
  297. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_utl.c +55 -68
  298. data/third_party/boringssl-with-bazel/src/crypto/base64/base64.c +2 -4
  299. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +11 -7
  300. data/third_party/boringssl-with-bazel/src/crypto/bio/bio_mem.c +4 -4
  301. data/third_party/boringssl-with-bazel/src/crypto/bio/connect.c +15 -9
  302. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +4 -4
  303. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +17 -10
  304. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +1 -3
  305. data/third_party/boringssl-with-bazel/src/crypto/bio/printf.c +0 -13
  306. data/third_party/boringssl-with-bazel/src/crypto/bio/socket.c +3 -6
  307. data/third_party/boringssl-with-bazel/src/crypto/bio/socket_helper.c +2 -0
  308. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +9 -5
  309. data/third_party/boringssl-with-bazel/src/crypto/bn_extra/convert.c +10 -23
  310. data/third_party/boringssl-with-bazel/src/crypto/buf/buf.c +2 -6
  311. data/third_party/boringssl-with-bazel/src/crypto/bytestring/asn1_compat.c +2 -1
  312. data/third_party/boringssl-with-bazel/src/crypto/bytestring/ber.c +29 -28
  313. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbb.c +161 -201
  314. data/third_party/boringssl-with-bazel/src/crypto/bytestring/cbs.c +254 -39
  315. data/third_party/boringssl-with-bazel/src/crypto/bytestring/internal.h +2 -2
  316. data/third_party/boringssl-with-bazel/src/crypto/chacha/chacha.c +0 -2
  317. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/derive_key.c +4 -4
  318. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesctrhmac.c +9 -8
  319. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_aesgcmsiv.c +37 -75
  320. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_chacha20poly1305.c +8 -10
  321. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/cipher → cipher_extra}/e_des.c +100 -78
  322. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_null.c +1 -0
  323. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc2.c +1 -0
  324. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_rc4.c +2 -0
  325. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +6 -12
  326. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +14 -11
  327. data/third_party/boringssl-with-bazel/src/crypto/conf/conf.c +6 -10
  328. data/third_party/boringssl-with-bazel/src/crypto/conf/conf_def.h +0 -1
  329. data/third_party/boringssl-with-bazel/src/crypto/conf/internal.h +12 -0
  330. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_apple.c +74 -0
  331. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_freebsd.c +62 -0
  332. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-fuchsia.c → cpu_aarch64_fuchsia.c} +8 -7
  333. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-linux.c → cpu_aarch64_linux.c} +6 -4
  334. data/third_party/boringssl-with-bazel/src/crypto/{cpu-aarch64-win.c → cpu_aarch64_win.c} +4 -4
  335. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm.c → cpu_arm.c} +1 -1
  336. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_freebsd.c +55 -0
  337. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.c → cpu_arm_linux.c} +11 -90
  338. data/third_party/boringssl-with-bazel/src/crypto/{cpu-arm-linux.h → cpu_arm_linux.h} +0 -38
  339. data/third_party/boringssl-with-bazel/src/crypto/{cpu-intel.c → cpu_intel.c} +1 -2
  340. data/third_party/boringssl-with-bazel/src/crypto/crypto.c +25 -20
  341. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +16 -27
  342. data/third_party/boringssl-with-bazel/src/crypto/curve25519/spake25519.c +17 -32
  343. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/des.c +232 -232
  344. data/third_party/boringssl-with-bazel/src/crypto/{fipsmodule/des → des}/internal.h +1 -1
  345. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/dh_asn1.c +1 -0
  346. data/third_party/boringssl-with-bazel/src/crypto/dh_extra/params.c +232 -29
  347. data/third_party/boringssl-with-bazel/src/crypto/digest_extra/digest_extra.c +0 -3
  348. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +39 -16
  349. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa_asn1.c +37 -7
  350. data/third_party/boringssl-with-bazel/src/crypto/dsa/internal.h +3 -3
  351. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/ec_asn1.c +11 -36
  352. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +214 -99
  353. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +21 -5
  354. data/third_party/boringssl-with-bazel/src/crypto/ecdsa_extra/ecdsa_asn1.c +2 -4
  355. data/third_party/boringssl-with-bazel/src/crypto/err/err.c +83 -60
  356. data/third_party/boringssl-with-bazel/src/crypto/evp/evp.c +46 -12
  357. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +3 -3
  358. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_ctx.c +25 -23
  359. data/third_party/boringssl-with-bazel/src/crypto/evp/internal.h +43 -9
  360. data/third_party/boringssl-with-bazel/src/crypto/evp/p_dsa_asn1.c +75 -44
  361. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec.c +19 -25
  362. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ec_asn1.c +96 -45
  363. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519.c +7 -8
  364. data/third_party/boringssl-with-bazel/src/crypto/evp/p_ed25519_asn1.c +26 -23
  365. data/third_party/boringssl-with-bazel/src/crypto/evp/p_hkdf.c +233 -0
  366. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +5 -5
  367. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa_asn1.c +42 -25
  368. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519.c +4 -5
  369. data/third_party/boringssl-with-bazel/src/crypto/evp/p_x25519_asn1.c +35 -47
  370. data/third_party/boringssl-with-bazel/src/crypto/evp/print.c +135 -244
  371. data/third_party/boringssl-with-bazel/src/crypto/evp/scrypt.c +2 -4
  372. data/third_party/boringssl-with-bazel/src/crypto/evp/sign.c +15 -10
  373. data/third_party/boringssl-with-bazel/src/crypto/ex_data.c +29 -15
  374. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes.c +0 -2
  375. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/aes_nohw.c +13 -14
  376. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/internal.h +3 -13
  377. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/key_wrap.c +13 -7
  378. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +9 -7
  379. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +35 -27
  380. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bn.c +16 -26
  381. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/bytes.c +88 -60
  382. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/cmp.c +4 -3
  383. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/ctx.c +0 -2
  384. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div.c +1 -1
  385. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/div_extra.c +1 -1
  386. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/exponentiation.c +99 -113
  387. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd.c +0 -1
  388. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/gcd_extra.c +5 -3
  389. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/generic.c +112 -168
  390. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +86 -31
  391. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery.c +11 -6
  392. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/montgomery_inv.c +4 -5
  393. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/mul.c +4 -5
  394. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/prime.c +13 -0
  395. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/random.c +13 -5
  396. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.c +19 -108
  397. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/rsaz_exp.h +19 -15
  398. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/shift.c +15 -16
  399. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/sqrt.c +22 -21
  400. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/aead.c +3 -0
  401. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +79 -19
  402. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/e_aes.c +102 -99
  403. data/third_party/boringssl-with-bazel/src/crypto/{cipher_extra → fipsmodule/cipher}/e_aesccm.c +52 -46
  404. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/internal.h +39 -0
  405. data/third_party/boringssl-with-bazel/src/crypto/{cmac → fipsmodule/cmac}/cmac.c +55 -11
  406. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/check.c +2 -3
  407. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +21 -6
  408. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/internal.h +56 -0
  409. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/digest/digest.c +5 -3
  410. data/third_party/boringssl-with-bazel/src/crypto/{evp → fipsmodule/digestsign}/digestsign.c +51 -15
  411. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +25 -25
  412. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +91 -17
  413. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +5 -5
  414. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +34 -12
  415. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +54 -23
  416. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +44 -60
  417. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64-table.h → p256-nistz-table.h} +1 -1
  418. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.c → p256-nistz.c} +60 -53
  419. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/{p256-x86_64.h → p256-nistz.h} +5 -13
  420. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +48 -36
  421. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/scalar.c +2 -8
  422. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +2 -7
  423. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -3
  424. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +0 -1
  425. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +8 -0
  426. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +42 -14
  427. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/internal.h +6 -0
  428. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/hmac/hmac.c +52 -24
  429. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +9 -15
  430. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cfb.c +1 -4
  431. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +2 -4
  432. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +71 -43
  433. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +14 -16
  434. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -4
  435. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/ctrdrbg.c +31 -13
  436. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.c +16 -8
  437. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/fork_detect.h +3 -2
  438. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/getrandom_fillin.h +2 -2
  439. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/internal.h +9 -38
  440. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +73 -59
  441. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -45
  442. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/blinding.c +0 -1
  443. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +22 -0
  444. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +63 -52
  445. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +107 -62
  446. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +58 -31
  447. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/fips.c +41 -0
  448. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +523 -422
  449. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/internal.h +89 -0
  450. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/service_indicator/service_indicator.c +334 -0
  451. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/internal.h +3 -12
  452. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1.c +2 -0
  453. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha256.c +12 -8
  454. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha512.c +14 -12
  455. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +19 -6
  456. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +32 -14
  457. data/third_party/boringssl-with-bazel/src/crypto/hrss/hrss.c +65 -29
  458. data/third_party/boringssl-with-bazel/src/crypto/internal.h +373 -18
  459. data/third_party/boringssl-with-bazel/src/crypto/kyber/internal.h +61 -0
  460. data/third_party/boringssl-with-bazel/src/crypto/kyber/keccak.c +205 -0
  461. data/third_party/boringssl-with-bazel/src/crypto/lhash/internal.h +13 -1
  462. data/third_party/boringssl-with-bazel/src/crypto/mem.c +220 -13
  463. data/third_party/boringssl-with-bazel/src/crypto/obj/obj.c +19 -7
  464. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +13 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_all.c +81 -90
  466. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_info.c +150 -245
  467. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +629 -613
  468. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_oth.c +17 -17
  469. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pk8.c +142 -149
  470. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_pkey.c +99 -131
  471. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_x509.c +0 -1
  472. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_xaux.c +0 -1
  473. data/third_party/boringssl-with-bazel/src/crypto/pkcs7/pkcs7_x509.c +0 -1
  474. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8.c +0 -3
  475. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -66
  476. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305.c +31 -38
  477. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_arm.c +2 -1
  478. data/third_party/boringssl-with-bazel/src/crypto/poly1305/poly1305_vec.c +18 -31
  479. data/third_party/boringssl-with-bazel/src/crypto/pool/internal.h +1 -0
  480. data/third_party/boringssl-with-bazel/src/crypto/pool/pool.c +8 -1
  481. data/third_party/boringssl-with-bazel/src/crypto/rand_extra/passive.c +129 -5
  482. data/third_party/boringssl-with-bazel/src/crypto/refcount_c11.c +0 -2
  483. data/third_party/boringssl-with-bazel/src/crypto/refcount_lock.c +3 -4
  484. data/third_party/boringssl-with-bazel/src/crypto/siphash/siphash.c +8 -11
  485. data/third_party/boringssl-with-bazel/src/crypto/stack/stack.c +61 -27
  486. data/third_party/boringssl-with-bazel/src/crypto/thread_pthread.c +10 -13
  487. data/third_party/boringssl-with-bazel/src/crypto/thread_win.c +10 -13
  488. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +66 -34
  489. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +190 -77
  490. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +81 -284
  491. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +109 -42
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/a_digest.c +22 -24
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +54 -55
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/a_verify.c +32 -34
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +32 -16
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +465 -704
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/by_dir.c +284 -331
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/by_file.c +183 -178
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/i2d_pr.c +11 -15
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/internal.h +67 -50
  501. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +153 -150
  502. data/third_party/boringssl-with-bazel/src/crypto/x509/policy.c +786 -0
  503. data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c +95 -102
  504. data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c +72 -57
  505. data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c +12 -10
  506. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +227 -252
  507. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509a.c +52 -47
  508. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +3 -4
  509. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +230 -224
  510. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +161 -327
  511. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_d2.c +37 -33
  512. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_def.c +14 -31
  513. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_ext.c +55 -85
  514. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_lu.c +534 -618
  515. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_obj.c +129 -122
  516. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +116 -182
  517. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +132 -132
  518. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +181 -202
  519. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_txt.c +64 -79
  520. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_v3.c +175 -160
  521. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +1865 -2050
  522. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vpm.c +433 -462
  523. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +156 -163
  524. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +267 -263
  525. data/third_party/boringssl-with-bazel/src/crypto/x509/x509rset.c +40 -15
  526. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +59 -63
  527. data/third_party/boringssl-with-bazel/src/crypto/x509/x_algor.c +63 -67
  528. data/third_party/boringssl-with-bazel/src/crypto/x509/x_all.c +114 -144
  529. data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +25 -26
  530. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +326 -415
  531. data/third_party/boringssl-with-bazel/src/crypto/x509/x_exten.c +8 -7
  532. data/third_party/boringssl-with-bazel/src/crypto/x509/x_info.c +30 -28
  533. data/third_party/boringssl-with-bazel/src/crypto/x509/x_name.c +354 -370
  534. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pkey.c +37 -32
  535. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +116 -119
  536. data/third_party/boringssl-with-bazel/src/crypto/x509/x_req.c +36 -26
  537. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +3 -4
  538. data/third_party/boringssl-with-bazel/src/crypto/x509/x_spki.c +10 -13
  539. data/third_party/boringssl-with-bazel/src/crypto/x509/x_val.c +3 -4
  540. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +419 -261
  541. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +113 -105
  542. data/third_party/boringssl-with-bazel/src/crypto/x509v3/ext_dat.h +11 -15
  543. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +78 -170
  544. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akey.c +126 -131
  545. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_akeya.c +3 -4
  546. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_alt.c +465 -469
  547. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bcons.c +56 -54
  548. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_bitst.c +46 -49
  549. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +309 -346
  550. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +341 -365
  551. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_crld.c +429 -393
  552. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_enum.c +29 -24
  553. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_extku.c +65 -59
  554. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_genn.c +125 -121
  555. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ia5.c +43 -42
  556. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +122 -125
  557. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_int.c +50 -20
  558. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +247 -253
  559. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ncons.c +386 -389
  560. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_ocsp.c +45 -32
  561. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcons.c +57 -54
  562. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pmaps.c +63 -67
  563. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +143 -136
  564. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +664 -707
  565. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +83 -75
  566. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1062 -1146
  567. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +8 -4
  568. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +28 -48
  569. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +211 -187
  570. data/third_party/boringssl-with-bazel/src/include/openssl/asn1t.h +26 -78
  571. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +19 -14
  572. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +21 -2
  573. data/third_party/boringssl-with-bazel/src/include/openssl/bn.h +49 -17
  574. data/third_party/boringssl-with-bazel/src/include/openssl/bytestring.h +99 -29
  575. data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +49 -60
  576. data/third_party/boringssl-with-bazel/src/include/openssl/conf.h +2 -15
  577. data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +16 -200
  578. data/third_party/boringssl-with-bazel/src/include/openssl/crypto.h +34 -0
  579. data/third_party/boringssl-with-bazel/src/include/openssl/ctrdrbg.h +82 -0
  580. data/third_party/boringssl-with-bazel/src/include/openssl/dh.h +32 -30
  581. data/third_party/boringssl-with-bazel/src/include/openssl/digest.h +7 -0
  582. data/third_party/boringssl-with-bazel/src/include/openssl/dsa.h +4 -0
  583. data/third_party/boringssl-with-bazel/src/include/openssl/ec.h +48 -5
  584. data/third_party/boringssl-with-bazel/src/include/openssl/ec_key.h +37 -8
  585. data/third_party/boringssl-with-bazel/src/include/openssl/ecdsa.h +1 -0
  586. data/third_party/boringssl-with-bazel/src/include/openssl/err.h +33 -5
  587. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +22 -30
  588. data/third_party/boringssl-with-bazel/src/include/openssl/ex_data.h +1 -1
  589. data/third_party/boringssl-with-bazel/src/include/openssl/hmac.h +7 -0
  590. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +41 -16
  591. data/third_party/boringssl-with-bazel/src/include/openssl/kdf.h +91 -0
  592. data/third_party/boringssl-with-bazel/src/include/openssl/mem.h +74 -8
  593. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +13 -0
  594. data/third_party/boringssl-with-bazel/src/include/openssl/opensslconf.h +1 -0
  595. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +11 -15
  596. data/third_party/boringssl-with-bazel/src/include/openssl/pkcs8.h +8 -0
  597. data/third_party/boringssl-with-bazel/src/include/openssl/rand.h +12 -1
  598. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +7 -4
  599. data/third_party/boringssl-with-bazel/src/include/openssl/service_indicator.h +96 -0
  600. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +13 -21
  601. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +139 -75
  602. data/third_party/boringssl-with-bazel/src/include/openssl/ssl3.h +1 -6
  603. data/third_party/boringssl-with-bazel/src/include/openssl/stack.h +384 -286
  604. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +5 -6
  605. data/third_party/boringssl-with-bazel/src/include/openssl/time.h +41 -0
  606. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +18 -7
  607. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +49 -23
  608. data/third_party/boringssl-with-bazel/src/include/openssl/type_check.h +0 -11
  609. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +1592 -1074
  610. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +202 -205
  611. data/third_party/boringssl-with-bazel/src/ssl/bio_ssl.cc +2 -2
  612. data/third_party/boringssl-with-bazel/src/ssl/d1_both.cc +6 -13
  613. data/third_party/boringssl-with-bazel/src/ssl/d1_pkt.cc +17 -18
  614. data/third_party/boringssl-with-bazel/src/ssl/dtls_method.cc +4 -5
  615. data/third_party/boringssl-with-bazel/src/ssl/dtls_record.cc +25 -33
  616. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +34 -20
  617. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +65 -34
  618. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +198 -54
  619. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +5 -5
  620. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +32 -28
  621. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +76 -44
  622. data/third_party/boringssl-with-bazel/src/ssl/internal.h +130 -98
  623. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +27 -11
  624. data/third_party/boringssl-with-bazel/src/ssl/s3_lib.cc +2 -2
  625. data/third_party/boringssl-with-bazel/src/ssl/s3_pkt.cc +91 -75
  626. data/third_party/boringssl-with-bazel/src/ssl/ssl_aead_ctx.cc +8 -10
  627. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +39 -65
  628. data/third_party/boringssl-with-bazel/src/ssl/ssl_buffer.cc +1 -0
  629. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +5 -9
  630. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +30 -33
  631. data/third_party/boringssl-with-bazel/src/ssl/ssl_file.cc +77 -100
  632. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +120 -107
  633. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +164 -30
  634. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +150 -60
  635. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +22 -11
  636. data/third_party/boringssl-with-bazel/src/ssl/ssl_x509.cc +22 -6
  637. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +15 -13
  638. data/third_party/boringssl-with-bazel/src/ssl/tls13_both.cc +5 -43
  639. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +7 -4
  640. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +2 -2
  641. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +22 -34
  642. data/third_party/boringssl-with-bazel/src/ssl/tls_method.cc +2 -2
  643. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +16 -98
  644. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_32.h +1241 -657
  645. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64.h +751 -398
  646. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_32.h +3551 -1938
  647. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64.h +1272 -487
  648. metadata +105 -70
  649. data/src/core/ext/filters/client_channel/lb_call_state_internal.h +0 -39
  650. data/src/core/ext/filters/client_channel/resolver/dns/dns_resolver_selection.cc +0 -30
  651. data/src/core/lib/gprpp/global_config.h +0 -93
  652. data/src/core/lib/gprpp/global_config_env.cc +0 -140
  653. data/src/core/lib/gprpp/global_config_env.h +0 -133
  654. data/src/core/lib/gprpp/global_config_generic.h +0 -40
  655. data/src/core/lib/promise/intra_activity_waiter.h +0 -55
  656. data/src/core/lib/security/security_connector/ssl_utils_config.cc +0 -32
  657. data/src/core/lib/security/security_connector/ssl_utils_config.h +0 -29
  658. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +0 -195
  659. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_print.c +0 -83
  660. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_utf8.c +0 -236
  661. data/third_party/boringssl-with-bazel/src/crypto/asn1/charmap.h +0 -15
  662. data/third_party/boringssl-with-bazel/src/crypto/asn1/time_support.c +0 -206
  663. data/third_party/boringssl-with-bazel/src/crypto/cpu-ppc64le.c +0 -38
  664. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/sha/sha1-altivec.c +0 -361
  665. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_cache.c +0 -287
  666. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_data.c +0 -132
  667. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_lib.c +0 -155
  668. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_map.c +0 -131
  669. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_node.c +0 -189
  670. data/third_party/boringssl-with-bazel/src/crypto/x509v3/pcy_tree.c +0 -843
  671. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pci.c +0 -289
  672. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_pcia.c +0 -57
  673. /data/src/core/lib/gpr/{log_android.cc → android/log.cc} +0 -0
  674. /data/src/core/lib/gpr/{cpu_iphone.cc → iphone/cpu.cc} +0 -0
  675. /data/src/core/lib/gpr/{cpu_linux.cc → linux/cpu.cc} +0 -0
  676. /data/src/core/lib/gpr/{log_linux.cc → linux/log.cc} +0 -0
  677. /data/src/core/lib/gpr/{tmpfile_msys.cc → msys/tmpfile.cc} +0 -0
  678. /data/src/core/lib/gpr/{cpu_posix.cc → posix/cpu.cc} +0 -0
  679. /data/src/core/lib/gpr/{log_posix.cc → posix/log.cc} +0 -0
  680. /data/src/core/lib/gpr/{string_posix.cc → posix/string.cc} +0 -0
  681. /data/src/core/lib/gpr/{sync_posix.cc → posix/sync.cc} +0 -0
  682. /data/src/core/lib/gpr/{time_posix.cc → posix/time.cc} +0 -0
  683. /data/src/core/lib/gpr/{tmpfile_posix.cc → posix/tmpfile.cc} +0 -0
  684. /data/src/core/lib/gpr/{cpu_windows.cc → windows/cpu.cc} +0 -0
  685. /data/src/core/lib/gpr/{log_windows.cc → windows/log.cc} +0 -0
  686. /data/src/core/lib/gpr/{string_windows.cc → windows/string.cc} +0 -0
  687. /data/src/core/lib/gpr/{string_util_windows.cc → windows/string_util.cc} +0 -0
  688. /data/src/core/lib/gpr/{sync_windows.cc → windows/sync.cc} +0 -0
  689. /data/src/core/lib/gpr/{time_windows.cc → windows/time.cc} +0 -0
  690. /data/src/core/lib/gpr/{tmpfile_windows.cc → windows/tmpfile.cc} +0 -0
  691. /data/src/core/lib/gprpp/{env_linux.cc → linux/env.cc} +0 -0
  692. /data/src/core/lib/gprpp/{env_posix.cc → posix/env.cc} +0 -0
  693. /data/src/core/lib/gprpp/{stat_posix.cc → posix/stat.cc} +0 -0
  694. /data/src/core/lib/gprpp/{env_windows.cc → windows/env.cc} +0 -0
  695. /data/src/core/lib/gprpp/{stat_windows.cc → windows/stat.cc} +0 -0
data/third_party/boringssl-with-bazel/src/crypto/x509/rsa_pss.c CHANGED
@@ -9,7 +9,7 @@
9
9
  * are met:
10
10
  *
11
11
  * 1. Redistributions of source code must retain the above copyright
12
- * notice, this list of conditions and the following disclaimer.
12
+ * notice, this list of conditions and the following disclaimer.
13
13
  *
14
14
  * 2. Redistributions in binary form must reproduce the above copyright
15
15
  * notice, this list of conditions and the following disclaimer in
@@ -56,12 +56,13 @@
56
56
  #include <openssl/x509.h>
57
57
 
58
58
  #include <assert.h>
59
+ #include <limits.h>
59
60
 
60
61
  #include <openssl/asn1.h>
61
62
  #include <openssl/asn1t.h>
62
63
  #include <openssl/bio.h>
63
- #include <openssl/evp.h>
64
64
  #include <openssl/err.h>
65
+ #include <openssl/evp.h>
65
66
  #include <openssl/obj.h>
66
67
 
67
68
  #include "internal.h"
@@ -77,19 +78,19 @@ static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
77
78
  }
78
79
 
79
80
  ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
80
- ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
81
- ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
82
- ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
83
- ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3),
81
+ ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR, 0),
82
+ ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR, 1),
83
+ ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER, 2),
84
+ ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER, 3),
84
85
  } ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
85
86
 
86
- IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
87
+ IMPLEMENT_ASN1_FUNCTIONS_const(RSA_PSS_PARAMS)
87
88
 
88
89
 
89
- /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
90
- static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) {
91
- if (alg == NULL || alg->parameter == NULL ||
92
- OBJ_obj2nid(alg->algorithm) != NID_mgf1 ||
90
+ // Given an MGF1 Algorithm ID decode to an Algorithm Identifier
91
+ static X509_ALGOR *rsa_mgf1_decode(const X509_ALGOR *alg) {
92
+ if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 ||
93
+ alg->parameter == NULL ||
93
94
  alg->parameter->type != V_ASN1_SEQUENCE) {
94
95
  return NULL;
95
96
  }
@@ -99,30 +100,27 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) {
99
100
  return d2i_X509_ALGOR(NULL, &p, plen);
100
101
  }
101
102
 
102
- static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
103
- X509_ALGOR **pmaskHash) {
104
- *pmaskHash = NULL;
105
-
103
+ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg) {
106
104
  if (alg->parameter == NULL || alg->parameter->type != V_ASN1_SEQUENCE) {
107
105
  return NULL;
108
106
  }
109
107
 
110
108
  const uint8_t *p = alg->parameter->value.sequence->data;
111
109
  int plen = alg->parameter->value.sequence->length;
112
- RSA_PSS_PARAMS *pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
113
- if (pss == NULL) {
114
- return NULL;
115
- }
110
+ return d2i_RSA_PSS_PARAMS(NULL, &p, plen);
111
+ }
116
112
 
117
- *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
118
- return pss;
113
+ static int is_allowed_pss_md(const EVP_MD *md) {
114
+ int md_type = EVP_MD_type(md);
115
+ return md_type == NID_sha256 || md_type == NID_sha384 ||
116
+ md_type == NID_sha512;
119
117
  }
120
118
 
121
- /* allocate and set algorithm ID from EVP_MD, default SHA1 */
119
+ // rsa_md_to_algor sets |*palg| to an |X509_ALGOR| describing the digest |md|,
120
+ // which must be an allowed PSS digest.
122
121
  static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) {
123
- if (EVP_MD_type(md) == NID_sha1) {
124
- return 1;
125
- }
122
+ // SHA-1 should be omitted (DEFAULT), but we do not allow SHA-1.
123
+ assert(is_allowed_pss_md(md));
126
124
  *palg = X509_ALGOR_new();
127
125
  if (*palg == NULL) {
128
126
  return 0;
@@ -131,16 +129,14 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) {
131
129
  return 1;
132
130
  }
133
131
 
134
- /* Allocate and set MGF1 algorithm ID from EVP_MD */
132
+ // rsa_md_to_mgf1 sets |*palg| to an |X509_ALGOR| describing MGF-1 with the
133
+ // digest |mgf1md|, which must be an allowed PSS digest.
135
134
  static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) {
135
+ // SHA-1 should be omitted (DEFAULT), but we do not allow SHA-1.
136
+ assert(is_allowed_pss_md(mgf1md));
136
137
  X509_ALGOR *algtmp = NULL;
137
138
  ASN1_STRING *stmp = NULL;
138
- *palg = NULL;
139
-
140
- if (EVP_MD_type(mgf1md) == NID_sha1) {
141
- return 1;
142
- }
143
- /* need to embed algorithm ID inside another */
139
+ // need to embed algorithm ID inside another
144
140
  if (!rsa_md_to_algor(&algtmp, mgf1md) ||
145
141
  !ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) {
146
142
  goto err;
@@ -162,38 +158,35 @@ err:
162
158
  return 0;
163
159
  }
164
160
 
165
- /* convert algorithm ID to EVP_MD, default SHA1 */
166
- static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) {
167
- const EVP_MD *md;
161
+ static const EVP_MD *rsa_algor_to_md(const X509_ALGOR *alg) {
168
162
  if (!alg) {
169
- return EVP_sha1();
163
+ // If omitted, PSS defaults to SHA-1, which we do not allow.
164
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
165
+ return NULL;
170
166
  }
171
- md = EVP_get_digestbyobj(alg->algorithm);
172
- if (md == NULL) {
167
+ const EVP_MD *md = EVP_get_digestbyobj(alg->algorithm);
168
+ if (md == NULL || !is_allowed_pss_md(md)) {
173
169
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
170
+ return NULL;
174
171
  }
175
172
  return md;
176
173
  }
177
174
 
178
- /* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
179
- static const EVP_MD *rsa_mgf1_to_md(const X509_ALGOR *alg,
180
- X509_ALGOR *maskHash) {
181
- const EVP_MD *md;
175
+ static const EVP_MD *rsa_mgf1_to_md(const X509_ALGOR *alg) {
182
176
  if (!alg) {
183
- return EVP_sha1();
184
- }
185
- /* Check mask and lookup mask hash algorithm */
186
- if (OBJ_obj2nid(alg->algorithm) != NID_mgf1 ||
187
- maskHash == NULL) {
177
+ // If omitted, PSS defaults to MGF-1 with SHA-1, which we do not allow.
188
178
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
189
179
  return NULL;
190
180
  }
191
- md = EVP_get_digestbyobj(maskHash->algorithm);
192
- if (md == NULL) {
181
+ // Check mask and lookup mask hash algorithm.
182
+ X509_ALGOR *maskHash = rsa_mgf1_decode(alg);
183
+ if (maskHash == NULL) {
193
184
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
194
185
  return NULL;
195
186
  }
196
- return md;
187
+ const EVP_MD *ret = rsa_algor_to_md(maskHash);
188
+ X509_ALGOR_free(maskHash);
189
+ return ret;
197
190
  }
198
191
 
199
192
  int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
@@ -205,18 +198,14 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
205
198
  return 0;
206
199
  }
207
200
 
208
- EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
201
+ if (sigmd != mgf1md || !is_allowed_pss_md(sigmd)) {
202
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
203
+ return 0;
204
+ }
205
+ int md_len = (int)EVP_MD_size(sigmd);
209
206
  if (saltlen == -1) {
210
- saltlen = EVP_MD_size(sigmd);
211
- } else if (saltlen == -2) {
212
- // TODO(davidben): Forbid this mode. The world has largely standardized on
213
- // salt length matching hash length.
214
- saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
215
- if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {
216
- saltlen--;
217
- }
218
- } else if (saltlen != (int)EVP_MD_size(sigmd)) {
219
- // We only allow salt length matching hash length and, for now, the -2 case.
207
+ saltlen = md_len;
208
+ } else if (saltlen != md_len) {
220
209
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
221
210
  return 0;
222
211
  }
@@ -228,12 +217,12 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
228
217
  goto err;
229
218
  }
230
219
 
231
- if (saltlen != 20) {
232
- pss->saltLength = ASN1_INTEGER_new();
233
- if (!pss->saltLength ||
234
- !ASN1_INTEGER_set(pss->saltLength, saltlen)) {
235
- goto err;
236
- }
220
+ // The DEFAULT value is 20, but this does not match any supported digest.
221
+ assert(saltlen != 20);
222
+ pss->saltLength = ASN1_INTEGER_new();
223
+ if (!pss->saltLength || //
224
+ !ASN1_INTEGER_set_int64(pss->saltLength, saltlen)) {
225
+ goto err;
237
226
  }
238
227
 
239
228
  if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||
@@ -241,7 +230,7 @@ int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
241
230
  goto err;
242
231
  }
243
232
 
244
- /* Finally create string with pss parameter encoding. */
233
+ // Finally create string with pss parameter encoding.
245
234
  if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {
246
235
  goto err;
247
236
  }
@@ -260,35 +249,40 @@ int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
260
249
  EVP_PKEY *pkey) {
261
250
  assert(OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss);
262
251
 
263
- /* Decode PSS parameters */
252
+ // Decode PSS parameters
264
253
  int ret = 0;
265
- X509_ALGOR *maskHash;
266
- RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg, &maskHash);
254
+ RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
267
255
  if (pss == NULL) {
268
256
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
269
257
  goto err;
270
258
  }
271
259
 
272
- const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
260
+ const EVP_MD *mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm);
273
261
  const EVP_MD *md = rsa_algor_to_md(pss->hashAlgorithm);
274
262
  if (mgf1md == NULL || md == NULL) {
275
263
  goto err;
276
264
  }
277
265
 
278
- int saltlen = 20;
279
- if (pss->saltLength != NULL) {
280
- saltlen = ASN1_INTEGER_get(pss->saltLength);
266
+ // We require the MGF-1 and signing hashes to match.
267
+ if (mgf1md != md) {
268
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
269
+ goto err;
270
+ }
281
271
 
282
- /* Could perform more salt length sanity checks but the main
283
- * RSA routines will trap other invalid values anyway. */
284
- if (saltlen < 0) {
285
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
286
- goto err;
287
- }
272
+ // We require the salt length be the hash length. The DEFAULT value is 20, but
273
+ // this does not match any supported salt length.
274
+ uint64_t salt_len = 0;
275
+ if (pss->saltLength == NULL ||
276
+ !ASN1_INTEGER_get_uint64(&salt_len, pss->saltLength) ||
277
+ salt_len != EVP_MD_size(md)) {
278
+ OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
279
+ goto err;
288
280
  }
281
+ assert(salt_len <= INT_MAX);
289
282
 
290
- /* low-level routines support only trailer field 0xbc (value 1)
291
- * and PKCS#1 says we should reject any other value anyway. */
283
+ // The trailer field must be 1 (0xbc). This value is DEFAULT, so the structure
284
+ // is required to omit it in DER. Although a syntax error, we also tolerate an
285
+ // explicitly-encoded value. See the certificates in cl/362617931.
292
286
  if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) {
293
287
  OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
294
288
  goto err;
@@ -297,7 +291,7 @@ int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
297
291
  EVP_PKEY_CTX *pctx;
298
292
  if (!EVP_DigestVerifyInit(ctx, &pctx, md, NULL, pkey) ||
299
293
  !EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
300
- !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, saltlen) ||
294
+ !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, (int)salt_len) ||
301
295
  !EVP_PKEY_CTX_set_rsa_mgf1_md(pctx, mgf1md)) {
302
296
  goto err;
303
297
  }
@@ -306,7 +300,6 @@ int x509_rsa_pss_to_ctx(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
306
300
 
307
301
  err:
308
302
  RSA_PSS_PARAMS_free(pss);
309
- X509_ALGOR_free(maskHash);
310
303
  return ret;
311
304
  }
312
305
 
@@ -315,8 +308,8 @@ int x509_print_rsa_pss_params(BIO *bp, const X509_ALGOR *sigalg, int indent,
315
308
  assert(OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss);
316
309
 
317
310
  int rv = 0;
318
- X509_ALGOR *maskHash;
319
- RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg, &maskHash);
311
+ X509_ALGOR *maskHash = NULL;
312
+ RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
320
313
  if (!pss) {
321
314
  if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) {
322
315
  goto err;
@@ -325,8 +318,8 @@ int x509_print_rsa_pss_params(BIO *bp, const X509_ALGOR *sigalg, int indent,
325
318
  goto err;
326
319
  }
327
320
 
328
- if (BIO_puts(bp, "\n") <= 0 ||
329
- !BIO_indent(bp, indent, 128) ||
321
+ if (BIO_puts(bp, "\n") <= 0 || //
322
+ !BIO_indent(bp, indent, 128) || //
330
323
  BIO_puts(bp, "Hash Algorithm: ") <= 0) {
331
324
  goto err;
332
325
  }
@@ -339,31 +332,31 @@ int x509_print_rsa_pss_params(BIO *bp, const X509_ALGOR *sigalg, int indent,
339
332
  goto err;
340
333
  }
341
334
 
342
- if (BIO_puts(bp, "\n") <= 0 ||
343
- !BIO_indent(bp, indent, 128) ||
335
+ if (BIO_puts(bp, "\n") <= 0 || //
336
+ !BIO_indent(bp, indent, 128) || //
344
337
  BIO_puts(bp, "Mask Algorithm: ") <= 0) {
345
338
  goto err;
346
339
  }
347
340
 
348
341
  if (pss->maskGenAlgorithm) {
349
- if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0 ||
350
- BIO_puts(bp, " with ") <= 0) {
351
- goto err;
352
- }
353
-
354
- if (maskHash) {
355
- if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) {
342
+ maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
343
+ if (maskHash == NULL) {
344
+ if (BIO_puts(bp, "INVALID") <= 0) {
345
+ goto err;
346
+ }
347
+ } else {
348
+ if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0 ||
349
+ BIO_puts(bp, " with ") <= 0 ||
350
+ i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) {
356
351
  goto err;
357
352
  }
358
- } else if (BIO_puts(bp, "INVALID") <= 0) {
359
- goto err;
360
353
  }
361
354
  } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
362
355
  goto err;
363
356
  }
364
357
  BIO_puts(bp, "\n");
365
358
 
366
- if (!BIO_indent(bp, indent, 128) ||
359
+ if (!BIO_indent(bp, indent, 128) || //
367
360
  BIO_puts(bp, "Salt Length: 0x") <= 0) {
368
361
  goto err;
369
362
  }
@@ -377,7 +370,7 @@ int x509_print_rsa_pss_params(BIO *bp, const X509_ALGOR *sigalg, int indent,
377
370
  }
378
371
  BIO_puts(bp, "\n");
379
372
 
380
- if (!BIO_indent(bp, indent, 128) ||
373
+ if (!BIO_indent(bp, indent, 128) || //
381
374
  BIO_puts(bp, "Trailer Field: 0x") <= 0) {
382
375
  goto err;
383
376
  }
data/third_party/boringssl-with-bazel/src/crypto/x509/t_crl.c CHANGED
@@ -54,6 +54,8 @@
54
54
  * copied and put under another distribution licence
55
55
  * [including the GNU Public Licence.] */
56
56
 
57
+ #include <assert.h>
58
+
57
59
  #include <openssl/asn1.h>
58
60
  #include <openssl/err.h>
59
61
  #include <openssl/mem.h>
@@ -61,70 +63,83 @@
61
63
  #include <openssl/x509.h>
62
64
  #include <openssl/x509v3.h>
63
65
 
64
- int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
65
- {
66
- BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
67
- if (b == NULL) {
68
- OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);
69
- return 0;
70
- }
71
- int ret = X509_CRL_print(b, x);
72
- BIO_free(b);
73
- return ret;
66
+ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) {
67
+ BIO *b = BIO_new_fp(fp, BIO_NOCLOSE);
68
+ if (b == NULL) {
69
+ OPENSSL_PUT_ERROR(X509, ERR_R_BUF_LIB);
70
+ return 0;
71
+ }
72
+ int ret = X509_CRL_print(b, x);
73
+ BIO_free(b);
74
+ return ret;
74
75
  }
75
76
 
76
- int X509_CRL_print(BIO *out, X509_CRL *x)
77
- {
78
- STACK_OF(X509_REVOKED) *rev;
79
- X509_REVOKED *r;
80
- long l;
81
- size_t i;
82
- char *p;
77
+ int X509_CRL_print(BIO *out, X509_CRL *x) {
78
+ long version = X509_CRL_get_version(x);
79
+ assert(X509_CRL_VERSION_1 <= version && version <= X509_CRL_VERSION_2);
80
+ const X509_ALGOR *sig_alg;
81
+ const ASN1_BIT_STRING *signature;
82
+ X509_CRL_get0_signature(x, &signature, &sig_alg);
83
+ if (BIO_printf(out, "Certificate Revocation List (CRL):\n") <= 0 ||
84
+ BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", version + 1,
85
+ (unsigned long)version) <= 0 ||
86
+ // Note this and the other |X509_signature_print| call both print the
87
+ // outer signature algorithm, rather than printing the inner and outer
88
+ // ones separately. This matches OpenSSL, though it was probably a bug.
89
+ !X509_signature_print(out, sig_alg, NULL)) {
90
+ return 0;
91
+ }
83
92
 
84
- BIO_printf(out, "Certificate Revocation List (CRL):\n");
85
- l = X509_CRL_get_version(x);
86
- BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
87
- const X509_ALGOR *sig_alg;
88
- const ASN1_BIT_STRING *signature;
89
- X509_CRL_get0_signature(x, &signature, &sig_alg);
90
- // Note this and the other |X509_signature_print| call print the outer
91
- // signature algorithm twice, rather than both the inner and outer ones.
92
- // This matches OpenSSL, though it was probably a bug.
93
- X509_signature_print(out, sig_alg, NULL);
94
- p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
95
- BIO_printf(out, "%8sIssuer: %s\n", "", p);
96
- OPENSSL_free(p);
97
- BIO_printf(out, "%8sLast Update: ", "");
98
- ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
99
- BIO_printf(out, "\n%8sNext Update: ", "");
100
- if (X509_CRL_get0_nextUpdate(x))
101
- ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
102
- else
103
- BIO_printf(out, "NONE");
104
- BIO_printf(out, "\n");
93
+ char *issuer = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
94
+ int ok = issuer != NULL && BIO_printf(out, "%8sIssuer: %s\n", "", issuer) > 0;
95
+ OPENSSL_free(issuer);
96
+ if (!ok) {
97
+ return 0;
98
+ }
105
99
 
106
- X509V3_extensions_print(out, "CRL extensions", X509_CRL_get0_extensions(x),
107
- 0, 8);
108
-
109
- rev = X509_CRL_get_REVOKED(x);
100
+ if (BIO_printf(out, "%8sLast Update: ", "") <= 0 ||
101
+ !ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x)) ||
102
+ BIO_printf(out, "\n%8sNext Update: ", "") <= 0) {
103
+ return 0;
104
+ }
105
+ if (X509_CRL_get0_nextUpdate(x)) {
106
+ if (!ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x))) {
107
+ return 0;
108
+ }
109
+ } else {
110
+ if (BIO_printf(out, "NONE") <= 0) {
111
+ return 0;
112
+ }
113
+ }
110
114
 
111
- if (sk_X509_REVOKED_num(rev) > 0)
112
- BIO_printf(out, "Revoked Certificates:\n");
113
- else
114
- BIO_printf(out, "No Revoked Certificates.\n");
115
+ if (BIO_printf(out, "\n") <= 0 ||
116
+ !X509V3_extensions_print(out, "CRL extensions",
117
+ X509_CRL_get0_extensions(x), 0, 8)) {
118
+ return 0;
119
+ }
115
120
 
116
- for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
117
- r = sk_X509_REVOKED_value(rev, i);
118
- BIO_printf(out, " Serial Number: ");
119
- i2a_ASN1_INTEGER(out, r->serialNumber);
120
- BIO_printf(out, "\n Revocation Date: ");
121
- ASN1_TIME_print(out, r->revocationDate);
122
- BIO_printf(out, "\n");
123
- X509V3_extensions_print(out, "CRL entry extensions",
124
- r->extensions, 0, 8);
121
+ const STACK_OF(X509_REVOKED) *rev = X509_CRL_get_REVOKED(x);
122
+ if (sk_X509_REVOKED_num(rev) > 0) {
123
+ if (BIO_printf(out, "Revoked Certificates:\n") <= 0) {
124
+ return 0;
125
+ }
126
+ } else {
127
+ if (BIO_printf(out, "No Revoked Certificates.\n") <= 0) {
128
+ return 0;
125
129
  }
126
- X509_signature_print(out, sig_alg, signature);
130
+ }
127
131
 
128
- return 1;
132
+ for (size_t i = 0; i < sk_X509_REVOKED_num(rev); i++) {
133
+ const X509_REVOKED *r = sk_X509_REVOKED_value(rev, i);
134
+ if (BIO_printf(out, " Serial Number: ") <= 0 ||
135
+ i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r)) <= 0 ||
136
+ BIO_printf(out, "\n Revocation Date: ") <= 0 ||
137
+ !ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r)) ||
138
+ BIO_printf(out, "\n") <= 0 ||
139
+ !X509V3_extensions_print(out, "CRL entry extensions",
140
+ X509_REVOKED_get0_extensions(r), 0, 8)) {
141
+ }
142
+ }
129
143
 
144
+ return X509_signature_print(out, sig_alg, signature);
130
145
  }
data/third_party/boringssl-with-bazel/src/crypto/x509/t_req.c CHANGED
@@ -54,6 +54,7 @@
54
54
  * copied and put under another distribution licence
55
55
  * [including the GNU Public Licence.] */
56
56
 
57
+ #include <assert.h>
57
58
  #include <stdio.h>
58
59
 
59
60
  #include <openssl/bn.h>
@@ -81,7 +82,7 @@ int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags,
81
82
  unsigned long cflag) {
82
83
  long l;
83
84
  EVP_PKEY *pkey;
84
- STACK_OF(X509_ATTRIBUTE) * sk;
85
+ STACK_OF(X509_ATTRIBUTE) *sk;
85
86
  char mlch = ' ';
86
87
 
87
88
  int nmindent = 0;
@@ -104,7 +105,11 @@ int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags,
104
105
  }
105
106
  if (!(cflag & X509_FLAG_NO_VERSION)) {
106
107
  l = X509_REQ_get_version(x);
107
- if (BIO_printf(bio, "%8sVersion: %ld (0x%lx)\n", "", l + 1, l) <= 0) {
108
+ // Only zero, |X509_REQ_VERSION_1|, is valid but our parser accepts some
109
+ // invalid values for compatibility.
110
+ assert(0 <= l && l <= 2);
111
+ if (BIO_printf(bio, "%8sVersion: %ld (0x%lx)\n", "", l + 1,
112
+ (unsigned long)l) <= 0) {
108
113
  goto err;
109
114
  }
110
115
  }
@@ -184,10 +189,8 @@ int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags,
184
189
  goto err;
185
190
  }
186
191
 
187
- if (type == V_ASN1_PRINTABLESTRING ||
188
- type == V_ASN1_UTF8STRING ||
189
- type == V_ASN1_IA5STRING ||
190
- type == V_ASN1_T61STRING) {
192
+ if (type == V_ASN1_PRINTABLESTRING || type == V_ASN1_UTF8STRING ||
193
+ type == V_ASN1_IA5STRING || type == V_ASN1_T61STRING) {
191
194
  if (BIO_write(bio, (char *)bs->data, bs->length) != bs->length) {
192
195
  goto err;
193
196
  }
@@ -205,13 +208,12 @@ int X509_REQ_print_ex(BIO *bio, X509_REQ *x, unsigned long nmflags,
205
208
  if (exts) {
206
209
  BIO_printf(bio, "%8sRequested Extensions:\n", "");
207
210
 
208
- size_t i;
209
- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
210
- X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
211
+ for (size_t i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
212
+ const X509_EXTENSION *ex = sk_X509_EXTENSION_value(exts, i);
211
213
  if (BIO_printf(bio, "%12s", "") <= 0) {
212
214
  goto err;
213
215
  }
214
- ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
216
+ const ASN1_OBJECT *obj = X509_EXTENSION_get_object(ex);
215
217
  i2a_ASN1_OBJECT(bio, obj);
216
218
  const int is_critical = X509_EXTENSION_get_critical(ex);
217
219
  if (BIO_printf(bio, ": %s\n", is_critical ? "critical" : "") <= 0) {